Documents in I.E. History

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Recently I have notice that files from my programs which have nothing to do
with the internet show up in I.E. history when I open them.. It does not
matter whether I.E. is open or whether I am connected to the internet. For
example if I write a letter in Lotus or Microsoft solely for printer output
this file shows up on the I.E. history..
Also when using the internet connected to secure sites I.E. creates a page
with my private account numbers.. I have auto fill and most every thing that
can be turn off, is turn off..
Is this normal? I am beginning to be more concerned with security and find
it odd that my browser can collect non internet files and run the programs to
open these files..
 
Hi terry :-)

You may have a hijacker, malware, spyware or parasites on your system
causing this problem. Thus, in addition to running your updated anti-virus
program, you should do the following to be sure none of these are present on
your system. Although you may have already run one or more of the programs,
please do so again according to the instructions below. Some variants of
malware can replicate themselves over and over if not removed properly.
Please follow all instructions carefully to be sure your system is
thoroughly cleaned:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.
(or Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX)
http://www.majorgeeks.com/download4392.html
Also be sure to use the HijackThis. Please do not post your log to this
newsgroup, but to the HiJackThis Support Forum
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
or the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30
to allow the experts there to evaluate your log and advise you of the
necessary steps to clean your system.

Also this program searches for hidden .dlls that recreate the malware.

About Buster:
http://www.majorgeeks.com/download4289.html


CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

Also, get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
also ....
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)

or ........

Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

Also.........

Courtesy of Jim Byrd -

Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough

and......

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

also...........

Additional information on how to protect your PC:
The Parasite Fight http://www.aumha.org/a/quickfix.htm
More security tips at http://www.aumha.org/a/parasite.htm
Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan :)
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm


"
 
Re: Documents in I.E. history...First thanks Jan, your information gave me a
direction to pursue.. The problem still exists however,but I feel more secure
having seemingly ascertained that my computer is not infested with malware..
My actions were as follows:

Went to http://mvps.org/winhelp2002/unwanted.htm followed the suggestions
and changed my security settings..
Yesterday I downloaded and ran Adware SE, Spybot-search & destroy,
SpySubtract which includeds CWShredder and HiJackThis.. Ran each program 3
times along with my resident program SpyDoctor..
Adware SE, found 4 dialers which I removed ( comment when I originally
obtained SpyDoctor it removed dialers, adware, etc. But as I recall did not
clean anything from the registry the dialers which Adware SE cleaned were in
the registry) Spybot-search & destroy found DSO Exploit, 5 entries, however
despite saying otherwise the program could not repair or delete this threat,
which is a hole in IE..
Today I used my computer normally connected to the internt for approx. 7 to
8hrs. Everything ran slow.. I believe this was a result of changing the
security settings.. I use two programs over the internet which utilize java
applets and I had trouble with the screen freezing and IE not responding and
would have to shut down the program and restart it.. As I have said I hope
this was a result of changing the security settings..
At days end I ran Spybot-search & destroy, again it identified DSO Exploit
nothing else.. I ran Adware SE it found nothing critical and 30 negligible.
The negligible being Norton, SpyDoctor, Windows, Symantec, Paint, Windows
Media Player, essentially all the programs on my computer.. I ran SpySubtract
with CWShredder it found nothing however used its feature to delete tracks
and history and cleared 2.43MB from IE cache, 28 url's from IE history and
123 bytes from windows temp files.. Ran HiJackThis the log seems harmless..
Ran SpyDoctor result no threats, but I know it spent all day rejecting
cookies and adware, thats why the other programs found nothing.. I tried to
download SysClean the main program would download but could not find the
correct pattern file therefore it would not run..
In the end I feel more secure.. But when I log in on a secure site my
account number is still posted to IE history.. And its never consistent today
it showed one of my secure site account numbers, yesterday it was showing my
e-mail address, but not the secure site accnt# . Otherdays it will show
another secure user name I use for another account.. And it still places
Documents which have nothing to do with the internet in Internet Explorer
History...
Would someone type a note in Microsoft Notes save it and tell me if it does
or doesn't ends up in your IE history? If it does not I would appreciate
any further assistance to try and eliminate my secure site names or account
numbers from being posted to the IE history.. Also if I post my HiJack log
to their support forum am I showing the vulnerabilty of my computer??
Thanks again Jan
 
Hi terry :-)

If there's no foul play with scumware, then it sounds as if you have a
corrupted History folder. This can happen. However, do the following steps
and we can see if that helps:

Free History Eraser from
http://smartprotector.com/eraser/free-history-eraser.htm will delete the
History folder and a new one will be created when you restart.

Or the History folder can be deleted manually:
See: How To Delete the Internet Explorer Temporary Internet Files:
http://mvps.org/winhelp2002/delcache.htm

Courtesy of LuckyStrike -

Sometimes things don't work as they should. Re-create a new History Folder;
perhaps it's become corrupt.
http://inetexplorer.mvps.org/answers_8.htm#deltree
http://www.mvps.org/winhelp2002/delcache.htm (XP systems)
Or try installing TweakUI.
http://www.aumha.org/freeware/freeware.php#tweakui

or.......

For XP follow the instructions at Mike Burgess' site as the process and
paths differ from W98:
http://mvps.org/winhelp2002/delcache.htm
To delete the History folder and index.dat (XP)

~~~~~~~~~~~~~
As for the SpyBot DOS Exploits, this is a known bug, and this newer version
of SpyBot has a Fix for that. Download it and use this one. Should if find
any DSO files, go ahead and delete them.
http://www.majorgeeks.com/download4392.html

In regards to this part: "Also if I post my HiJack log
to their support forum am I showing the vulnerability of my computer??"

No.

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan :)
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm




"> Re: Documents in I.E. history...First thanks Jan, your information gave
me a
 
BINGO the history eraser worked no documents or secure site user names
recorded in history... Still records my e-mail address but if anyone utilizes
it its just more spam.. Big Thanks to all who provide their expertise to this
site!!!
 
Hi terry :-)
BINGO the history eraser worked no documents or secure site user names
recorded in history... Still records my e-mail address but if anyone utilizes
it its just more spam.. Big Thanks to all who provide their expertise to this
site!!!
Click to expand...

You're very welcome! Glad to hear you were able to resolve your problem.
Good job!

Thank you for posting back and letting us know what worked for you, and for
the benefit of other readers who might have a similar problem. :-)

Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
 
Back
Top