MS Popups?

  • Thread starter Thread starter John Gregory
  • Start date Start date
J

John Gregory

I'm using the beta Internet Explorer 7 browser and just got a window headed
"Windows Internet Explorer" telling me that if my machine was running slow,
it might be infected with a virus. It offered a free download of
"WinAntiVirus PRO2006". I rejected the offer but when the screen
disappeared, I saw that the applet apparently already set itself up to
download but was caught by either my McAfee AntiVirus software or something
in IE 7 itself.

Q1) Was this a legitimate ad from Microsoft? If it is... I hope it's not
a harbinger of things to come. I don't appreciate being interrupted that
way.
Q2) If it wasn't from MS, is the beta IE7 allowing this to happen? In
other words, is this a weakness that IE6 didn't have? (If so... I'll fall
back to IE6 immediately.)
 
John Gregory said:
I'm using the beta Internet Explorer 7 browser and just got a window
headed "Windows Internet Explorer" telling me that if my machine was
running slow, it might be infected with a virus. It offered a free
download of "WinAntiVirus PRO2006". I rejected the offer but when the
screen disappeared, I saw that the applet apparently already set itself up
to download but was caught by either my McAfee AntiVirus software or
something in IE 7 itself.

Q1) Was this a legitimate ad from Microsoft? If it is... I hope it's
not a harbinger of things to come. I don't appreciate being interrupted
that way.
Q2) If it wasn't from MS, is the beta IE7 allowing this to happen? In
other words, is this a weakness that IE6 didn't have? (If so... I'll fall
back to IE6 immediately.)
Click to expand...

Q1) It is NOT legitimate.
Q2) You probably have a malware infection.

So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971

Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315
 
Q2) You probably have a malware infection.<<

What's the chance of that being the case if Ad-Aware SE and Spybot turn up
negative and McAfee VirusScan finds nothing?
 
Very low.

--
Frank Saunders, MS-MVP OE/WM
"Anyone who prefers security over freedom deserves neither."

John Gregory said:
What's the chance of that being the case if Ad-Aware SE and Spybot turn up
negative and McAfee VirusScan finds nothing?
Click to expand...

Very low.
 
It now appears I wasn't so lucky. When I attempted to scan my machine with
McAfee to determine if there was anything left on my machine other than the
cookie that SpyBot discovered and removed, I got blank screens in both
VirusScan and Security Center. The only remaining program from McAfee is my
firewall which seems to be operating. It's screen contains data ... it isn't
blank.

I went to McAfee to find a solution and found someone with the same problem.
It was related to the use of IE7 beta 2 with McAfee version 9+. There was
little dialog on the subject other than the poster stating that solved his
problem, so... I removed IE 7 beta 2 which left me with the Firefox 1.5.0.4
I had been using a month or so ago.

Unfortunately when I attempted to download IE 6 SP1 (I DO need SP1 with
Windows XP, don't I?), the MS site is looking for a prior copy of Internet
Explorer. I don't know where to go at this point. I wanted to get the McAfee
screen so I could scan my machine before I explored those other links you
gave me and then download IE6 SP1 but I'm caught in a catch 22.

Q1) How do I fall back to IE6 SP1 now that I deleted IE7 beta 2?
Q2) I hope I didn't complicate matters by deleting IE7 etc. Any significant
chance I did? And if so... where to from here?
 
John Gregory said:
It now appears I wasn't so lucky. When I attempted to scan my machine with
McAfee to determine if there was anything left on my machine other than
the
cookie that SpyBot discovered and removed, I got blank screens in both
VirusScan and Security Center. The only remaining program from McAfee is
my
firewall which seems to be operating. It's screen contains data ... it
isn't
blank.

I went to McAfee to find a solution and found someone with the same
problem.
It was related to the use of IE7 beta 2 with McAfee version 9+. There was
little dialog on the subject other than the poster stating that solved his
problem, so... I removed IE 7 beta 2 which left me with the Firefox
1.5.0.4
I had been using a month or so ago.

Unfortunately when I attempted to download IE 6 SP1 (I DO need SP1 with
Windows XP, don't I?), the MS site is looking for a prior copy of Internet
Explorer. I don't know where to go at this point. I wanted to get the
McAfee
screen so I could scan my machine before I explored those other links you
gave me and then download IE6 SP1 but I'm caught in a catch 22.

Q1) How do I fall back to IE6 SP1 now that I deleted IE7 beta 2?
Q2) I hope I didn't complicate matters by deleting IE7 etc. Any
significant
chance I did? And if so... where to from here?
Click to expand...


How did you remove IE7?
If you did it properly you should now have IE6. If you don't, then I would
back up my data, format the hard drive and reinstall everything.
 
Through the Add/Remove routine in Control Panel. It warned of several
programs that may be affected having been installed after IE7 but (1)
Firefox seems to run although I've stayed off this machine most of the day
trying to resolve my issue. I've learned that I should simply default back
to IE6 if I did uninstall properly. I think I did.

The other programs listed as installed after IE7 were (2) AnalogXPOW (no
idea what that is), (3) Security Update for Windows XP (KB913580), (4)
Windows Genuine Advantage Notification (KB905474), (5) Epson Twain, and
(Adobe Reader 7.0.8.

I clicked the Internet Explorer icon after I posted here and was asked if I
wanted to continue to work offline. I assume that's because WindowsXP hadn't
established that connection since I took IE& out. I was taken to an MS site
and I noticed IE6 was in use. I backed out because my antivirus software
apparently is till working well and detected script writing. I assume - when
I get the virus issue resolved - all I need to do is repeat what I did and
let IE 6 update itself. Correct?
 
John Gregory said:
Through the Add/Remove routine in Control Panel. It warned of several
programs that may be affected having been installed after IE7 but (1)
Firefox seems to run although I've stayed off this machine most of the day
trying to resolve my issue. I've learned that I should simply default back
to IE6 if I did uninstall properly. I think I did.

The other programs listed as installed after IE7 were (2) AnalogXPOW (no
idea what that is), (3) Security Update for Windows XP (KB913580), (4)
Windows Genuine Advantage Notification (KB905474), (5) Epson Twain, and
(Adobe Reader 7.0.8.

I clicked the Internet Explorer icon after I posted here and was asked if
I wanted to continue to work offline. I assume that's because WindowsXP
hadn't established that connection since I took IE& out. I was taken to an
MS site and I noticed IE6 was in use. I backed out because my antivirus
software apparently is till working well and detected script writing. I
assume - when I get the virus issue resolved - all I need to do is repeat
what I did and let IE 6 update itself. Correct?
Click to expand...


Yes.
 
I appreciate your helping me with all this, Frank. IE6 did come back as you
said it would but I've got another hurdle; Security. I have a home network
with only me in the house but three machines with different operating
systems linked together through a router and hub (switch). Here's the
message I'm getting:


Windows Update is the online extension of Windows that helps you get the
most out of your computer.

Windows Update uses ActiveX Controls and active scripting to display content
correctly and to determine which updates apply to your computer.
Tell me about active scripting and ActiveX controls

To view and download updates for your computer, Windows Update should be
listed as a Trusted Site in Internet Explorer.

To add Windows Update to the trusted sites zone:

1.. On the Tools menu in Internet Explorer, click Internet Options.
2.. Click the Security tab.
3.. Click the Trusted Sites icon, and then click Sites...
4.. Uncheck the "require server verification" checkbox.
5.. Make sure the following URLs are listed in the Web Sites list box:
a.. http://*.windowsupdate.microsoft.com
b.. http://*.windowsupdate.com
Note: If you need to add a URL to the Web Sites list and the Add button is
disabled, contact your system administrator.

Problem is...I'm the "administrator" and don't know what I should do next.

Can you help please?
 
OOps. I don't know why the Add button would be disabled if you're in the
Administrator group.
 
You've got a smitFraud infection.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
I was just about to prepare that log and select a guru forum. Do you have a
preference PA Bear?

Could you ease my mind a bit. Everything I've read so far has made reference
to this as a nuisance as opposed to a threat to my machine. I'm very nervous
about having sensitive files from this machine - like Quicken files - flow
out and into someone's hands. I just noticed a few minutes ago that my
McAfee software updated... though if I click the icon I get a blank screen.
Today I discovered Outlook 2003 wouldn't connect to my mail server. My
concern her is that mail or messages could be going somewhere undesired.

Is the probability of these fears coming true very high?
 
John said:
I was just about to prepare that log and select a guru forum. Do you have
a preference PA Bear?
Click to expand...

Nah, but some are more swamped with posters like you than others.
Could you ease my mind a bit. Everything I've read so far has made
reference to this as a nuisance as opposed to a threat to my machine. I'm
very nervous about having sensitive files from this machine - like
Quicken files - flow out and into someone's hands. I just noticed a few
minutes ago that my McAfee software updated... though if I click the icon
I get a blank screen. Today I discovered Outlook 2003 wouldn't connect to
my mail server. My concern her is that mail or messages could be going
somewhere undesired.
Is the probability of these fears coming true very high?
Click to expand...

Anything's possible these days. If the only problem is smitFraud (not
bloody well likely), you shouldn't have anything to worry about. If you're
a worry-wart, physically disconnect the infected machine from the internet
and use another machine to download & update your tools (then copy them to
the infected machine via, e.g., CD; some must be installed on the machine)
and to post to forums.
 
Back
Top