Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

Hi

I'm having a problem with IE6.

When I attempt to connect to any website with IE6, at the bottom
it says "attempting to connect to 127.0.0.1", then I get the error:
"The page cannot be displayed"

After doing some google research I think this is possibly the result of
of a partially uninstalled pop-up blocking program (which I wouldn't
know the name of).

There is a registry entry (below) which I think directs all of Internet
Explorer's http requests to a proxy server on the localhost. Although
nothing seems to be listening on 8080, which explains the blank page.

Hijackthis shows the following entry

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
= http=localhost:8080

Which I suspect is the reason why, when I open IE it tries to connect to
127.0.0.1.

If I delete the registry entry above it gets written back the next time I
open IE.

If I delete the entry above and immediately rescan with hijackthis a few new
ones appear:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/red [...] R}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = <local>

Even if I delete the new ones, later when I run IE the original one will get
written back.

So the problem is that I can't seem to get rid of this entry, and it's
driving me crazy.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
= http=localhost:8080

What can I do to prevent this or discover the program that is changing the
registry entries?

Thanks in advance.

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

this is probably because there is a program running that replaces the
registry keys as fast as you delete them. scan some more, use other
programs, you need to find the malware that is writing the registry keys,
they don't just show up on their own.

"Del Reedy" <delreedy@earthlink.net> wrote in message
news:ijgKc.1746$iK.750@newsread2.news.atl.earthlink.net...
> Hi
>
> I'm having a problem with IE6.
>
> When I attempt to connect to any website with IE6, at the bottom
> it says "attempting to connect to 127.0.0.1", then I get the error:
> "The page cannot be displayed"
>
> After doing some google research I think this is possibly the result of
> of a partially uninstalled pop-up blocking program (which I wouldn't
> know the name of).
>
> There is a registry entry (below) which I think directs all of Internet
> Explorer's http requests to a proxy server on the localhost. Although
> nothing seems to be listening on 8080, which explains the blank page.
>
> Hijackthis shows the following entry
>
> HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer
> = http=localhost:8080
>
> Which I suspect is the reason why, when I open IE it tries to connect to
> 127.0.0.1.
>
> If I delete the registry entry above it gets written back the next time I
> open IE.
>
> If I delete the entry above and immediately rescan with hijackthis a few
new
> ones appear:
>
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
>
http://www.microsoft.com/isapi/red [...] R}&ar=home
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = <local>
>
> Even if I delete the new ones, later when I run IE the original one will
get
> written back.
>
> So the problem is that I can't seem to get rid of this entry, and it's
> driving me crazy.
>
> HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer
> = http=localhost:8080
>
> What can I do to prevent this or discover the program that is changing the
> registry entries?
>
> Thanks in advance.
>
>

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

Del Reedy wrote:
> Hi
>
> I'm having a problem with IE6.
>
> When I attempt to connect to any website with IE6, at the bottom
> it says "attempting to connect to 127.0.0.1", then I get the error:
> "The page cannot be displayed"
>
> After doing some google research I think this is possibly the result of
> of a partially uninstalled pop-up blocking program (which I wouldn't
> know the name of).
>
> There is a registry entry (below) which I think directs all of Internet
> Explorer's http requests to a proxy server on the localhost. Although
> nothing seems to be listening on 8080, which explains the blank page.
>
> Hijackthis shows the following entry
>
> HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
> = http=localhost:8080
>
> Which I suspect is the reason why, when I open IE it tries to connect to
> 127.0.0.1.
>
> If I delete the registry entry above it gets written back the next time I
> open IE.
>
> If I delete the entry above and immediately rescan with hijackthis a few new
> ones appear:
>
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.microsoft.com/isapi/red [...] R}&ar=home
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = <local>
>
> Even if I delete the new ones, later when I run IE the original one will get
> written back.
>
> So the problem is that I can't seem to get rid of this entry, and it's
> driving me crazy.
>
> HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
> = http=localhost:8080
>
> What can I do to prevent this or discover the program that is changing the
> registry entries?
>
> Thanks in advance.
>
>
Open IE and go to Tools, Internet Options, Connections, LAN Settings.
Make sure all boxes and checkboxes are cleared.

courtney sends....

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

>
> What can I do to prevent this or discover the program that is changing
> the registry entries?
>

If you suspect it's a program or malware that's doing it, then using
Process Explorer and looking at running processes and what's running inside
a running process may help you pin point the culprit.

http://www.devhood.com/tools/tool_ [...] ool_id=743

http://www.windowsecurity.com/arti [...] rses_and_R
ootkit_Tools_in_a_Windows_Environment.html

Duane

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

"Del Reedy" <delreedy@earthlink.net> wrote in message
news:ijgKc.1746$iK.750@newsread2.news.atl.earthlink.net...
> Hi
>
> I'm having a problem with IE6.
>
> When I attempt to connect to any website with IE6, at the bottom
> it says "attempting to connect to 127.0.0.1", then I get the error:
> "The page cannot be displayed"
>
> After doing some google research I think this is possibly the result of
> of a partially uninstalled pop-up blocking program (which I wouldn't
> know the name of).

Please follow these steps in order to clean your computer of Malware which
can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers.

Step 1:
Download Spybot and Adaware from the following locations and install them.
You should run both programs and clean up what it finds. This is to
gaurantee that you find the most malware you can installed on your computer.

Before running the scans on both programs, it is mandatory that you update
the programs. There are update options in each program when you run them.

Spybot
http://www.safer-networking.org/in [...] e=download

Ad-Aware
http://www.lavasoftusa.com/software/adaware/

If you would like to learn more about how to use these two programs with the
proper settings you can read the tutorials below:

AD-AWARE Tutorial
http://www.bleepingcomputer.com/fo [...] utorial=48

SPYBOT SEARCH AND DESTROY Tutorial
http://www.bleepingcomputer.com/fo [...] utorial=43

When you scan with both programs, fix everything that it finds.

When you are done with the scan and fixing the items. Please continue with
the next step.

Step 2:

It is important that you run Spybot and Adaware before you proceed with this
step. Fixing enties with Hijackthis may leave behind unwanted files on your
computer if the previous step was not done first.

Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
backup/restore features.

Download HijackThis from:

http://www.spywareinfo.com/~merijn [...] ckthis.zip

Save this file into the directory you made previously and then run the
program. Click on the Scan button and when it is finished click on the Save
Log button. A Notepad window will open with the contents of this log. Click
on Edit then click on Select all. Then click on Edit and then Click on
Copy.

Register an account at http://www.bleepingcomputer.com and post this created
log into the Hijackthis Logs forum at that site. To do this, once you are
registered, create a new post, right click in message area and select paste
to paste the log into the post.

An expert will reply to you after reading this post. DO NOT fix any entries
unless you are absolutely sure you know what you are doing as you may cause
more damage to the system

To see a tutorial on using HijackThis you can click on the link below.

http://www.bleepingcomputer.com/fo [...] utorial=42

--
Lawrence Abrams
http://www.bleepingcomputer.com
Source for Original Content, Tutorials, and Support for the beginning
computer user.

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

"Lawrence Abrams" <grinler-AT=bleepingcomputer.com> wrote in
news:udkYyZFbEHA.3476@tk2msftngp13.phx.gbl:

> Download HijackThis from:
>
> http://www.spywareinfo.com/~merijn [...] ckthis.zip

"The requested URL /~merijn/files/hijackthis.zip was not found on
this server."

I did find it at

http://www.majorgeeks.com/download3155.html

however.

Jim

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

I hate to say this, as I make a living designing MS Networks for
businesses and run my own business on MS servers/products, but, after
this being the fifth time I'm going to have to wipe/reinstall my mother-
inlaws computer (WinXP, AV, Firewall, IE 6, Router, etc...) I've decided
to move her (and others like her) to the linux platform.

Since she only does email, browses, quicken, and a couple other things
on her home computer, I don't think there is anything that SUSE 9.1
Personal can't deliver. In looking at CodeWeavers "CrossOver Office"
package, I may even be able to run Office 2000 on her PC along with
Quicken.

I'm sticking with MS for my own company and clients, where I can control
the environment, but if I can swing it, it's going to be Linux (SUSE 9.1
or Fedora 2) for non-technical users.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: alt.computer.security,alt.privacy.spyware,comp.security.firewalls,microsoft.public.security,microsoft.public.windows.inetexplorer.ie6.browser (More info?)

Leythos <void@nowhere.com> wrote in news:MPG.1b63a33769aa951898a7ae@news-
server.columbus.rr.com:

> I hate to say this, as I make a living designing MS Networks for
> businesses and run my own business on MS servers/products, but, after
> this being the fifth time I'm going to have to wipe/reinstall my
mother-
> inlaws computer (WinXP, AV, Firewall, IE 6, Router, etc...) I've
decided
> to move her (and others like her) to the linux platform.
>
> Since she only does email, browses, quicken, and a couple other things
> on her home computer, I don't think there is anything that SUSE 9.1
> Personal can't deliver. In looking at CodeWeavers "CrossOver Office"
> package, I may even be able to run Office 2000 on her PC along with
> Quicken.
>
> I'm sticking with MS for my own company and clients, where I can
control
> the environment, but if I can swing it, it's going to be Linux (SUSE
9.1
> or Fedora 2) for non-technical users.
>

Well, I went even further than that with my Mom as I had given her a
laptop with Win 2K on it using a dial-up connection. All she was doing
was email and nothing else. After having the machine UPS-ed a couple of
times with me eating the bill to disinfect it or wipe it clean or several
long phone conversations with other family members about Mom's computer,
I asked her did she want it back this last time and the answer was *NO*
she had fun with it and it was over. To be honest, I had with the whole
situation. Yes, I understand where you're coming from on this and non-
technical family members and the MS O/S.

Hopefully, MS will get the home environment under control and close the
O/S down on future releases of the MS O/S. I think they should completely
segregate the O/S in the future. One for business and one for home usage
as a solution that can be implemented as a lot of the features on the O/S
are not needed by the home user that are being exploited.

Duane

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b63a33769aa951898a7ae@news-server.columbus.rr.com...
> I hate to say this, as I make a living designing MS Networks for
> businesses and run my own business on MS servers/products, but, after
> this being the fifth time I'm going to have to wipe/reinstall my
mother-
> inlaws computer (WinXP, AV, Firewall, IE 6, Router, etc...) I've
decided
> to move her (and others like her) to the linux platform.
>
> Since she only does email, browses, quicken, and a couple other things
> on her home computer, I don't think there is anything that SUSE 9.1
> Personal can't deliver. In looking at CodeWeavers "CrossOver Office"
> package, I may even be able to run Office 2000 on her PC along with
> Quicken.
>
> I'm sticking with MS for my own company and clients, where I can
control
> the environment, but if I can swing it, it's going to be Linux (SUSE
9.1
> or Fedora 2) for non-technical users.
>

Sorry, but I've got to ask what are your in-laws doing to their computer
that would require it to be wiped five times?

I've been using the same WinXP Pro system for the last three years. I
have installed and uninstalled many an application and utility, blah,
blah, blah and I have never been forced into a corner where I had to
wipe the drive and start over.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Archived from groups: comp.security.firewalls (More info?)

In article <WOoKc.2570$iK.791@newsread2.news.atl.earthlink.net>,
dkelloway@commodon.com says...
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b63a33769aa951898a7ae@news-server.columbus.rr.com...
> > I hate to say this, as I make a living designing MS Networks for
> > businesses and run my own business on MS servers/products, but, after
> > this being the fifth time I'm going to have to wipe/reinstall my
> mother-
> > inlaws computer (WinXP, AV, Firewall, IE 6, Router, etc...) I've
> decided
> > to move her (and others like her) to the linux platform.
> >
> > Since she only does email, browses, quicken, and a couple other things
> > on her home computer, I don't think there is anything that SUSE 9.1
> > Personal can't deliver. In looking at CodeWeavers "CrossOver Office"
> > package, I may even be able to run Office 2000 on her PC along with
> > Quicken.
> >
> > I'm sticking with MS for my own company and clients, where I can
> control
> > the environment, but if I can swing it, it's going to be Linux (SUSE
> 9.1
> > or Fedora 2) for non-technical users.
> >
>
> Sorry, but I've got to ask what are your in-laws doing to their computer
> that would require it to be wiped five times?

As best I can tell, she's not doing anything questionable, at least not
that I can tell. I think she's being pulled in by the 'social
engineering' hacks that are going around.

> I've been using the same WinXP Pro system for the last three years. I
> have installed and uninstalled many an application and utility, blah,
> blah, blah and I have never been forced into a corner where I had to
> wipe the drive and start over.

Yea, me too - I've got tons of XP and 2000 systems that have no problems
at all, but most are under our control or run by technical types. In the
case of home users, or office types with laptops, they seem to find ways
to get "things" that the others don't. While I've never found a virus or
spyware/ad ware that I couldn't hack out of the registry, it's getting a
little old. As I said before, it's not that I can't secure the machine,
it's that they unsecured it and then run click happy. I have 2 120GB
drives in my main workstation, run VS.Net and the newest version too,
have a MSDN Univ. Subscription and use all of it, even my laptop is XP,
and I have no problems - as I said in another post, I manage the
environment and know what I'm doing.

I still push MS solutions, it's my business, and I use them in our
development group, heck I've got LOTS of money invested in servers and
workstation environments that I'm not about to abandon since we're not
having the problem.

It appears that I can use SUSE 9.1 Personal on home users computers,
install a product called CrossOver and still let them run Office XP
Professional and Quicken - I'm going to do a test install this weekend
and see how it goes.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b6444271ef6e85898a7b2@news-server.columbus.rr.com...
> In article <WOoKc.2570$iK.791@newsread2.news.atl.earthlink.net>,
> dkelloway@commodon.com says...
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b63a33769aa951898a7ae@news-server.columbus.rr.com...
> > > I hate to say this, as I make a living designing MS Networks for
> > > businesses and run my own business on MS servers/products, but,
after
> > > this being the fifth time I'm going to have to wipe/reinstall my
> > mother-
> > > inlaws computer (WinXP, AV, Firewall, IE 6, Router, etc...) I've
> > decided
> > > to move her (and others like her) to the linux platform.
> > >
> > > Since she only does email, browses, quicken, and a couple other
things
> > > on her home computer, I don't think there is anything that SUSE
9.1
> > > Personal can't deliver. In looking at CodeWeavers "CrossOver
Office"
> > > package, I may even be able to run Office 2000 on her PC along
with
> > > Quicken.
> > >
> > > I'm sticking with MS for my own company and clients, where I can
> > control
> > > the environment, but if I can swing it, it's going to be Linux
(SUSE
> > 9.1
> > > or Fedora 2) for non-technical users.
> > >
> >
> > Sorry, but I've got to ask what are your in-laws doing to their
computer
> > that would require it to be wiped five times?
>
> As best I can tell, she's not doing anything questionable, at least
not
> that I can tell. I think she's being pulled in by the 'social
> engineering' hacks that are going around.
>
> > I've been using the same WinXP Pro system for the last three years.
I
> > have installed and uninstalled many an application and utility,
blah,
> > blah, blah and I have never been forced into a corner where I had to
> > wipe the drive and start over.
>
> Yea, me too - I've got tons of XP and 2000 systems that have no
problems
> at all, but most are under our control or run by technical types. In
the
> case of home users, or office types with laptops, they seem to find
ways
> to get "things" that the others don't. While I've never found a virus
or
> spyware/ad ware that I couldn't hack out of the registry, it's getting
a
> little old. As I said before, it's not that I can't secure the
machine,
> it's that they unsecured it and then run click happy. I have 2 120GB
> drives in my main workstation, run VS.Net and the newest version too,
> have a MSDN Univ. Subscription and use all of it, even my laptop is
XP,
> and I have no problems - as I said in another post, I manage the
> environment and know what I'm doing.
>
> I still push MS solutions, it's my business, and I use them in our
> development group, heck I've got LOTS of money invested in servers and
> workstation environments that I'm not about to abandon since we're not
> having the problem.
>
> It appears that I can use SUSE 9.1 Personal on home users computers,
> install a product called CrossOver and still let them run Office XP
> Professional and Quicken - I'm going to do a test install this weekend
> and see how it goes.
>
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)

'click happy'

I know what you mean. LOL

This past weekend I was at my dad's fixing his PowerMAC running 9.1.
The weekend before I was over my mom's fixing her Windows 98. The
weekend before that I was at my sister's fixing her Windows 98 system.
I keep telling myself I'm going to disappear for a week and tell
everyone that I've gone on a European trip again.

And having a MSDN subscription is the best, isn't it? I have MSDN
(Operating Systems), one to TechNet and an Action pack and I think
they're the best money spent. Allows you to get your hands on
everything.

BOL in your testing this weekend.
--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Archived from groups: comp.security.firewalls (More info?)

In article <yXyKc.3148$f4.276@newsread3.news.atl.earthlink.net>,
dkelloway@commodon.com says...
> > Snipped from Leythos
> > It appears that I can use SUSE 9.1 Personal on home users computers,
> > install a product called CrossOver and still let them run Office XP
> > Professional and Quicken - I'm going to do a test install this weekend
> > and see how it goes.

I installed SUSE 9.1 Personal on my laptop to test it, a P3/600 with NT
4.0 and DVD/CD, PCMCIA NIC, Video, etc... I was amazed, it installed
NEXT to NT 4 without even a glitch, video, NIC, DVD, etc.. All works. I
even got my IMAP connection to the Exchange server working. Now, I can't
get it to map to Server 2000 or 2003 shares yet, but it seems to work
just fine. The laptop has 3 hard drives (removable), one is NT 4, one is
Windows 2000 Server, one is Windows XP, all for testing...


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)