Today I dicovered a file named Notepad.com in my system folder... Upon analysis I found that it downloads a file from http//download.vladzone.com//pop.exe, writes it to C:\calc.exe and executes it. This program in turn adds the following sites to the secure zone:
xxxtoolbar.com
flingstone.com
i-lookup.com
mt-download.com
vladzone.com
It will display the url http//download.vladzone.com/l.html using the function ShowHTMLDialogEx. The HTML code will attempt to cause installation of software from the above-mentioned sites.
I wonder how I could have received this Notepad.com? I am using Internet Explorer 5.0.

Modified the Url's such they are fake. You really dont want to check out these links ;)
Posted on 2004-06-06 11:04:11 by Sephiroth3
security holes in IE, perhaps?
Posted on 2004-06-06 11:41:19 by f0dder
Vladzone... Home of Dracula? :)
Posted on 2004-06-10 05:18:32 by Vortex
Wow, how did you find that out? Obviously, people like me would not bother to check system directory. Then, again, my browser is set to no java-script, no cookie mode. :)
Posted on 2004-06-10 06:06:53 by Starless
IE 5 is suicide :)
Get IE6sp1 with all patches at the least.
Posted on 2004-06-10 06:12:36 by Scali
I had similar problems too, but I have IE6 with SP1 and some security updates. I don't know how, but a program enters in my system, and after it it starts to download several files, viruses, and other stuffs. I even had once a program named rundll32.exe, which entered in my system but he saved itself in Windows\system directory (not in Win\sys32). I even didn't observe it, because the task manager show 'rundll32'. I realised only that I had Internet traffic.

After it in regedit i looked in the LOCAL_USER\Software\Microsoft\Windows\CurrentVersion\Run entry and I saw the 'enemy' file.

It took me 2 hours to clean up my computer, i had to go in safe mode, to search my computers for recently modified files, etc.
I don't how can such intruders to be stopped.
Posted on 2004-06-16 15:56:30 by bszente
IE x.x is suicide. (dot)
Posted on 2004-06-17 08:15:03 by pelaillo
Really, now? I use IE all the time, and I never got any trojan or virus on my box through it... and yes, I've surfed some interesting sites.
Posted on 2004-06-17 10:38:02 by f0dder
I also use IE every time, but I encountered such problems. And tell me f0dder, what's your secret? Did you set the security level high, or do you use some blocker programs?
Posted on 2004-06-17 13:22:48 by bszente
I'm with F0dder on this one. I use IE constantly and apart from my Windows machines never needing to be rebooted (I keep them up 24/7) (Win98, 2K Server, and XP Pro SP1) (all updates applied to each) with latest Norton updates... I've been to some questionable sites myself and even downloaded some even more questionable files from said questionable sites and haven't had a single virus, trojan, or worm on my machine in 8 years (although those instances are calculated risks and as such, I "test" them in an isolated Virtual PC guest first.

Well, I did have 1 from an email and I accidentally double-clicked the attachment (but NAV stopped it before it had a chance) and the other "trojan" was one I downloaded the source code to (a remote control program, I can't remember the name, but it was a very popular one in the early 2000's) and NAV detected the C source files as an incarnation of it. My machine has bever been infected (that I can remember), though.

There is no secret. Just be careful what you install. Simple as that. I also never install any active controls (from GAIN or wherever) unless I know and/or trust the source (Macromedia, Microsoft, Etc.). I use Proxomitron for my popup/banner remover and it works quite effectively.

I pay for 95% of my software these days so perhaps that accounts for some of it and I also don't travel any of the p2p networks for over a year. The secret is to not throw caution out the Windows.

I fail to see how IE is the source of any such problem, though. Perhaps it makes it easier. But in just about every case I've encountered, I have the choice to accept or decline an activex file, I have the choice to click or not click a file on a warez site or some other, I have the choice to double-click and open an attachment in email or to instead ignore it. Nothing has every automatically downloaded on me or executed on me. My wife is also in IT and well educated so perhaps that helps that she's not just clicking everything, also. Neither she nor myself are weak points here.

I developer and preview and target IE for all my web applications and hardly use any other browser but I haven't been a victim. Sometimes I get the impression it is just the "irresponsible", or "sensationalists" or more importantly, the "open source" zealots that make Windows and IE out to look so bad. My experience has been completely the opposite of everything I ever read or hear about regarding how insecure and unstable MS products are. My experience has shown me that MS products and most commercial software is quite reliable. But that is not something I'm willing to debate because that's been my experience and no one can convince me otherwise.

Thanks,
_Shawn
Posted on 2004-06-17 14:57:33 by _Shawn

I'm with F0dder on this one. (all updates applied to each) with latest Norton updates...

In this case I fully agree with you. I must say that I don't have all the updates applied. So in this manner it's my mistake, that I don't update the programs.

But I do take care of phantom emails, pop-up windows, also GAIN and other "dangerous" processes in the task manager, etc. but it seems that this isn't enough. And I must admit also that I like IE to Netscape, Opera or other browsers, that's why I'm using it.

My experience has shown me that MS products and most commercial software is quite reliable. But that is not something I'm willing to debate because that's been my experience and no one can convince me otherwise.

I know that in most cases the neglectfuly written programs cause the instability of Windows, I had also unpleasant experience with "huge" commertial application like MatLab, Xilinx ISE Foundation, even MS Word XP some times etc. and especially AutoCAD makes many crashes. But of course it depends very much how deeply a person use the software, how much the software is strained, etc. For example: my father is an architect. He works with AutoCad more than 10 years. And when he makes huge buildings, like a hotel, or bank or something like this, the drawing results in several thousands of objects, than the AutoCAD makes a few crashes and the reliability of the program reveals quickly. The computer needs to be restarted and it will work well again for 2-3 hours, than the process repeats. The 3.06GHz HT Pentium 4 should be enough in my opinion.
And yes, not only my father complains about such problems. We are in an era, when the following algorithm should be applied:


do
{
restart_computer();
try_to_work_with_a_program();
}
while (program_is_not_working_well);
work_with_the_program();

The major problem with these software is the mixing of coding styles: Java with Win16 and Win32. And after it I'm wondering why is the system so unstable, and have unexpected behaviour. My computer is quite good, with genuine Intel mainboard, etc, I don't believe my hardware is the cause of unstability.

The most beautiful thing is that I never had any problems with RadASM, the Asm compilers, OllyDbg. These are the best softwares. :alright: If the programmers would be so careful in the process of writing a software like you, members of this forum, the world would be much better :)

bszente
Posted on 2004-06-18 04:21:20 by bszente
Perhaps it is not new for you f0dder and _Shawn this link, but I thought it may be useful for you Sephiroth3. I found this article regarding this problem:
MS03-008: Flaw in Windows Script Engine May Allow Code to Run

Sephiroth3, I recomend you to install the 814078: Security Update, and it will solve the trojan problems (I hope definitively and not until to the next discovered flaw).

Best regards,
bszente
Posted on 2004-06-18 12:27:47 by bszente
I use FireBird, but I cannot recall ever having a problem with IE. I keep my Norton subscription up to date and use a firewall and virus scanner. I just can't give up tabbed browsing, it makes life so much easier. Also the popup blocking in FireBird is first rate. For security, that is not handled by my browser, it is handled by my firewall and the fact that I don't allow scripts to run unless I am prompted first. I think that IE has basically equivalent security to Firebird, the problem lies in the difficulty in finding and setting the options. Microsoft should really do something with it's configuration dialog, that is where most of the security problems originate. People just can't understand or can't find the proper settings, they're all there but turning them on requires much more knowledge than it does with Firebird.
Posted on 2004-06-18 12:51:03 by donkey
Can you tell me please the link of FireBird? I'm not sure about it, but did they change the name to Firefox?
May I ask you which firewall do you recomend? I'm not familiar in this field.

Tanks.
Posted on 2004-06-18 13:04:44 by bszente
Yes it is renamed (again) to Firefox. Get a NAT firewall :)
Posted on 2004-06-20 09:17:49 by roticv
I run medium level IE security... I think that's the default anyway. If I've tweaked anything, it hasn't been but cookie settings, and those don't have anything to do with you getting trojanized.

I don't run any firewall software on my windows box these days, as I have a pretty restrictive NATting linux firewall. I simply discard all packets that aren't supposed to go to either my LAN, or services on the linux box. This means I don't get hit by whatever DCOM exploits.

The rest of the security... sure, there's unpatched exploits in IE, but I've never been hit by any of them (quite amazing, actually). So... say no to ActiveX installs (especially from GAIM and the like), keep updated (use the automatic windows updater), and be a bit careful if you surf suspicious sites.

As for firewalls... the best would be a linux or BSD firewall doing NATing, or a dedicated hardware router/firewall. As for personal firewalls, I haven't used one for a while - but tiny (then kerio) used to be good, but it's not free anymore afaik - and I think they included all sorts of sandboxing crap.

Btw, avant browser gives you tabbed browsing, but with the IE engine... for max compatibility ;)
Posted on 2004-06-21 07:05:31 by f0dder
Thanks for all of you for your advices.

I downloaded Firefox and Avant browser, I tried both, but for me Avant browser is the "chosen one". Anyway both of them are very usefull programs.
I have the security at medium level, so no problem with this, but for the present I have to remain at the built in WinXP firewall. Maybe sometimes I will put a separate computer only for a Linux firewall.
Posted on 2004-06-22 03:22:19 by bszente
You might want to consider scanning and cleaning your computer for spies. One such program is found at http://www.spywarebegone.com/. I have used this program, and it seems to get rid of spyware that I had inadvertantly installed.
Posted on 2004-10-07 22:45:56 by Gandolf
You might want to consider scanning and cleaning your computer for spies. One such program is found at http://www.spywarebegone.com/. I have used this program, and it seems to get rid of spyware that I had inadvertantly installed.
Posted on 2004-10-07 22:46:45 by Gandolf
Free Tools to keep away inet related problems :

- Firefox - browser
- ZoneAlarm - firewall
- AVG - anti virus
- Ad Aware - to keep spyware away
Posted on 2004-10-09 16:24:26 by clippy