Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Jan 2008 - Bogus applet virus or trojan?

Acme 01 Jan 08 - 05:15 PM
McGrath of Harlow 01 Jan 08 - 05:21 PM
Acme 01 Jan 08 - 05:37 PM
Acme 01 Jan 08 - 05:40 PM
GUEST,Jon 01 Jan 08 - 05:47 PM
Acme 01 Jan 08 - 05:50 PM
JohnInKansas 01 Jan 08 - 09:26 PM
GUEST,Notamember 01 Jan 08 - 11:23 PM
GUEST,Notamember 01 Jan 08 - 11:30 PM
Acme 01 Jan 08 - 11:31 PM
GUEST,Notamember 01 Jan 08 - 11:33 PM
Acme 01 Jan 08 - 11:40 PM
GUEST,Notamember 02 Jan 08 - 12:00 AM
Acme 02 Jan 08 - 12:28 AM
Nick 02 Jan 08 - 02:24 PM
Acme 02 Jan 08 - 03:46 PM
michaelr 02 Jan 08 - 07:10 PM
JohnInKansas 02 Jan 08 - 08:00 PM
JohnInKansas 02 Jan 08 - 08:04 PM
GUEST,Jon 02 Jan 08 - 08:57 PM
Acme 02 Jan 08 - 08:59 PM
Acme 03 Jan 08 - 01:32 AM
GUEST,Jon 03 Jan 08 - 06:35 AM
Acme 03 Jan 08 - 10:15 AM
JohnInKansas 03 Jan 08 - 02:25 PM
Acme 04 Jan 08 - 02:03 PM
GUEST,Jon 05 Jan 08 - 06:30 AM
JohnInKansas 05 Jan 08 - 07:09 AM
The Fooles Troupe 05 Jan 08 - 08:02 AM
Acme 05 Jan 08 - 12:29 PM
Acme 05 Jan 08 - 02:13 PM
JohnInKansas 05 Jan 08 - 04:18 PM
GUEST,Stilly River Sage 05 Jan 08 - 08:38 PM
Bee 05 Jan 08 - 09:12 PM
JohnInKansas 06 Jan 08 - 12:18 AM
Acme 06 Jan 08 - 02:06 AM
JohnInKansas 06 Jan 08 - 03:57 AM
GUEST,Jon 06 Jan 08 - 06:13 AM
The Fooles Troupe 06 Jan 08 - 06:33 AM
Nick 06 Jan 08 - 07:57 AM
Acme 06 Jan 08 - 11:21 AM
Amos 06 Jan 08 - 12:08 PM
Acme 06 Jan 08 - 04:46 PM
GUEST,Jon 06 Jan 08 - 08:34 PM
Bee 06 Jan 08 - 10:15 PM
Acme 06 Jan 08 - 10:59 PM
Mick Pearce (MCP) 07 Jan 08 - 09:01 AM
Donuel 07 Jan 08 - 09:20 AM
oggie 07 Jan 08 - 10:39 AM
Acme 07 Jan 08 - 11:20 AM
JohnInKansas 07 Jan 08 - 01:46 PM
Bee 07 Jan 08 - 02:03 PM
mattkeen 07 Jan 08 - 02:16 PM
JohnInKansas 07 Jan 08 - 03:32 PM
Acme 07 Jan 08 - 04:40 PM
Acme 10 Jan 08 - 11:52 AM
Acme 10 Jan 08 - 12:11 PM
Dave'sWife 10 Jan 08 - 12:17 PM
Acme 10 Jan 08 - 12:42 PM
Acme 10 Jan 08 - 07:43 PM
JohnInKansas 10 Jan 08 - 08:20 PM
Acme 11 Jan 08 - 12:06 AM
JohnInKansas 11 Jan 08 - 02:30 AM
JohnInKansas 11 Jan 08 - 03:27 AM
The Fooles Troupe 11 Jan 08 - 05:13 AM
Acme 11 Jan 08 - 10:58 AM
Acme 11 Jan 08 - 02:47 PM
JohnInKansas 11 Jan 08 - 03:16 PM
Acme 11 Jan 08 - 05:32 PM
GUEST,Jon 11 Jan 08 - 06:29 PM
Acme 15 Jan 08 - 11:23 PM
GUEST,Jon 15 Jan 08 - 11:47 PM
Acme 15 Jan 08 - 11:55 PM
GUEST,Jon 16 Jan 08 - 12:01 AM
GUEST,Jon 16 Jan 08 - 12:11 AM
GUEST,Jon 16 Jan 08 - 12:21 AM
Nickhere 02 Feb 09 - 07:34 PM
Andrez 02 Feb 09 - 08:03 PM
Acme 02 Feb 09 - 11:18 PM
Andrez 03 Feb 09 - 05:55 AM
JohnInKansas 03 Feb 09 - 06:22 AM
Acme 03 Feb 09 - 11:21 AM
Andrez 03 Feb 09 - 08:55 PM
Acme 03 Feb 09 - 10:12 PM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:









Subject: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 01 Jan 08 - 05:15 PM

This is a query and a heads-up. The last couple of weeks I have been getting a steady number of hits of some sort, when my browser (IE-7) keeps popping up the Applet or Java bar at the top of the page. Most often it says:

This website wants to run the following add-on 'Microsoft Data Access - Remote Data Services Dat. . .' from 'Microsoft Corporation'. If you trust the website and the add-on and want to allow it to run, click here. . .

Alternately, I've been seeing
This website wants to run the following add-on: "RealPlayer Automation Interface' from "RealNetworks, Inc. (unverified publisher)'. If you trust the website and the add-on and want to allow it to run, click here. . .

It is now a steady hammering, any time I open a new window. It is troubling, but I can't find a cause or a source.

These turn up on lots of different pages I view, so I suspect the message is part of a virus or trojan trying to embed itself further. A scan has turned up nothing, and a search at Google with the first few words of the add-on query text come up with other people discussing what it is. One place said it isn't Microsoft. And I went to Microsoft myself this afternoon to see if there are any updates I've missed. There are none.

Google Search on "This website wants to run the following add-on 'Microsoft Data Access - Remote Data Services Dat.".

Anyone else encountering this yet? I just called my son in and told him to deny it if his computer gets this message. I don't want to have to fix two computers. Funny thing is, I've been trying to get it ready to run a clean, full backup. I may have to go back a few days with a system restore before I do it.

From here I'm going to visit the Symantec site and let it scan the computer and see if it detects anything. I had one AVG response earlier today, but didn't catch the wording, and after "healing" the problem these messages are still popping up.

Don't bother nagging about the browser, it's the one I use most of the time for a number of good reasons. I use Opera regularly for email and haven't seen this message there, and I haven't opened Firefox for a while but will take it for a spin, but IE is the one I observe that is clobbered (so far) by this message and possible assault.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: McGrath of Harlow
Date: 01 Jan 08 - 05:21 PM

Sounds like another good reason to avoid using Internet Explorer. And that's not a nag - every now and again I run up against something where I have to use IE (such as the BBC iPlayer), so it's a useful warning, thanks.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 01 Jan 08 - 05:37 PM

One discussion site has the following observation, offered on Dec. 15, though it isn't correct:

    One of my Firewalls reports 3500+ Attacks on port 1900. I would suggest punching a hole on another port to access MSN, Turn off auto updates and keep the Virus software updated. 1900 is a popular port to break into. Sometimes the guilty party is Microsoft themselves. I just block them from my PC. Whatever Microsoft offers for free always has hidden spyware in it.

    I would guess, and bet that those who are getting the error message aren't using a router and are hooked up directly to the Modem.


I use a router.

On Dec. 19 another poster at that site (place called C C Forums) reports:

    I am runninhMcaffe on XP with a patched version of IE, I got the following in my log 15 minues ago, so the issue may still be ongoing:

    Virus Profile: VBS/Psyme
    Risk Assessment
    - Home Users: Low
    - Corporate Users: Low
    Date Discovered: 9/30/2003
    Date Added: 10/16/2003
    Origin: N/A
    Length: Varies
    Type: Trojan
    SubType: Exploit
    DAT Required: 4297



Don't know if that helps. But this is what I'm learning.

So far my scan is detecting changes in "shell32.dll" in the windows system32 shell area and in "hosts," also in the system32 drivers area.

Another discussion site shows this was an issue for some back in October. One forum moderator thinks "your permissions and pre-approvals are just set too low." He also linked to this blog:

blogs.msdn.com

There it says:

    This Website Wants to Run the Following Add-on
    You may have encountered a warning similar to the following when browsing web sites with IE7:

    This website wants to run the following add-on: 'MSXML 5.0' from 'Microsoft Corporation'. If you trust this website and the add-on and want to allow it to run, click here…

    The same warning may appear for some other common add-ons:

    This website wants to run the following add-on: 'QuickTime' from 'Apple Computer, Inc.'.
    This website wants to run the following add-on: 'Windows Media 6.4 Player Shim' from 'Microsoft Corporation'
    This website wants to run the following add-on: 'Windows Media Player Core' from 'Microsoft Corporation'
    This website wants to run the following add-on: 'Windows Media Player Extension' from 'Microsoft Corporation'
    If you are seeing any of these warnings, you probably wonder if it is safe to allow the control to run. And if you are a web developer, you probably wonder why your web page is triggering this warning.

    Why the Warning?

    This warning occurs whenever a web page attempts to execute code on your machine that has not been used previously and is not on the local pre-approved list. This is usually caused by the website trying to use older code. Web Developers often copy-and-paste samples to do things like statistics tracking and media player detection. Some samples that are several years old were written to use old versions of the controls. If the web page is written to look for the most recent versions of QuickTime or Media Player, no warning is shown. You can see which controls are pre-approved on your machine by looking in Tools>Manage Add-ons>Enable or Disable Add-ons.

    It's important to note that the "Run" approval in the Information Bar is different from "Install" approval. "Run" is for code already on your PC. "Install" is for new code that the website would like you to download and install. As has been our guidance for many years, you should only install code from websites and vendors that you trust. IE7 provides a series of dialogs with information to help make this trust decision.

    Should you Allow?

    Once you approve a control, any site on the Internet will be able to script that control without prompting you again. You should NOT approve the control unless you have strong reason to believe that the control is safe. Site authors should not be using these older Microsoft controls, and approving them exposes you to increased risk. You should encourage site owners to change their web sites to check for the newer, safer versions of the controls.


This doesn't really answer it, though, because I get the message on lots of different sites, and I can't imagine that all of these web sites are suddenly not in compliance with some add-on program.

And here's an answer that I came up with myself (partly) when I looked for more information from the message itself, but it didn't explain about the "Run" and "don't run" buttons. I'll check this out:

    # re: This Website Wants to Run the Following Add-on
    Wednesday, April 25, 2007 5:29 PM by Joshua Allen [msft]
    Lionel: good question. To disable a control that has accidentally been enabled, the user can indeed use Tools->Manage Add-ons->Enable or Disable Add-ons.

    To say "never ask again", just click on the gold bar and select "Run ActiveX Control". This doesn't actually run the ActiveX control right then -- it pops up a dialog box that has two buttons: "Run" and "Don't Run". Whichever button is pushed, you won't be asked again. If you *do* want to be asked again, you can click the red "x" to cancel out of that dialog (or go back into Manage Add-ons).


I may just be talking to myself on this, but I'll report back on the results after my AVG scan finishes and I try this setting change.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 01 Jan 08 - 05:40 PM

I can't get to any of my bank or investment pages without IE, because of the security filters built in. That's one reason. And for a lot of things to do with Microsoft, you can't get there if you're not using IE.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 01 Jan 08 - 05:47 PM

Have you got an example page that brings these messages?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 01 Jan 08 - 05:50 PM

Everywhere at Mudcat, for starters.

I tried this advice just now:

    To say "never ask again", just click on the gold bar and select "Run ActiveX Control". This doesn't actually run the ActiveX control right then -- it pops up a dialog box that has two buttons: "Run" and "Don't Run". Whichever button is pushed, you won't be asked again. If you *do* want to be asked again, you can click the red "x" to cancel out of that dialog (or go back into Manage Add-ons).


Instead of hitting the black x to make it go away I clicked on "run" and it brought up the dialog box in which I selected "don't run."

We shall see. It's something that is in the browser, and every time you change the page it wants to load this thing. Doesn't seem to matter where it is.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 01 Jan 08 - 09:26 PM

Stilly -

In IE, Tools|Internet Options, click the Programs Tab. There should be a button there labelled "Manage Add-ons." There you can show the list of what add-ons have been used, which ones are currently in use, which ones run without asking permission, with a separate list of Active-X controls on the machine.

A first step toward determining whether you're really seeing an "attack" would be to check what's there, and make sure that all of the "helpers" you have installed are from reliable sources. There are, unfortunately, a few "doctored" imitations that might occasionally get themselves installed.

If you find a BHO (Browser Helper Object) that really looks like it came from somewhere you shouldn't have been, you can DELETE it. The ones from known sources can generally just be turned on/off.

I've noticed that my NIS on several occasions has objected to being overridden by the Microsoft Firewall (when the computer comes back up after a reboot). My guess is that recent auto-updates have turned on the Microsoft Firewall. Norton Internet Security has no problem turning it back off when you give permission. This is one place to lay some suspicion since Microsoft has been "pushing" their "Live Security" (or whatever other baby-talk name they've given all the bits and pieces). It's possible that you've accidentally gotton more than one popup blocker turned on, and the competition between them is causing problems.(?) Norton, Google, Microsoft, and just about anyone else that offers you a "toolbar" quite likely will have a "popup blocker" included in the installation.

You may also be getting some browser configuration corruption and/or changes in settings from the currently in-process MSN conversion of everything MSN to "MSN - Live." If, by any chance, you've allowed them to install "MSN Explorer," which is NOT THE SAME THING as Internet Explorer, you can probably expect all kinds of garbage events. (MSN's persistent demands to load their specially bogused programs on us is one of several reasons that we're in the process of dropping our MSN Charter Account - that we've had since ca. 1989 - as soon as we can get everyone informed of new email addys.) If there's a "butterfly" icon anywhere on your computer, it's likely "you've been had" or soon will be, by MSN.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Notamember
Date: 01 Jan 08 - 11:23 PM

I'm having this same problem and found this board by accident. I also have very high security settings and can't find anything wrong. My computer has been "cwap-free" for several years now and this freakin' yellow bar is driving me nuts. It only appears on some websites, not others.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Notamember
Date: 01 Jan 08 - 11:30 PM

JohnInKansas,

I already checked my Add-on file. Since I'm "old school" (not really but I hate viruses and other problems, plus I don't use my computer to view video or download music), I'm still on dial-up and have very few add-ons. It's not in there. I recognize all of my add-ons since I only have a few.

This little yellow bar is driving me NUTS!!!!!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 01 Jan 08 - 11:31 PM

John,

I did go check various of the things you mentioned, and some time back I noticed the same thing about the Windows Firewall. I had turned it off and it came back by itself. I got even by setting the Automatic Updates to let me know if something is available and I'll decide to download and install. That took care of the firewall.

I also looked at those approved programs in the Manage Add-Ons area--the names, as you probably know, are gibberish. Only one clearly blocked is Windows Messenger. Got that sucker blocked as soon as the computer was out of the box. So far this evening I haven't had that message pop up (but it was occurring for a couple of things, so it still might). I haven't been browsing much, though, I've been in using my new pasta machine. :) (Turned out great!)

I have a little program called Startup Control Panel 2.8 by Mike Lin that is great for keeping track and allowing or blocking processes. It's an old program, I've had the same one in at least three computers over the last 10 years or so. But it works. (I guess I need to look the guy up--I sent a couple of dollars his way when I first set up a PayPal account).

So, I've updated and scanned and nothing shows up. I will wait a little before I commit this stage of my software to the backup, to see if there are any more hiccoughs.

Thanks for the assessment of possible problems. It's good to know I was on the right track diagnostically. I don't add too many add-ons, and I boot out those annoying tool bars that everyone tries to layer in. (I just put in the new NERO and they have one now. No, thanks!). Yahoo is as annoying as hell, Earthlink had one. The only one I use because I really do use it is the Google Toolbar. And that one I love.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Notamember
Date: 01 Jan 08 - 11:33 PM

One more thing -- I'm only seeing the yellow bar on websites that aren't "top level" -- in other words, I don't see it on eBay or Google or Amazon or the LATimes but I'm finding it on various blogs (not all of them) and forums.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 01 Jan 08 - 11:40 PM

I did what that one set of instructions suggested, and it worked. When you click "run" it doesn't actually run. It gives you a dialog box asking if you really want to run it or if you want to block it. I said to block it. That seems to have worked. I don't know where the darned thing came from, but I understand your frustration. Amazing how much I move around from screen to screen when I work, and with every move I got that annoying tone and popup.

Try it. And report back, please! Too often there isn't followup once the problem is solved. And are you into music? That's our raison d'etre, though if you did a search like mine (on the words in the yellow box) we were probably mixed in with a broad spectrum of web sites. My search brought up everyone who was frustrated and turning to their web community forums to try to solve the problem. They covered everything from motorcycles in North Texas to web designers to chat room moderators, it was a mixed bag.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Notamember
Date: 02 Jan 08 - 12:00 AM

Okay, I just clicked the bar. It said "run it" or "don't run it." I clicked "don't run it" -- and the bar went away!!

However, I just tried another page that had the yellow bar and a balloon appeared from the bar on the bottom that said "This page is requesting an Add-on"

Anyway, I use my computer for eBay so I'm really "high security" on it. No downloads, no video, no music, no messenger, no FUN!! :)

I thank you for your help! I've been looking and this problem has been cropping up on a lot of boards in the last few days. I suspect you'll have more visitors here!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 02 Jan 08 - 12:28 AM

Redundancy is the name of the game in computer software engineering. If you don't find something or respond to a prompt from one area, they'll get you from another. Good luck in tracking down all of the annoyances! I have another one that may still try to pop up, but I'll know what to do about it now.

I use my computer for eBay also, but I have a high level of security in place because I telecommute and log on to a university library server and have to go through a security protocol that stays put on my computer until I ever uninstall the program. That user interface doesn't look as pretty as the regular XP Pro first screen, but it is more secure.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Nick
Date: 02 Jan 08 - 02:24 PM

If you still have any doubts about having totally got rid of the root of the problem I recommend the spybot forum. the help I received there I was stunned by. Just over a year ago my son managed to **** up my machine when he clicked onto an "image" that a friend recommended him. It caused all sorts of damage and even when I thought I had rectified things I had all sorts of things still going on on my machine (eg a rootkit had been installed).

Really really helpful - my spybot experience and the general forum is at spybot forums


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 02 Jan 08 - 03:46 PM

I use Spybot, and it does a very good job of tracking any registry changes and keeping track of what actually gets to start up at startup.

This morning I went looking for software updates and I find at the Office of Information Technology office at my university that they have a variety of software available to the campus community. They've always had a few, but they're getting serious about the types of security available. I'm not the only one who works at home, and it's worth it to them to be sure that my home computer is as secure as my office computer. They have the license to use Spybot, along with one other. I suspect it is a situation where you choose one or the other. Using two programs that try to do the same thing messes up the works (ask me how I know. . .).

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: michaelr
Date: 02 Jan 08 - 07:10 PM

How do you know? ;-)

Seriously, is it a bad idea to install Spybot alongside Ad-Aware?

Cheers,
Michael


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 02 Jan 08 - 08:00 PM

michaelr

A number of very good support websites REQUIRE that you run AdAware SE followed by running Spybot S&D, after which you run Hijack This to get a log of your configuration, which the site will analyze to find a solution for you. AdAware and Spybot apply slightly different criteria to deciding what to fix, so using the two together gives a slight overlap, but is NOT redundant.

Probably only ONE or the other should be set to do real-time monitoring, but running both manually and frequently is highly recommended by the very competent.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 02 Jan 08 - 08:04 PM

Stilly -

I can't be really sure, but your symptoms appear to be at least partially described by Microsoft KB article at MS07-057: Cumulative security update for Internet Explorer KB: 939653.

Under "Known Issues," the line and following description for:

"ActiveX controls that prompt before they are loaded" seems applicable.

You may find some answers there - or not.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 02 Jan 08 - 08:57 PM

That seems to relate to sites using applet, embed and object tabs but SRS says it was happening with all sites.

As far as I understand it with these things, browsers tell you you are missing a plug, ask to install and activex control, etc. when they are not present/up to date on a system but needed for some content on the web page.

I wouldn't expect to be asked to load a real plugin/control unless I was to get real audio/video content for example.

I'm far from sure but my suspicion is that she has cured a symptom (the prompting) but there is something nasty on her machine,


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 02 Jan 08 - 08:59 PM

John,

Thanks, I'll check that out. My computer, or my DSL, or both, are running very slowly today. They updated some stuff at work over the holiday, so that may be one answer.

I use AdAware and Spybot and Spyware Blaster. I tried the Ewido program one time, and whatever else I had on the computer at the time, I don't remember now, but they did not play nicely together. The Ewido program looked interesting though, and is part of a different cluster of software. I also use Kerio and AVG (got that advice from Mudcat's own Bill D, the master of mustering good free software programs).

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 03 Jan 08 - 01:32 AM

Oh, that sounds so smarmy, Jon!

You make an excellent point about when it is requesting to use the plugin. Not at a point when a task is to be performed, but with every new instance of a browser window changing sites.

The 'puter is running slow, but I haven't found any further sign of a culprit. We don't have the best DSL connection on our side of town, it's marginal at best.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 03 Jan 08 - 06:35 AM

Didn't mean to sound smarmy, SRS.

One other thing I've found in trying to search for answers is that it may be code from another site triggering the prompts and so many (most?) sites do this these days, eg. Mudcat uses google ads and google analytics scripts. I still can't imagine why these things would trigger the prompts for you but if you can turn the prompt on again, you might want to try a page like this one which I know contains no applet, etc. tags and does not use external js, etc.

---
I'm drifting here but it might be a scarey thought btw, if someone did manage to break into google and hack something like a google ads script.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 03 Jan 08 - 10:15 AM

I meant that it made my computer sound smarmy, not you. I think I'll pass on turning that thing back on, but I'll keep your test in mind if I need it. A query this morning answered one question--it wasn't just me, the email server at work yesterday was running very slow, everything seemed to "hang" and if you got impatient with it and tried clicking away, it crashed. (Don't you just love it--when you leave work everything runs fine, but over the break they "fix" something and when you come back it doesn't work for shit!)

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 03 Jan 08 - 02:25 PM

Most of the symptoms described - if I've properly sorted the ones YOU ARE SEEING from the ones included by SPGWK on blog sites that have been quoted - can be "induced" by changing settings in one or more of the "security programs" that you probably are using.

If you have a DSL or cable connection, or even on dial-up, your ISP almost always has a filter/firewall in place to block some obvious threats, both to you and from anything you might send them. Your email sometimes, nearly always if you use any "email program" rather than just web mail, is on a different server than the one you use for web browsing and invariably has its own separate security features.

If you have DSL or Cable service, most of the modems provided by the services or commonly used by people who buy their own provide an additional filtering via the settings you make for what signal formats can be passed and what protocols can be used.

Your browser, even if it's not IE, allows you to set security features that may restrict what the browser can do transparently, which may just block certain things, or may allow (require) you to approve/deny certain kinds of transmissions.

In some cases it would be questionable, but I think we're quite sure that you have an AV installed and keep it current. Your AV can usually be told to block certain kinds of transmissions, both to and from your computer. If you have a "full suite" security package, it will include popup blocking, spam filtering, and quite possibly "anti-phishing" along with a firewall. Most of these "separate features" can be turned on/off individually and can be "tailored" to receive/require permission/block specific kinds of communications, in the "suite" programs; but they may be automatically incorporated in simpler AV programs with less "controllability."

As a specific instance of where you can "induce" the behaviour indicated, in Internet Explorer, Tools|Internet Options, on the Security tab you choose a "zone" in which to operate while browsing. Within that zone you can choose a "level of security." If you are on the internet, in any "zone" other than "Internet," with a security level set higher than "Medium-high" with descriptions:

        -Appropriate for most websites
        -Prompts before downloading potentially unsafe content
        -Unsigned ActiveX controls will not be downloaded

you likely will be required to make a choice for almost every communication that isn't plain text or very plain html.

In this zone, at this level, most "applets" that are generally safe will be provided automatically, for most sites. It is NORMAL AND GENERALLY SAFE to allow them to be used without your intervention within the limits set by your browser and other security features.

If you don't have the commonly used applets available on your computer and "allowed" you may still get notices when one is needed. You can set, on the Programs tab in IE, at the "Manage add-ons" button, a requirement to not use certain applets, or to require a notice when one is requested. If you delete or exclude completely the commonly used applets, you will get lots of notices. If you fail to install, from reliable sources, the applets commonly used at places where you visit in your browsing, you will get lots of requests to install them; and you probably INCREASE the likelihood of getting a "buggered one" from a phony source.

As indicated in some of the sources you cited, there are a few sites that may ask for an obsolete applet by its specific rev, and this will result in an "excess request" - but such sites actually don't appear to be too common, since most people don't see many such requests. If you don't have the common applets accessible on your machine, with permission for them to be used, you'll also get lots of requests to use one or more of them.

Note also that you don't have to respond to every notice that a website "wants you to" do something. If you see what you want to on the site, just IGNORE the popup notice.

Setting a higher security level may be helpful when visiting a "suspect site," but setting too high a level may actually reduce your security. Browsing in a mode where you have to click lots of "permissions" can easily induce "clickitis" where you start clicking without carefully thinking. Since the most dangerous threats commonly found on the web in recent months are "phishing" exploits that try to induce you to click something you shouldn't, you might be raising the odds that you will click something you shouldn't.

The possibility of some malware on your computer can't be totally excluded, but a setup that attempts to invoke an inappropriately high level of security is a much more likely cause of the symptoms described.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 04 Jan 08 - 02:03 PM

I'm still experiencing really slow page loading, and it is particularly troublesome on secure pages. So I still have some issues, whether with my firewall (Kerio) or other software.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 05 Jan 08 - 06:30 AM

The possibility of some malware on your computer can't be totally excluded, but a setup that attempts to invoke an inappropriately high level of security is a much more likely cause of the symptoms described.

Yes, you could force more prompts on yourself but I would still only expect to see prompts for things a page needs.

What remains unclear to me is whether or not the stuff SRS is getting asked to install is appropriate for the pages she visits.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 05 Jan 08 - 07:09 AM

No argument with the ambiguity about what's being asked for; but we don't really know which page gives which request, or what the page making a particular request was meant to do that might need the service asked for.

It is helpful to remember that just because the phone rings doesn't mean you have to answer it, although a lot of people find it really hard to resist doing so. If the page does what you want it to do without giving it any additional tools, it's perfectly permissible to IGNORE the request. An answer/response is NOT REQUIRED in most cases. The requested action is blocked, or you wouldn't get the notice, so you DON'T have to "turn it off," if you can bring yourself to just leave it alone.

(If you leave it alone, at least some sites will come back with an explanation of why the want it - sometimes.)

Of course, if you find a site that makes unreasonable demands, or unacceptably suspicious ones, it might be wise to just avoid going there too often.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: The Fooles Troupe
Date: 05 Jan 08 - 08:02 AM

Patient: Doctor, every time I lift my hand above my head, it hurts!

Doctor: Well don't do that then!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 05 Jan 08 - 12:29 PM

It was happening with every new screen, regardless of where I was visiting. It was some glitch in the browser, I think, or something malicious trying to load itself. I'm not getting that request now, but my secure pages are loading at a glacial speed. I'm dying of old age waiting for many forms to present themselves. I may have to uninstall and reinstall my firewall and/or my anti virus.

I wasn't "answering that door," I was clicking it away or ignoring it. But after a while that tone and yellow bar really get to you. I wasn't unwilling to let it load just to make it go away--that is the way to end up with big problems if it is a malicious program trying to insert itself into the system.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 05 Jan 08 - 02:13 PM

And the answer is!!!!

I think . . .

Nero 8, installed over the holiday. It has this little file called NMBgMonitor.exe. Slows the thing down. I went through the start up scripts again and gave it the boot. Rebooted, did a few test screens. They seem to be faster.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 05 Jan 08 - 04:18 PM

DRM strikes again?

I've noted (just an impression) that the ONLY legacy programs (that I've found) that Vista refuses to run are those dealing with "Multimedia" that don't have the latest DRM spyware built in to make notes and report on everything that passes through your optical drive(s).

[Where's that conspiracy theory thread?]

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Stilly River Sage
Date: 05 Jan 08 - 08:38 PM

DRM? What is that? Is that for Vista? I still use XP Pro, but maybe its simply being there slows everything.

I've been out for a while, and am at Mudcat on via Firefox (no cookie). It loaded quickly. My bank secure page is still loading, so it isn't completely past the slowdown on secure sites.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Bee
Date: 05 Jan 08 - 09:12 PM

I wanna know what DRM is too, JohnIK. I've a brand new machine here running Vista and any number of programs and options I'm not used to yet - I'm coming direct from a 10G computer with 128 RAM with 98SE, so it's a brand new world here.

And have I thanked you yet this year for all your good advice?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 06 Jan 08 - 12:18 AM

DRM = Digital Rights Management

An all-encompassing term for anything the "big record companies" do, or demand that computer builders and users do, to make sure they get their "cut" everytime music is created, played, recorded, copied, or otherwise handled or manipulated.

Nearly all computer "music/video player/burners" have been pretty much forced to incorporate DRM hardware/software that examines everything that goes through your optical drives (CD/DVD ROM/Recorders) to detect, log, and usually to connect with web resources to see if it's something for which a copyright is claimed.

Microsoft has come up with their own "DRM system" that they're currently pushing, and it's invasively incorporated into Vista, and into the more recent versions of things like Windows Media Player etc. It "objects" if you are not connected to the internet when you insert a CD or DVD in your drive it "expects" to be able to check whether the disk has "copyrighted material" on it. It once identified a CD I'd burned of LiK's ancestors' pictures as being songs by some rap group I'd never heard of. (it ignored the .jpg filetypes, and probably "identified" the CD by matching "ugly quotients?)

The reference to Vista refusing to run older programs that don't incorporate the latest methods of "copyright protection" systems is based on my limited experience, and rejection by Vista of a couple of my own older programs - that run quite acceptably if I override the Vista "blockade" but are immediately disabled at the next reboot.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 06 Jan 08 - 02:06 AM

Thanks, John. I have an engineer friend who has complained about this Vista feature also. I suppose the computer is reporting back to the mother ship any time you sneeze these days.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 06 Jan 08 - 03:57 AM

As I've reported earlier, I was forced to get a new laptop in something of a rush, and the only thing available at "cheep" prices came with Vista. ($500 for a machine with decent specs)

It was immediately evident that the "Home Office" wasn't going to cut it, so I layed out the roughly $300 for "Office Professional" - which I immediately found is so "crippled by cute" that almost nothing that I'd consider "professional level" functions are usable.

The obvious "customer profile" to which Vista and Office (on Vista) were designed to postulates that all users are 13 year old (idiot) preteens whose only interest is in "MULTIMEDIA," hero worship of drug addicted footballers, and text messaging to other 13 year olds.

Vista also includes an "indexed search" in place of the former Win Explorer search, which means that you CANNOT FIND anything except what Microsoft decides to have the "indexer" put into the index, so if your vocabulary is past pre-teen you can't find ANYTHING on the machine. (They've also converted the website search to the same search engine, apparently. I've seen several blog complaints that you can no longer find anything but "advertisements" at Microsoft. I concur.)

I'm also in my third month of trying to get Vista to connect to my LAN where three WinXP machines have been living quite happily and having all kinds of "friendly relations" with each other. Vista is strictly a non-participant. It connects to the internet to check whether granny's pictures on my CDs are © by RIAA, but refuses to speak to any of my five printers or to the other three computers.

If I break down and get an FRP WinXP to put on it, I'll have almost $800 worth of software on my $500 laptop - and still won't have a useful word processor. It does make one think really hard about 'NIX.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 06 Jan 08 - 06:13 AM

One of the few things I'd hoped to do with Vista Home Basic (which came with my laptop...) for was to put the free IIS on so I had some form of Windows server check for my web pages.

There may be ways round it but while it (or formerly PWS) would work on every (98 was the earliest I used this) Windows I tried, MS have stripped needed code out of Vista Home so it won't run.

Up until then, I'd believed "Basic" meant it was lacking in more advanced configuration tools, utilities and I suppose "eye candy" but it means you can't even install at least this software as MS have decided "Basic" users should not need (read they will try to "persude" everyone they can they need to pay more and upgrade) it.

I can of course run a full blown (the free IIS is limited) free web server on it - Apache works fine...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: The Fooles Troupe
Date: 06 Jan 08 - 06:33 AM

If you think Vista/Home is "basic/lousy", I do believe there is a cheaper version they have been trying to flog in Asia...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Nick
Date: 06 Jan 08 - 07:57 AM

>>I'm also in my third month of trying to get Vista to connect to my LAN where three WinXP machines have been living quite happily and having all kinds of "friendly relations" with each other.

Is this the wonderful world of User Account control by chance which I have lots of fun with at work? It causes me all sorts of hassle and I have yet to come to terms with it. An example is the ability to map drives between machines and browse the drive but then an application which uses that mapped drive to not function because the machine reports that it's not available.

Vista has created lots of new exciting ways to stop things working. One of the ones that amused me was the inability to run an Access database across a network of say three users (or any other database) with the Vista machine acting as a server until one makes a registry change which took us an age to find.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 06 Jan 08 - 11:21 AM

Looks like people are going to stick with XP as long as they can make their machines go. John, have you thought about going to Linux?

My computer is feeling much better today. I went through my Start-Up program and un-checked any media programs (I'd already kicked out QuickTime from trying to load at startup--boy, is that one a hog!) and now Windows Media Player has to wait until I need it. Nero is in the same boat, as discussed earlier. I also checked out a few of the other functions that are in there and are very useful. It doesn't hurt to remind yourself occasionally what some of these other programs do.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Amos
Date: 06 Jan 08 - 12:08 PM

The time and money spent almost makes it worth buying an Intel-hosted OS 10.4 Mac.


The cute is there, but it works, and you have a clean bare-bones command line always available.

The networking in my experience is fast and largely automated in a friendly way.

We have four and sometimes six devices on a wireless LAN sharing files at need. A couple are not Intel-based but the earlier PPC architecture.

Once in a while something goes wonky but is usually put right within fifteen minutes.

The machines are generally very robust and trouble free.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 06 Jan 08 - 04:46 PM

And can you take things written or prepared or otherwise stored on a PC and use them on the MAC? Do you think that the Big Brother software isn't in the MAC just like it is in the Windows?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 06 Jan 08 - 08:34 PM

Give it a go, SRS.

OpenSuse/KDE is my choice: Live CD for that and a Gnome one (they are different desktops - basically same thing, just graphical user interface is a bit different) from here

Ubuntu is probably the most popular. here, again "Live" unless you choose to istall.

Then there is kubuntu (KDE version - Ubuntu use Gnome), Fedoa Core and others...

It might not replace everything you want but you might be surprised what it can do and what's even on just one CD.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Bee
Date: 06 Jan 08 - 10:15 PM

I'll mention with caution that mine is running Vista Home Premium and has yet to demand an internet connection when a commercial CD or DVD has been played - but it is early days.

I'm finding HP support very obliging - I've made two queries to them and gotten a response with the needed information (and Vista compatible software for a year old printer, in one instance) within one hour of emailing them.

My neighbour has managed to load and use Word Perfect 9 on her Vista platform. Apparently Vista whines and complains about it, but it runs just fine.

It is a bit glitchy - I've had half a dozen or so error messages indicating problems 'which Windows will attempt to resolve', but then nothing else seems to happen and everything continues to operate.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 06 Jan 08 - 10:59 PM

So it looks like what seemed like a virus might in part be the ponderous underpinnings of the juggernaut that Windows has released upon the world.

Groan


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Mick Pearce (MCP)
Date: 07 Jan 08 - 09:01 AM

SRS's problems seems to be nothing to do with DRM or Vista intrusion.

The problems with NMBgMonitor.exe (and a few related programs) seems to be well known at least from Nero 7. It's to be related to a component called Nero Scout which is an indexing and database system for media files. There appears to be a first-start-up bit and a real time monitor which maintain the database, which can be used by other pieces of Nero's software (but isn't necessary). You can disable Nero Scout and the problems should go, without needing to totally remove Nero.

If you do a search on "NMBgMonitor.exe" you'll find plenty of articles about it, with solutions. Here's one example: Disable Nero Scout in Nero 7 (you can ignore cookies and ActiveX), but there are plenty more.

Mick


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Donuel
Date: 07 Jan 08 - 09:20 AM

Could this be a means of finding out what people are viewing on you tube?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: oggie
Date: 07 Jan 08 - 10:39 AM

We may just be incredibly lucky but both my son and I run Vista and have had no problems with it. Never had a DRM issue and it runs all my software. The only issue Peter has had is drivers for a piece of Steinberg music hardware but that's mainly because Steinberg have decided not to issue Vista drivers for a lot of their older gear, presumably in the hope you'll go and buy some new stuff. Bad strategy, Peter fudged a way round the drivers and now won't buy Steinberg.

All the best

Steve


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 07 Jan 08 - 11:20 AM

Yesterday I found and disabled Nero Scout, it's pretty straightforward. It is an indexing program, but I wouldn't be at all surprised if it wasn't also linked to the larger scheme that JiK discussed. When I installed this Nero version I had to uncheck a great number of types of files that it wanted to manage. The one that I don't mind it taking over (as long as it keeps working) is to show the QuickTime files. Because I find QuickTime to be one of the pushiest and most annoying programs out there (it supplanted Real for this honor a couple of years ago after I finally managed to suppress the Real programming).

If we loop back to the beginning, there was an addon that started this inquiry. I don't know if the two problems are related, if the addon episode is something that Nero triggered.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 07 Jan 08 - 01:46 PM

1. Request to Microsoft via Support email for help with LAN setup. LAN connections lost when AT&T/Yahoo changed protocol for DSL Modem to allow all computers to use the DSL connection.

2. Email reply from Microsoft Support saying "This requires advanced help, please telephone (non-published support 'phone number provided).

3. Telephone to Microsoft Network Support ended with support agent taking remote control of my computer, disabling one and trashing setup on another, concluding that it's my AV that's the problem, and terminating the call with promise to send an email to "let me know what he changed" so I could turn them back on. (This contact was just over 4 hours online.)

4. Email from a different person than the one who screwed up my computers said "We're happy to have been able to solve all your problems, please let us know if there's anything else we can do for you in connection with this incident.

5. After about 5 hours of "guessing what the Microsoft guy had done" to get back up, contact with my AV provider and allowing the Norton agent remote access to my desktop, a change to Firewall Policy that should have fixed things didn't do anything. Norton agent found a Network setup item (legacy from dial-up connection) in Microsoft Network Wizard that got full LAN connection between three WinXP computers with 3 WinXP and 1 Vista having full sharing of DSL. (After I replicated the policy change in AV on all of the computers, and made the network setup change on the WinXP.) None of the computers can access the print server on my "primary" Laser printer, even to change the printserver setup. I can find NO WAY to get around the Vista "automatic connection" - which DOESN'T WORK - to make a LAN connection that works to or from the Vista machine.

6. Vista relocates, renames, and changes form and function of so many functions that for any "advanced settings" there is NO VISIBLE WAY to set up anything that isn't automatically configured. Vista Help files are full of "You can do ...." with NO HELP on "HOW YOU DO ..." for anything. Most of the Help files appear to have been written by the advertising staff, and give NO HELP.

Using "advanced search" methods at the Microsoft web sites also finds the same kind of useless ad-speak junk as in Help files, along with numerous links to "You may find help on our usernet blogs." A dozen "blog entries" to which searches refer me finds none that even correctly state the problem that the particular unknown/unidentified SPGWK contributor claims to have solved.

7. Email request to a "known person" at Microsoft appears to confirm that the person who didn't screw up my computers and wasn't the one who "passed the buck" (incorrectly) to Norton is apparently the one who has been assigned to "my incident."

8. Email request to "the assigned responsible person" to reopen the incident passed a full week with no reply. (Published Policy promises reply "usually within two working days.")

9. The manager at next higher level at Microsoft should have received my SECOND request to reopen the incident about three hours ago (local time somewhere in India, I believe, based on the "office hours" of the assigned person).

10. While waiting, I've found an O'Reilly handbook on Vista that I've begun to get into. In the first 30 pages, I found reasonably comprehensible descriptions of Vista including at least 8 separate items for which the O'Reilly description specifically indicates that Microsoft has LIED ABOUT Vista features or concealed known problems in their advertising. They ARE NOT as described by Microsoft. (O'Reilly quite politely pretends these items are "features.") For the couple of things I've checked, O'Reilly is correct. Those things, unfortunately, have nothing to do with my current problem.

11. If your Vista use is "trivially simple" so that automatic setup works, you may never see any particular difficulties with it. You will have a very nice alternative TV, with a lovely sound system, and a possibly more secure internet connection for simple browsing. Good luck if anything doesn't work, as Microsoft has NOT AS YET provided any useful instructions or even a believable description of which Vista version you should run.

12. On my next outing, I'll look for O'Reilly's book(s) on Office 2007, since it's even more mangled and useless than Vista (for my purposes).

13. I'm very happy that my only Vista installation is on a laptop that I don't have to use all the time and don't depend on for anything critical.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Bee
Date: 07 Jan 08 - 02:03 PM

One thing I notice, especially being on dialup, is that applications like Norton (3 months free with computer) update without indicating they are downloading, and there seems no obvious way to turn them off if I'm trying to download something more important to me. The only way i can find out what is downloading is to check the task manager to see what's running, and the only way I even know to check is if my connection is slow and/or the computer is making louder noises than usual.

The Windows updates themselves can be stopped and even refused easily.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: mattkeen
Date: 07 Jan 08 - 02:16 PM

Since using Firefox on a mac have had NO web probs at all.


Pure joy


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 07 Jan 08 - 03:32 PM

mattkeen -

Congratulations! (Low expectations do correlate quite well with acceptable success.)

[Just kidding of course.]

Bee -

With some Norton versions, you can modify the schedule to change when Norton updates are downloaded. If your version allows the setting, and you can find a time when you can be sure the computer is connected and when you're less likely to be using it, you may be able to minimize interference. With the most recent Norton suites, updates are "on demand" and with some versions (including mine) it checks hourly (if you're online) to get updates "almost instantly," and I see update notices (installed automatically) usually at least once per day and sometimes 3 or 4 in a day.

For Windows automatic updates, Start|Control Panel|Security Center lets you schedule these as well. Here I've seen changes, presumedly as part of an "update," that I don't remember(?) making. Mine are still scheduled at 03:00 am (which frequently does interfere with my browsing) but were weekly on Wednesdays and now are set to daily.

Even when (a month ago) we were on dialup, I seldom saw any real interference; but we generally have our systems running full time. If you shut down for long periods, you might get more interference due to a backload of updates needed.

You do need to keep Microsoft Critical updates current, and keep your AV program and definitions (both of which are included in Norton auto update) current, so just turning them off isn't really a good "solution." Theoretically one could "just remember to check for updates manually," but few people who don't accept automatic updates are likely to check frequently enough to keep current.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 07 Jan 08 - 04:40 PM

Geez. That's a helluva way to kill a weekend.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 10 Jan 08 - 11:52 AM

The Upshot

Last night I uninstalled Nero 8 then did a search and got rid of a couple fragmeents (including a Nero Scout exe file. It just doesn't die!)

My previous version of Nero was 6.6, and the Nero Scout came into being in Nero 7. Nero 8 loads a whole battery of programs, and when you do the custom installation (the only way I ever install any new program), there is a lot to choose from. Up until now I have had no reason to question the components from Nero, which is why I was caught unawares by the new bits of software. This time I read through each item carefully and did some research (this review in particular) and chose to completely omit the Nero Home part of the program. That's where Nero Scout lives.

When I did the previous installation I automatically selected to allow Nero registry changes when Spybot queried them. I opened Spybot and got rid of all of the Nero decisions and it will have to ask me again, at which time I will approve or deny Nero access to some features. And I got rid of almost everything it wanted to automatically run. I'll add it in as needed.

I will send this and then restart my computer. Hopefully this will be a simple process, no glitches.

    The Good

    The interface looks very good and making your way around is an easy task. You get to choose which media should be made available through Nero Home and when you add more files to the corresponding folders, the items will be automatically indexed by Nero Scout.

    The user can enable parental control and restrict the use of the application with a password. There are plenty of transition effects to choose from.

    The Bad

    It is sluggish and there is still work to be done. Burn speed cannot be adjusted and all burn options have to be made in advance from the settings menu.

    Maximizing the application window and switching to large fonts makes it look rather weird. Also, most of the backgrounds available are a bit gloomy and there are too few cheerful colors available, but that's just my personal opinion.

    The Truth

    All in all, the application deserves a chance from your part, even if it is just for testing purposes. Definitely not the best in the branch, Nero Home is sluggish on an average-powered computer and though the interface does not pose problems, there are issues in navigating back from a menu.


SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 10 Jan 08 - 12:11 PM

I rebooted and all of it was still in there, still asking to be allowed a registry change. Same three files I got rid of last time. I did another search, on "how to disable Nero Scout" and got this:

http://djlizard.net/2005/12/11/108/

    Remove Nero 7's "Nero Scout" from My Computer
    Filed Under Fixes, Software, Technical
    This does not get rid of the tray icon. This only gets rid of the icon in My Computer. You should be able to right-click on the tray icon and disable that version of scout from there.

    Click Start > Run, and type:
    regsvr32 /u "%commonprogramfiles%\Ahead\Lib\MediaLibraryNSE.dll"

    To undo (put it back) :
    regsvr32 "%commonprogramfiles%\Ahead\Lib\MediaLibraryNSE.dll"

    This will not cause any harm.

    UPDATE: A wiki page has been created, which contains multiple fun DLL registrations, including this one. Check it out and email me if you have any additions (mcooke@DjLizard.net)


My first attempt at this didn't work, it couldn't find the file in that directory. After a search I had to modify the registry line to read

regsvr32 /u "%commonprogramfiles%\Nero\Lib\MediaLibraryNSE.dll"

We shall see.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Dave'sWife
Date: 10 Jan 08 - 12:17 PM

This is fascinating reading. I'm not joking either!

I've seen problems like this in IE on PCs before and the only way to eliminate it was to purge your system and reload the operating system when the pop-ups started haunting your every move.

For a long time I was a die-hard PC lover and I thought nothing of dealing with this kind of stuff. For a time after I left the museum I was working for, I took a Job on Wall Street working for an Steamship agency in what was then called MIS - today people call that line of work IT. Anyhoo, for years and years afterwards, I would still get called from time to time by folks from that company to deal with some crazazy PC problem since I helped install all the original PCs back in 1987, I even used to volunatirly go back to help run the quarterly reports in one particularly troublesome department.

Anyway - I moved out to Los Angeles after selling a screnplay and got swallowed up by the film Industry where everyone uses Macs. I tried to resist the Mac heresy as long as possible. i even ported my own PC laptop to my various offices risking getting robbed at gunpoint in Koreatown. The guy trying to rob me asked me what model my "notebook" was and when he found out it was a PC - he let me keep it! LOL!

Then... I got married to a Mac lover and slowly, he infected me with his Mac ways. i've been using Macs exclsueively since 2004 and I don't miss the viruses, port attacks, Microsoft BS and so on.

Even so, allow me to sit on the sidlinesd and cheer Stilly on as he bravely hunts down the culprit of this evil. May he Draw & Quarter the guilty file when he finds it! You go SRS!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 10 Jan 08 - 12:42 PM

Thanks!

Yesterday I had a long talk with one of the IT librarians in the library stairwell about this (started in the parking lot, ended at the floor where he was headed, I work a floor above). He told me about a program that lets you use all of the PC software or material in the Mac, and when we discussed the comparable costs of equipment, he thought that for the speed and space and such issues, the Mac is similarly priced. It may be VISTA that finally pushes me out of the PC environment.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 10 Jan 08 - 07:43 PM

After all of that the bug seems to be gone, but I was playing with my monitor settings to answer a question over on the Dell Monitor thread and now the text in some programs is a little fuzzy. Auto reset seems to help, but not really. (Make sense of that.) I set the refresh to the upper levels on both monitors, and they're refreshing at the same rate now. Letters that have points close together and the small letters (this is a proportional font) have a sort of shadow.

Mudcat needs emoticons--I would use the little guy sitting in a school desk banging his head on the desk.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 10 Jan 08 - 08:20 PM

Stilly -

I'm running my Samsung SyncMaster 940BX at 60 Hz refresh, analog mode, and have no refresh rate problems. The monitor is certainly capable of 72 Hz, if you feel that's needed. My computer (comparatively ancient) doesn't have a graphics card suitable for digital. Lin runs her identical monitor in digital mode, but then she got the new machine (sobs, whines, and whinges may be inserted here).

I believe the "top resolution" for our monitors is 1280 x 1024, at 96 dpi, and is probably what should be used for this monitor unless there's a compelling reason for something else. Using the "older" but common 72 dpi setting could give you some fuzz(?).

If you're running dual monitors off of one graphics card, unless you have a "fairly modern" card in your computer, the higher refresh rate may be taxing the computer's internal hardware, and dropping back to 60 Hz refresh shouldn't hurt you on the SyncMaster or other flat panel monitor, if it doesn't cause a problem on the other one. You might be able to identify the card(s) you're using and find some web recommendations on this.

There are lots of good graphics cards available, but understanding what's "spec-speak" and what's reality for them is not really all that easy. What the specs say you "can do" isn't always what you should do.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 11 Jan 08 - 12:06 AM

This is an NVidia card I bought a couple of years ago. I wasn't having any trouble with this setup, though one monitor is slightly brighter than the other. I just now set them back to 60hz to see how they look--you have an excellent point about the speed of the card. I wasn't having any problems before, but I thought I wasn't using the monitors as efficiently as possible. They look okay now, so that may have been it.

I'm certainly getting a lot of mileage out of this thread! I hope it is interesting reading for whoever else stumbles across it when they're trying to solve one of these various problems we've discussed.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 11 Jan 08 - 02:30 AM

Stilly -

If you happen to have Photoshop Elements, CSx, Photoshop, or another Adobe image program, most of them have a sort of "hidden" utility that they refer to as a "monitor color calibrator" although it's actually more of a "grayscale setup." I might be helpful getting two monitors more closely matched. It's a "tweak to match" on a pattern, that creates a "color profile" for the monitor, that's then used for everything for that monitor - sort of.

It doesn't open in Elements (but might in Photoshop?), but is a separate "program" that I think gets buried in Documents and Settings\<username>\Adobe, and the name doesn't even suggest (to me) what it does.

I think I found it by looking for "Color Balance" or something similar in Elements Help, and used it recently; but don't find it with a quick look now. You might find it on your own machine before I can locate it again.

Sorry to be vague here. I thought I intended to remember exactly where it was. I may have to have another lucky accident to get more specific.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 11 Jan 08 - 03:27 AM

In my Adobe Photoshop Elements, Help, Search "color profile" brings up a list of topics including "Calibrating with Adobe Gamma." (The name isn't as strange as I remembered, just the location(?).)

With Elements, the file is located at …\Program Files\Common Files\Adobe\Calibrate\Adobe Gamma Loader.exe.

I'd expect a similar location with another Adobe graphics program.

Even an old Photoshop likely has some more sophisticated "adjusters" and Elements may have some that I haven't bothered to find, but this adjustment is pretty simple and should give a good start on matching a pair of sources (monitors), assuming that you can figure out how to set the profile used by each of the monitors separately.

I'm thinking that I remember you having a Photoshop, but that may be another one of those things I planned to remember and then didn't quite. If so, just ignore these last couple of posts.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: The Fooles Troupe
Date: 11 Jan 08 - 05:13 AM

How long since John had a holiday?.... :-P


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 11 Jan 08 - 10:58 AM

I use Photoshop. The difference in brightness is negligible, I can detect a slight less-bright beigist cast in the white background (if I pull this browser window over the line between the two the older browser on the left is slightly less bright). Probably not worth the trouble to try to match them, but something to consider tinkering with if I have to go do any other tinkering in Photoshop. This one is a few years old, but still going strong for what I need.

Hmmm. My Google spell check seems to be disabled. Gotta look into that!

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 11 Jan 08 - 02:47 PM

Don't Upgrade to Vista story (PC World)

Don't Upgrade to Vista, UK Gov't Agency Tells Schools
The cost of upgrading Britain's schools to Vista would be $350 million, two-thirds of which go to deployment costs, testing and hardware upgrades.

British schools should not upgrade to Microsoft's Vista operating system and Office 2007 productivity suite, the British Educational Communications and Technology Agency (BECTA) said in a report on the software. It also supported use of the international standard ODF (Open Document Format) for storing files.

Schools might consider using Vista if rolling out all-new infrastructure, but should not introduce it piecemeal alongside other versions of Windows, or upgrade older machines, said the agency, which is responsible for advising British schools and colleges on their IT use.

[snip]


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 11 Jan 08 - 03:16 PM

Gee, Stilly, I thought I'd already told everybody about that.

The real cost of converting (not necessarily an upgrade) isn't mentioned, but is in the re-training required at both IT and individual user levels. ALL menus are arbitrarily relocated and renamed (illogically IMO). Functions used in common tasks are split so that you have to drill down in multiple menues where a single toolbar did it all in older versions. Networking is completely restructured with now barriers and requirements that require "learning an entirely new language" to make even simple things work. Microsoft support for the actual requirements to run the system and applications is non-existent, replaced by a lot of gushy advertisements (at Microsoft support) that give no information.

Getting "control" of Vista and the new Office is akin to emigrating to the new nation of "Vistaville" where the new applicant for citizenship must learn VSL ("Vista-speak" as a Second Language) before joining the new culture. The blogs are already populated with "illegal immigrants" offering opinions on their "new society" with NO UNDERSTANDING of it's culture and traditions (partly since it doesn't have any).

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 11 Jan 08 - 05:32 PM

That article link was posted simply to emphasize what we've been saying, and to illustrate that resistance has been codified by governmental entities.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 11 Jan 08 - 06:29 PM

My favourite part of the article was:

It called on schools to make teachers, parents and pupils more aware of free alternatives to Microsoft's products, and asked the IT industry to facilitate their use.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 15 Jan 08 - 11:23 PM

I'm b-a-c-k . . .

I've uninstalled and reinstalled Nero 8 a couple of times since my last post. There is a cleanup tool that makes a difference, according to some reports, and a careful excision of the stuff that wants to load along with the burning software is a must.

There's a file in there called InCD that I'd forgotten about--an annoying program that is set to NOT install unless you uncheck it. I unchecked it to see what it was, and immediately regretted it. Darn thing inserts itself into the startup of the machine. I uninstalled and redid my installation and it looks much better. I kicked out five or six of the programs that Nero wants to install and went behind it and got rid of a "PreFetch" file and used the trick I listed above (RUN -> regsvr32 /u "%commonprogramfiles%\Nero\Lib\MediaLibraryNSE.dll") and did a new one of my own (RUN -> regsvr32 /u "%commonprogramfiles%\Nero\Lib\NMIndexStoreSvrPS.dll") to get rid of the Scout remnants.

Life goes on, and we shall see if the computer can live with this newest annoying Nero.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 15 Jan 08 - 11:47 PM

What's nero btw ;-) I'm a fan of k3b


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 15 Jan 08 - 11:55 PM

Nero up until now has been a powerful, pretty darned good program. But they went a bit bonkers with Nero 7 and added all of this NeroHome shit. They're trying to compete for control of the TV, the Media Center software, the CD player, and the computer. Probably some other stuff I don't own or haven't thought of. There is a program in there for downsizing movies to watch on your little MP3 thingie or your phone or whatever. I get Nero because it is good burning software, pretty easy to use, and has some good software for transferring files from cassettes and records and such and editing out noise, pops, hiss, what have you.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 16 Jan 08 - 12:01 AM

OK, it's "grown" since I last used it (although I think "Nero Essentials" came with my newish laptop and I did install it on the Vista partition"). I've only used it for dvd/cd burning and yes, I did like it for that. I do like the above Linux program for those tasks too - again, it's really easy.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 16 Jan 08 - 12:11 AM

Actually, I do tell a lie there, I've some memory of using a nero program to record and make an mp3. I'd use Audacity (with lame installed on Linux) for that now.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: GUEST,Jon
Date: 16 Jan 08 - 12:21 AM

(lame)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Nickhere
Date: 02 Feb 09 - 07:34 PM

Stillyriversage,it may just be that your firewall is set to a very high level of protection and treats all sites as suspicious. It may be some kind of phising scam. These links may be of interest to you.

Macs & viruses

Mac security


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Andrez
Date: 02 Feb 09 - 08:03 PM

No SRS take a look at the second post i.e. mine. It is I think an appropriate response to the initial off topic post...... assuming you have any sense of humour left with your continuing Win/Nero saga :-)

Cheers,

Andrez


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 02 Feb 09 - 11:18 PM

Andrez, I did look at it, and thought your reply was perfect! I said something here in case a Mudelf was watching and might want to see if this newcomer was going to open more elderly threads with this particular non-sequitur request.

Nickhere, I solved the problem a long time back. I'd have to go back and read the thread to see what I did, but I usually do report back because if someone else stumbles upon this thread to solve a problem, it's nice to find the solution in place.

Besides, that little problem was NOTHING like the mess I had on my hands on Dec. 26, 2008 when I uninstalled the Cisco VPN proxy server I had installed on my home computer so I could access secure servers at the university where I work. I was trying to get some hardware to stabilize after putting in a new Internet provider. Instead of fixing things, when Cisco left it gutted my operating system and my setup still isn't all put back in place after reinstalling the OS. I took my time, put in a new larger hard drive since I was going to have to reinstall everything anyway, and I think I have a better setup now. Except that one monitor (I use two) isn't working quite right and I think it is the video card. . .

Thanks for offering a suggestion, though! Someone will come along and see that and it will be exactly what they needed. For a music site, Mudcat offers great computer and technology advice. :)

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Andrez
Date: 03 Feb 09 - 05:55 AM

No worries SRS.

Just out of curiousity though why on earth didnt you have an image of your PC handy to save having to reinstall and reconfigure after uninstalling the CiSCO VPN?

This is now standard practice for either working on my own or family PC's or staff laptops given that these glitches seem so common in the Microsoft environment as documented in the saga above as well as other Tech threads?

Still as we all know sh*t happens

:-)

Cheers,

Andrez


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: JohnInKansas
Date: 03 Feb 09 - 06:22 AM

Andrez -

Not to speak for Stilly, but I suspect the Cisco (the thing she needed to get rid of) quite probably had been on her machine long enough that it probably would also have been on any useful image she had.

An image that isn't updated fairly frequently - and hasn't been re-imaged recently - isn't really much better than a clean reinstall, assuming data is backed up, since an old image won't have any of the program updates that have come along since it was made - or changes the user may have made.

I'm a little surprised that the Cisco thing didn't exit gracefully, since their stuff has a pretty good reputation; but gremlins are everywhere. ...

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 03 Feb 09 - 11:21 AM

John is correct, the Cisco had been in there for a long while, and I found that I couldn't use Ghost to put things back in place. I did have a backup of earlier files, but sometimes when you have a catastrophic crash you lose stuff. I'd backed-up more recent data on separate CDs and DVDs, so I was doing okay that way, but it is a real process to put back the many programs and settings I had in place. The hardest thing was getting through the previous permissions layer to dredge up my most recent work that had been parked on my computer desktop.

I have multiple external drives for incremental back-ups (this was an accretion of equipment, it wasn't part of the original plan to have more than one of these, but there are three now). To get back to the original topic of a possible virus or trojan, I have set this new configuration with programs on the C: drive but *most* of my data written to a different letter drive on the same hard drive to help keep it away from any possible viruses, etc. Some programs just don't do well with their data in a separate place, email being a conspicuous one. I have to back it up every so often to keep those old messages. I set up my last computer this way, and it worked well (until the burglary, that is, and all my data went out the door and disappeared into the trunk of a behemoth Cadillac. They never caught the guys despite a neighbor getting the license plate.)

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Andrez
Date: 03 Feb 09 - 08:55 PM

You were right John.

Cheers,

andrez


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Jan 2008 - Bogus applet virus or trojan?
From: Acme
Date: 03 Feb 09 - 10:12 PM

Nickhere, those were Mac links. I drive a PC around here. But Amos might find those links interesting if he swings by the thread. :)

SRS


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 24 June 9:58 AM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.