I seem to have a rogue e-mail clogging up my system completely. I use Mailwasher Pro 4.0, which says it is downloading 0 of (currently) 13 - and there it sits. Normally it would download all in 10 seconds or so. I gave up waiting after some 30 minutes.
Meanwhile I cannot get into my Outlook Express at all, even after quitting Mailwasher and trying to go in direct.
McAfee VirusScan on line, Ad-Aware and Spybot are all happy with my system, though Ad-Aware did log a possible Browser Hijack attack some days ago. That was foiled by Browser Hijack Blaster.
Can anyone help me re-establish contact with the outside world? I am using XP Home, and have not installed anything or changed any settings. Thank you in advance.
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
Ask you a question before deciding what to do Is your homepage still the same as usual? or has it been replaced by a strange website? If so copy the sitename onto here. It could be indirectly responsible for your problem
Posts: 14859 | Location: 6 miles west of Wigan UK | Registered: 06-05-02
It was replaced by a page whose title included Microsoft. That's all I can tell you.
Browser Hijack Blaster warned me of the foiled attack some days ago, and told me my homepage had been changed and did I want to undo the change? I said yes, I did, so it reverted to "about: blank", my normal homepage.
Today, when I had the problem, I quit everything and ran VirusScan, Spybot and Ad-Aware. The first two came up with nothing, but Ad-Aware had a few usual things, and the one apparent browser attack. It again warned me that my homepage had been changed (to the same, as far as I can remember) and did I want to undo the change? Again I said yes, change back.
Whatever you are thinking, it seems you are on the right track.
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
download and run this program it is good on getting rid of Homepage Hijackers http://www.majorgeeks.com/download4086.html Click on the flags to start the download (only takes a short time!) Just hit the "Fix"button to start the program.It will inform you if there are any "Trojans" inside and will delete them All you have to do is make a new Homepage in IE if anything is found
Posts: 14859 | Location: 6 miles west of Wigan UK | Registered: 06-05-02
Right, I've done that and run "Fix". It says my system was completely clean, and the homepage did not change
I still have the e-mail problem though. I don't know if it is relevant, but I have installed and run Belarc as in your other post, and there's no mention of Outlook Express.
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
I seem to have cured it now, Bedstor, by doing a System Restore to a point a week ago. Downloaded (and immediately deleted) 37 e-mails without problem into Mailwasher. All standard spam.
All I've had to do is re-install Belarc.
Thank you very much for your help and the Majorgeeks thing.
Outlook Express still doesn't show on the Belarc list! For what it's worth, it's 6.00.2800.1123.
Score one for XP's System Restore!
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
Pleased at that Ewood Quite a few things do these "Hang Ups" My Recycle bin does it without warning same applies to Uninstalls there are bits left which go eventually. Have got some XXX file being reported for a few weeks but I cannot find it But the important thing is It is not interfering with other programs ,The moment it does then I'll deal with it. There is a deep setting on XP that autoupdates the System Restore on that means no more finding the Update now button The route is this way (to check and alter?) Control Panel> Administrative Tools>Services longish menu list click on the "Extended" tab underneath the list then click on any item Once to Highlight the line then press "S" the list will show those items beginning with "S" you want "System Restore Service" Now if it says this on the line under the columns labelled "Status" >Started and "Startup Type"> Automatic you need take no action If it says Stopped or anything else then Right click the line. select Properties from the Menu select "Start" on the Service Status section (if it is running all that is available is the "Stop" button) as regards the other line change the menu label to Automatic(on Drop-down list) then press the Apply and Ok buttons to save and exit
This message has been edited. Last edited by: bedstor,
Posts: 14859 | Location: 6 miles west of Wigan UK | Registered: 06-05-02
Bedstor, you are this year's blue-eyed wonder. I read all your posts no matter what they are about because I always learn something from you. Bless your little pea-pickin' heart!
Catty
Posts: 3826 | Location: Olympia, WA, USA | Registered: 06-04-02
Thank you again, bedstor. It was in fact running on automatic.
This is what my Ad-Aware quarantine log has to say:
POSSIBLE BROWSER HIJACK ATTEMPT ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ obj[0]=RegData : Software\Microsoft\Internet Explorer\Main
If that really is a rogue file that has caused my problem it's a bit naughty for someone to use Microsoft and IE in their file name - unless it did actually originate at Microsoft. One tends to trust stuff coming from there. I do anyway, since I don't know any better!
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
I had a look around the Lavasoft.com and Annoyances.org Forums came up with nothing there are others also asking about this (all recent ) so it must be a new strain of worm? The experts on those forums have said the same things as what You have been doing so far and they are baffled too I saw this tagged on to a reply with some more things to do no more than about 5 minutes work?
quote:GO into Internet Options - General tab. Delete temporary internet files, and choose to delete all Offline Also, under General tab - choose Settings - View Objects. In the window that opens, choose View Details on the toolbar. If any of those ActiveX Controls are marked "unknown" or "damaged", remove them. Plus, remove any that you don't recognize. Any and all ActiveX Controls, can be safely removed. They'll be downloaded again as needed. To uninstall, right click and Remove
Important, if your system's infected: Disable system restore to clear out previous restore points Then RE-enable it, if you choose, AFTER your system is cleaned up. I suggest using SpywareBlaster for prevention. Be sure to check for and download updates after installing it, and frequently thereafter. There's also SpywareGuard, if you want to use both. http://www.javacoolsoftware.com/spywareblaster.html
This is the ActivX program area as acces by the Objects button in Internet Explorer options This holds the control settings for how things are displayed in Web pages and can be damaged they are removable but.. I'm not sure if they are restored by a new item? Need more advice on this Pasting this in the Start >Run box will take you directly to the same area C:\WINDOWS\Downloaded Program Files
Posts: 14859 | Location: 6 miles west of Wigan UK | Registered: 06-05-02
Wow, you have gone to a lot of trouble over this, bedstor - and burned some midnight oil with a vengeance. Thank you very much.
I did have some damaged and unknown files, which have now been removed, and have installed SpywareBlaster, so fingers crossed that we have subdued this tenacious blighter.
I have to admit that I'm relieved in a way that this is an infestation of some kind, and not the result of my cackhandedness!
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
You are welcome Tip: Keep Spywareblaster updated (once per month) and You can visit lots of places without fear of picking up any unwanted "gifts" Have got the setup posted somewhere on AP for the old version (Think it was for Catty?) Here is the link.New version works in a similar manner but has been simplified in the control links The important thing to do 1st is take a "System Snapshot" this acts like the system restore point You can rewind the settings back if problems arise? (though I have never done this(it is a strong program ))
Posts: 14859 | Location: 6 miles west of Wigan UK | Registered: 06-05-02
Would you believe it? My firewall (Agnitum Outpost) has just reported another attack, an apparently similar port scan from a different IP address. So far, touch wood, I don't seem to have any ill effects from it this time - yet!
Posts: 744 | Location: Surrey, England | Registered: 06-03-02
The firewall and Spywareblaster should keep things at bay .In fact,what you are seeing is what happens when an attack gets bounced by a popup stopper I'm on Aol and have an IMstopper a Popupstopper plus Spywareblaster all running together if either the Popup or IM stoppers record a Hit then I get a soundalert plus a recorded alert which I can check to delete or override Thats roughly the same as what the Firewall is doing except it interpret certain things as threat and filters others through,Like my Parental Controls and Internet Explorer settings If fact If I wanted I can let Spam and Popups flood my computer or isolate myself from everything On a scale of 0 to 10 in letting things in currently I'm about a 4 though when I started browsing(5 years ago) I think I got up to 8! Downloading tons of iffy programs...also using Gator as a download manager(A prime spyware source ) I've made bad decisions having some programs resident on my computer and they have caused Chaos but I have dragged myself back to having my computer running at 90%+ of new When I was running WIN 98SE I was running at 75% best and 50% or below and battling to adjust settings daily when online(this was before I discovered Answerpoint & Answerpool )where I found some good advice
Posts: 14859 | Location: 6 miles west of Wigan UK | Registered: 06-05-02
But the important thing is It is not interfering with other programs ,The moment it does then I'll deal with it.
at your perception 
or isolate myself from everything 