[THIN] Re: OT: Preventing script from launching IEXPLORE

• From: "Claus, Brian" <BClaus@xxxxxxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Fri, 22 Nov 2002 14:05:01 -0500

sounds like a virus to me...

 

  _____  

 
Brian Claus, A+, Network+, MCP
Network Administrator
WESCO Distribution, Inc.
Commerce Court Suite 700
4 Station Square
Pittsburgh, PA 15219
Phone:  412-454-2412
Fax:  412-454-2540
bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>      
  _____  



-----Original Message-----
From: Ziots, Edward [mailto:EZiots@xxxxxxxxxxxx]
Sent: Friday, November 22, 2002 10:53 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: OT: Preventing script from launching IEXPLORE



Get Ad-Aware and Pest Patrol and scan the machine. Remove all you find. 

Also, look for hooks in the HKLM\Software\Microsoft\Windows\Run (Runonce)
and Runonceex keys for possible offending applications. 

Also, these types of scripts also put hooks into IE DLL or replace/update
them. You can probably see what registry key Iexplore.exe is looking at to
run stuff using regmon 4.36 and filtering for iexplore.exe only. 

HTH, 
Ed

-----Original Message-----
From: Vince Tan [mailto:VinceT@xxxxxxxxxxxx]
Sent: Friday, November 22, 2002 9:59 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] OT: Preventing script from launching IEXPLORE



Hi everyone.  I am wondering if anyone experienced this before:  

The W2K workstation launches internet explorer by itself and it is pointed
at a porn site.  This happens while the person is not using IE at all.  IE
was close and the only thing open that time is Outlook.  Seems like a script
that launches it is hidden somewhere and I was wondering if anyone knows how
to clear that.  

Thanks for all your help

Vince


*********************************************** 
This Weeks Sponsor: Wyse Technologies
Get a free whitepaper on how to secure
your corporate data from Wyse. Click Below. 
http://thethin.net/wyse.cfm 
*********************************************** 
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
*********************************************** 
This Weeks Sponsor: Wyse Technologies
Get a free whitepaper on how to secure
your corporate data from Wyse. Click Below. 
http://thethin.net/wyse.cfm 
*********************************************** 
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm


The information contained in and transferred with this electronic message is
intended only for the recipient(s) designated above, it is protected by law
and it may contain information which is privileged and confidential.  If you
are not the intended recipient, you are hereby notified that any review,
dissemination, distribution, copying or use of this message is unauthorized
and strictly prohibited.  If you have received this message in error, please
notify WESCO Distribution, Inc. immediately at 412-454-4800.  Thank you.
*********************************************** 
This Weeks Sponsor: Wyse Technologies
Get a free whitepaper on how to secure
your corporate data from Wyse. Click Below. 
http://thethin.net/wyse.cfm 
*********************************************** 
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] OT: Preventing script from launching IEXPLORE
• » [THIN] Re: OT: Preventing script from launching IEXPLORE
• » [THIN] Re: OT: Preventing script from launching IEXPLORE
• » [THIN] Re: OT: Preventing script from launching IEXPLORE
• » [THIN] Re: OT: Preventing script from launching IEXPLORE
• » [THIN] Re: OT: Preventing script from launching IEXPLORE
• » [THIN] Re: OT: Preventing script from launching IEXPLORE

1. Home
2. thin
3. Archive
4. 11-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---