sounds like a virus to me... _____ Brian Claus, A+, Network+, MCP Network Administrator WESCO Distribution, Inc. Commerce Court Suite 700 4 Station Square Pittsburgh, PA 15219 Phone: 412-454-2412 Fax: 412-454-2540 bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx> _____ -----Original Message----- From: Ziots, Edward [mailto:EZiots@xxxxxxxxxxxx] Sent: Friday, November 22, 2002 10:53 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: OT: Preventing script from launching IEXPLORE Get Ad-Aware and Pest Patrol and scan the machine. Remove all you find. Also, look for hooks in the HKLM\Software\Microsoft\Windows\Run (Runonce) and Runonceex keys for possible offending applications. Also, these types of scripts also put hooks into IE DLL or replace/update them. You can probably see what registry key Iexplore.exe is looking at to run stuff using regmon 4.36 and filtering for iexplore.exe only. HTH, Ed -----Original Message----- From: Vince Tan [mailto:VinceT@xxxxxxxxxxxx] Sent: Friday, November 22, 2002 9:59 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] OT: Preventing script from launching IEXPLORE Hi everyone. I am wondering if anyone experienced this before: The W2K workstation launches internet explorer by itself and it is pointed at a porn site. This happens while the person is not using IE at all. IE was close and the only thing open that time is Outlook. Seems like a script that launches it is hidden somewhere and I was wondering if anyone knows how to clear that. Thanks for all your help Vince *********************************************** This Weeks Sponsor: Wyse Technologies Get a free whitepaper on how to secure your corporate data from Wyse. Click Below. http://thethin.net/wyse.cfm *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm *********************************************** This Weeks Sponsor: Wyse Technologies Get a free whitepaper on how to secure your corporate data from Wyse. Click Below. http://thethin.net/wyse.cfm *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm The information contained in and transferred with this electronic message is intended only for the recipient(s) designated above, it is protected by law and it may contain information which is privileged and confidential. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, copying or use of this message is unauthorized and strictly prohibited. If you have received this message in error, please notify WESCO Distribution, Inc. immediately at 412-454-4800. Thank you. *********************************************** This Weeks Sponsor: Wyse Technologies Get a free whitepaper on how to secure your corporate data from Wyse. Click Below. http://thethin.net/wyse.cfm *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm