|
Controlling IE Addons
Part:
1
2
3
4
(Continued from previous part...)
jusched.exe - SunJavaUpdateSched
Symptom: Unknown.
HijackThis Report: In the report, I saw:
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Quick Research: Searching on the Web told me that jusched.exe is a process from Sun
that is running all the time to checking Java updates from Sun.
What I Did:
1. Went to Control Panel > Java Plug-in.
2. Went to the Update tab, unchecked "Check for Updates Automatically" and clicked "Apply"
3. Went to the Basic tab, checked "Do not start consol" and clicked "Apply"
Result: jusched.exe is not running any more.
winfixer
Symptom: Once a while, an IE pop up window shows up with http://202.67.220.233 in the address field.
This pop up window contains a false warning message and advertisements for "WinAntiVirusPro 2006,
WinAntiSpyware 2006, and WinFixer 2006". The warning message said:
Attention! Security Center has detected spyware on your PC sending
private information and documents to remote computer. One of processes
(Win32res.exe) has just sent this information:
IP address: 66.19.202.184
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; ....
Computer OS: Windows XP
Full PC control: Gained
Sent Information: approximately 17 Megabytes
Sometime later, another IE window pops up with "http:www.winfixer.com/..." in the address field.
The pop up window also contains a false warning message:
This site might require the following ActiveX control:
'WinFixer2006FreeInstall.cab' from 'WinSoftware Corporation, Inc.'.
Click here to install...
Warning: Your computer may have critical errors in registry and
file system! These errors can lead to computer crashes, instability,
slowness, and full system failure.
Immediate repair may be required.
To scan your computer for errors click the "Next" button below.
HijackThis Report: In the report, I could not find anything specifically related to winfixer.
My guess is that the pop up is generated by one of the following IE addons:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD}
- C:\WINDOWS\system32\vtsts.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872}
- C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Quick Research: I found some reports about winfixer 2006 on the Web. But nothing can help
me to identify the bad IE addon.
What I Did:
1. Looked at IE > Internet Options > Programs > Manage Addon, and disabled:
AcroIEHlprObj Class
Adobe Acrobat Control for ActiveX
ATLDistrib Object
AUTIO__X_MS_WMA Moniker Class
DHTML Edit Control Safe for Scripting for IE5
DriverLetterAccess
HTML Document
InstallShield Update Service Agent
Java Plug-in 1.4.2_03
Java Plug-in 1.4.2_03
MetaStreamCtl Class
Real.com
SearchAssistantOC
Shockwave Flash Object
Sun Java Console
VIDEO__X_MS_WMV Moniker Class
Windows Media Player
Windows Media Player
Windows Messenger
XML Document
(Continued on next part...)
Part:
1
2
3
4
| 