Member Avatar for ere8

This is what I got back from Jotti. Here you go!

Service
Service load:
0% 100%
File: wininet.dll
Status:
OK
MD5: 6626545292428ae1ed5b4237404b346a
Packers detected:
-
Bit9 reports: No threat detected, but known vulnerabilities exist (more info)
Scanner results
Scan taken on 08 Mar 2008 03:24:59 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Member Avatar for MoralTerror

Hi ere

Logs look fine, let's troubleshoot those updates.

Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager... and click Save list. Save it to HijackThis directory and post the entire contents of uninstall_list.txt here.

Member Avatar for ere8

Here you go:

3ivx MPEG-4 5.0 Decoder (remove only)
Access ThinkPad
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
ALOT eMusic Toolbar
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
Burn4Free CD and DVD
Burn4Free Toolbar
ccCommon
DVDExpress
eMusic Download Manager 3.0
Finale NotePad 2006
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
IBM Access Connections
IBM RecordNow
IBM ThinkPad Access Support
IBM ThinkPad Power Management Driver
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
Icons
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) PRO Ethernet Adapter and Software
Internet Worm Protection
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 3
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lucent Technologies Soft Modem AMR
Macromedia Flash Player 8
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.12)
MSN Music Assistant
My Web Search (My Fun Cards)
Napster
Napster Burn Engine
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NoteBurner 2.11
OLYMPUS Master
OpenOffice.org 2.0
QuickTime
S3Display
S3Gamma2
S3Info2
SPBBC
SuperSavage and Utilities
Symantec
ThinkPad Configuration
ThinkPad Software Installer
Uninstall PC-Doctor
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB888162
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Service Pack 2

Member Avatar for MoralTerror

Hi ere

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      Applications and Applets
      Trace and Log Files

  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

----------------------------

From Control Panel > Add/Remove Progams uninstall the following

ALOT eMusic Toolbar
My Web Search (My Fun Cards)
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Service Pack 2

Reboot the PC for changes to take effect then visit Windows Update and try updating to SP1a again. Let us know how that goes.

Member Avatar for ere8

Hello!

I did everything you laid out in your last post, and all seemed to go relatively smoothly. I did get the following error message when I tried to uninstall My Web Search (My Fun Cards), so I was unable to install it:

Error Loading C:\PROGRA~\MYWEBS~1\bar\1.bin\mwsbar.dll
The specified module could not be found.


Also, when I first restarted the computer after installing SP1a I got an error message concerning Norton Antivirus, that said something to the effect of "this program isn't working and your computer is unprotected, restart your computer now". (I restarted, and didn't get the error message again. Presumably it's fine now?)

Those were the only two hiccups.

Thanks again, and I'll await further instructions!

- ERE

PS - Perhaps it's worth noting that IE is still non-functional. (But I'm learning to love Firefox.)

Member Avatar for MoralTerror

Hi Ere

Firefox is a good browser. Most exploits are crafted to take advantage of an IE weakness so it's a good idea to use Firefox for your normal browsing and IE only when required.

Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager, highlight MyWebSearch and click delete

Install IE Tab for Firefox.

Go to Kaspersky Online Scanner. Right-click anywhere on that page and select View in IE Tab and perform a scan.

Answer Yes, when prompted to install an ActiveX component.

  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

Post the Kaspersky report along with a new HijackThis log

Member Avatar for ere8

I got the following error message when I tried to install IE Tab:

IE Tab 1.5.20080310 could not be installed because it is not compatible with Firefox 2.0.0.12. (IE Tab 1.5.20080310 will only work with Firefox version from 3.0b3 to 3.0b5pre)

I found Firefox 3.0b4 online - should I go ahead and download that version and then try to install IE Tab?

Thanks!

Member Avatar for ere8

I downloaded IE Tab, but I'm running into a problem with the Kaspersky online scanner. When I click on the link you included in your previous post, it takes me right to the license agreement. When I try to click "agree", nothing happens. I've tried it over and over, but I can't get past the license agreement. I also tried googling "Kaspersky Online Scanner", and the google result takes me to the same page with the license agreement. (I can't right click on the license agreement page, so I can't open that page in IE Tab.)

Member Avatar for ere8

My apologies. I don't know why nothing has been going right the last two days. I went to that page, right clicked and chose "Open in IE Tab". It didn't work. This is the page that I got:

Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline.

For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index.

Internet Explorer


I tried re-installing IE Tab, and it still didn't work.

Am I doing something wrong?

- Rachel

Member Avatar for MoralTerror

No sounds as though Kaspersky site may have been busy or experiencing problems. If it still won't work try the following scan instead. You will still need to use IE Tab.

  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start

    The scanner engine will initialise and update

  • Do Not tick the box Remove found threats
  • Click the Scan button

    The scan will now run, please be patient

  • When the scan finishes click the Details tab
  • Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.
Member Avatar for ere8

IE Tab didn't work for that scanner either, so I tried it on about 10 different web pages. It didn't work, so unfortunately the problem seems to be IE Tab.

Member Avatar for MoralTerror

Hi ere

From Control Panel > Add/Remove Programs click on Add/Remove Windows Components. From the Windows Components Wizard uncheck Internet Explorer then click next to remove Internet Explorer. Repeat the process and put a check next to Internet Explorer to re-install.

In both Internet Explorer and Firefox ensure 'Work Offline' is unticked from the File menu. Try scanning again with either Internet Explorer or IE-Tab and let us know how that goes.

I'm hesitant to go for the Service Pack 2 update until I have seen results of an online scan. If you still have problems this time I will need to call on some help from others but I will be offline this weekend. Perhaps if Phil is still watching the thread he may have a few more ideas.

Member Avatar for PhilliePhan

Perhaps if Phil is still watching the thread he may have a few more ideas.

Hi Rachel, MT:

I am pretty much on the same page with what you have been doing which is why I've stayed out of the way ;)

-- I think Trend Micro's HouseCall is Firefox friendly....

http://housecall.trendmicro.com/

You could try that.

Also, do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

  • DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by Clicking Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Please post logs from those two scans - They ought to give a pretty good idea if malware is residing on your compy and whether it is safe to install further updates/patches....

I imagine that once SP2 and any other Hotfixes are installed, IE7 will operate properly . . . Though I still prefer Firefox.

I'll butt out again.

Best Luck :)
PP

Member Avatar for ere8

An update:

Sorry it's been so long since I've updated. I tried MT's last batch of IE fixes, and that didn't work to restore IE or get IE tab to function. So I moved on to PP's suggestion of Trendmicro. Unfortunately, I've run into some road blocks with that. I tried to run it four nights in a row, but the scan was always interrupted somehow (or had trouble starting). Last night I finally got the scan to work, but I didn't have time to check it before I went to bed, or in the morning before work. When I got home from work tonight, my wireless connection had gone dead (it sometimes times out if I've been idle for too long and I have to restart my computer to get it back up and running - I don't know why this happens) and I couldn't complete the malware deletion step.

Here's my conclusion...I need to run the scan and do all the deletions/fixes etc. in one sitting. Unfortunately I have to get up for work at 3:30 in the morning, so I rarely have more than an hour or two after work before I have to be in bed. I will have more time tomorrow evening because I go into work late on Fridays, so I will attempt it again then. Wish me luck.

In the meantime, when I ran Trendmicro, I couldn't find a way to save a log of what it found. Is there a way to do that so I can post it here for you?

Member Avatar for ere8

I finally managed to complete the trend micro scan, but was still unable to find a way to create a log of the scan results. I just copied and pasted the list of vulnerabilities that the scan found in its entirety - I hope it actually makes sense you two...

I'm going to run the other scan that PP advised now, and I will post those results when it's done.

Thanks!

--------------------------------------------------------------------------

Detected vulnerabilities

Unchecked Buffer In Windows Component Could Cause Server Compromise

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in N...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT 4.0
Microsoft Windows NT 4.0
Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Malware exploiting this vulnerability: AGOBOT FAMILY, BKDR_RBOT.B, BKDR_SDBOT.CC, TROJ_KAHT.A, TROJ_ROLARK.A, TROJ_WCOT.A, WORM_GAOBOT.AC, WORM_KIBUV.B, WORM_MUMU.C, WORM_NACHI.A, WORM_NACHI.B, WORM_NACHI.C, WORM_NACHI.D, WORM_NACHI.F, WORM_NACHI.G, WORM_NACHI.I, WORM_NACHI.K, WORM_RBOT.AA, WORM_RBOT.AB, WORM_RBOT.AE, WORM_RBOT.AF, WORM_RBOT.AJ, WORM_RBOT.BZ, WORM_RBOT.CC, WORM_RBOT.EM, WORM_RBOT.R, WORM_RBOT.TW, WORM_RBOT.W, WORM_RBOT.WU, WORM_RBOT.ZA, WORM_SDBOT.BV, WORM_SDBOT.CC, WORM_SDBOT.DZ, WORM_SDBOT.FB, WORM_SDBOT.FC, WORM_SDBOT.FD, WORM_SDBOT.FE, WORM_SDBOT.FQ, WORM_SDBOT.G, WORM_SDBOT.GO, WORM_SDBOT.IG, WORM_SDBOT.IY, WORM_SDBOT.JG, WORM_SDBOT.JS, WORM_SDBOT.JT, WORM_SDBOT.JY, WORM_SDBOT.K, WORM_SDBOT.KY, WORM_SDBOT.M, WORM_SDBOT.MD, WORM_SDBOT.MG, WORM_SDBOT.MH, WORM_SDBOT.PF, WORM_SDBOT.WY, WORM_SDBOT.ZY, WORM_SPYBOT.AP, WORM_SPYBOT.CG, WORM_SPYBOTER.CY, WORM_SPYBOTER.CZ
This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in NTDLL.DLL on Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP.
More information about this vulnerability and its elimination.

Cumulative Patch for Outlook Express (330994)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer.
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Outlook Express 5.5
Microsoft Outlook Express 6.0
Malware exploiting this vulnerability: BKDR_LORRAC.A, JS_CBASE.EXP1, JS_SEFEX.A, WORM_BUGBEAR.C, WORM_CASPID.A, WORM_CASPID.B, WORM_DARBY.C, WORM_DARBY.D, WORM_LORAC.A, WORM_MIMAIL.A, WORM_MIMAIL.D
This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer.
More information about this vulnerability and its elimination.

Unchecked Buffer in DirectX Could Enable System Compromise

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer ove...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft DirectX 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.1 on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.0
8.0a
8.1
8.1a
and 8.1b when installed on Windows 98
Windows 98 SE
Windows Millennium Edition or Windows 2000
Microsoft DirectX 8.1 on Windows XP or Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98
Windows 98 SE
Windows Millennium Edition (Windows Me)
Windows 2000
Windows XP
or Windows Server 2003
Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed
Microsoft Windows NT 4.0
Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed
Malware exploiting this vulnerability: unknown
This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL).
More information about this vulnerability and its elimination.

Cumulative Patch for Internet Explorer (828750)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, ...
More information about this vulnerability and its elimination.
Affected programs and services: Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Malware exploiting this vulnerability: BKDR_LIDUAN.A, HTML_ALPHX.A, HTML_ALPHX.C, HTML_ALPHX.E, HTML_BAGLE.Q-1, HTML_DELPLAYER.A, HTML_IWILL.D, HTML_LEGENDMIR.I, HTML_MINIT.A, HTML_OBJECTTAG.A, HTML_SNAPPER.A, PE_BAGLE.Q, PE_BAGLE.R, PE_BAGLE.S, PE_BAGLE.T, TROJ_MINIT.A, TROJ_QHOSTS.A, VBS_DELUD.A, VBS_SHOWPOP.A, WORM_ALPHX.A, WORM_NETSKY.V, WORM_SNAPPER.A
These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system.
More information about this vulnerability and its elimination.

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through S...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Terminal Server Edition
Service Pack 6
Microsoft Windows 2000
Service Pack 2
Microsoft Windows 2000
Service Pack 3
Service Pack 4
Microsoft Windows XP Gold
Service Pack 1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-bit Edition
Malware exploiting this vulnerability: unknown
This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory.
More information about this vulnerability and its elimination.

Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service f...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Terminal Server Edition
Service Pack 6
Microsoft Windows 2000
Service Pack 2
Service Pack 3
Service Pack 4
Microsoft Windows XP Gold
Service Pack 1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-bit Edition
Malware exploiting this vulnerability: WORM_KIBUV.B
This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service for Windows NT through Server 2003.
More information about this vulnerability and its elimination.

Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox contro...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Gold
Service Pack 1
Microsoft Windows XP 64 bit Edition
Microsoft Windows XP 64 bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64 bit Edition
Malware exploiting this vulnerability: unknown
This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (832894)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
Microsoft Windows 2000 Service Pack 2
Service Pack 3
Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003
64-Bit Edition
Internet Explorer 6 Service Pack 1
Internet Explorer 6 Service Pack 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
Internet Explorer 6
Internet Explorer 5.5 Service Pack 2
Internet Explorer 5.01 Service Pack 4
Internet Explorer 5.01 Service Pack 3
Internet Explorer 5.01 Service Pack 2
Malware exploiting this vulnerability: HTML_BAYFRAUD.B, HTML_GOLDFRAUD.A, HTML_PACHFRAUD.A, HTML_PAYPFRAUD.A, HTML_PAYPFRAUD.B, HTML_SWENFRAUD.A, HTML_VISAFRAUD.A, TROJ_STRTPAGE.FI
This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the user’s system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attacker’s choice.
More information about this vulnerability and its elimination.

Cumulative Security Update for Outlook Express (837009)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT® Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Outlook Express 5.5 SP2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 SP1
Microsoft Outlook Express 6 SP1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Malware exploiting this vulnerability: BKDR_ZGOO.A, HTML_JACKLER.A, HTML_MHTREDIR.B, HTML_MHTREDIR.C, HTML_MHTREDIR.D, HTML_REDIR.AC, HTML_REDIR.B, VBS_PSYME.E, WORM_WALLON.A
The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Help and Support Center Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attack...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attacker to remotely execute arbitrary code with Local System privileges.
More information about this vulnerability and its elimination.

Vulnerability in DirectPlay Could Allow Denial of Service (839643)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsof...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)
Microsoft DirectX 7.0a
7.1
8.1
8.1a
8.1b
8.2
9.0
9.0a
9.0b on Windows 98
Windows 98 Second Edition
Windows Millennium Edition
Microsoft DirectX 8.0
8.0a
when installed on Windows 2000
Microsoft DirectX 8.1
8.1a
8.1b when installed on Windows 2000
Microsoft DirectX 8.2 when installed on Windows 2000
or Windows XP
Microsoft DirectX 9.0
9.0a
9.0b when installed on Windows 2000
Windows XP
or Windows Server 2003
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Malware exploiting this vulnerability: unknown
This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay. Applications that use this API are typically network-based multiplayer games.;An attacker who successfully exploits this vulnerability could cause the DirectX application to fail while a user is playing a game. The affected user would then have to restart the application.
More information about this vulnerability and its elimination.

Cumulative Security Update for Outlook Express (823353)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restartin...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows Millennium Edition (Me)
Microsoft Outlook Express 5.5 Service Pack 2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 Service Pack 1
Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Malware exploiting this vulnerability: unknown
A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation.
More information about this vulnerability and its elimination.

Vulnerability in Task Scheduler Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected mac...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Internet Explorer 6 when installed on Windows NT 4.0 SP6a
Malware exploiting this vulnerability: unknown
This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user.
More information about this vulnerability and its elimination.

Vulnerability in HTML Help Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the a...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (867801)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)
Internet Explorer 5.01 Service Pack 2
Internet Explorer 5.01 Service Pack 3
Internet Explorer 5.01 Service Pack 4
Internet Explorer 5.5 Service Pack 2
Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer 6 Service Pack 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
Malware exploiting this vulnerability: unknown
The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system.
More information about this vulnerability and its elimination.

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnera...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Project 2002 (All Versions)
Microsoft Project 2003 (All Versions)
Microsoft Visio 2002 (All Versions)
Microsoft Visio 2003 (All Versions)
Microsoft Office XP Service Pack 3
Microsoft Office System 2003
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
Visual Studio .NET 2002
Visual Studio .NET 2003
Microsoft .NET Framework
Version 1.0 SDK
Microsoft Picture It! 2002 (All Versions)
Microsoft Greetings 2002
Microsoft Picture It! version 7.0 (All Versions)
Microsoft Digital Image Pro version 7.0
Microsoft Picture It! version 9 (All Versions
including Picture It! Library)
Digital Image Pro version 9
Digital Image Suite version 9
Microsoft Producer for Microsoft Office PowerPoint (All Versions)
Platform SDK Redistributable: GDI+
Malware exploiting this vulnerability: unknown
This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.
More information about this vulnerability and its elimination.

Vulnerability in NetDDE Could Allow Remote Code Execution (841533)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected syste...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected system. However, the NetDDe services are not automatically executed, and so would then have to be manually started for an attacker to exploit this vulnerability. This vulnerability also allows attackers to perform a local elevation of privilege, or a remote denial of service (DoS) attack.
More information about this vulnerability and its elimination.

Security Update for Microsoft Windows (840987)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, and Windows Kernel Vulnerability.
More information about this vulnerability and its elimination.

Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code ex...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code execution. Windows can not properly handle the extraction of the ZIP folder with a very long file name. Opening a specially crafted compressed file, a stack-based overflow occurs, enabling the remote user to execute arbitrary code.
More information about this vulnerability and its elimination.

Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could en...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could enable remote malicious user or malware to execute arbitrary code. Windows Shell function does not properly check the length of the message before copying to the allocated buffer. Program Group Converter is an application used to convert Program Manager Group files that were produced in Windows 3.1, Windows 3.11, Windows for Workgroups 3.1, and Windows for Workgroups 3.11 so that they can still be used by later operating systems. The vulnerability lies in an unchecked buffer within the Group Converter Utility.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (834707)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Pa...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (Me)
Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3
Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me
Internet Explorer 6 on Windows XP
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3
on Microsoft Windows 2000 Service Pack 4
on Microsoft Windows XP
or on Microsoft Windows XP Service Pack 1
Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a
on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6
on Microsoft Windows 98
on Microsoft Windows 98 SE
or on Microsoft Windows Me
Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Malware exploiting this vulnerability: unknown
This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (889293)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such t...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)
Malware exploiting this vulnerability: JS_SHEXPLOIT.A, WORM_BOFRA.A, WORM_BOFRA.B, WORM_BOFRA.C, WORM_BOFRA.E
This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user.
More information about this vulnerability and its elimination.

Vulnerability in WordPad Could Allow Code Execution (885836)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited, this remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges.
More information about this vulnerability and its elimination.

Vulnerability in HyperTerminal Could Allow Code Execution (873339)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTermi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. This malicious file may enable the attacker to gain complete control of the affected system. This vulnerability could also be exploited through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client.
More information about this vulnerability and its elimination.

Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute progra...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute programs. They cannot be exploited remotely, or by anonymous users. A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow the current user to take complete control of the system. A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow the current user to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerability in HTML Help Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow inf...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take comp...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts that have full privileges.
More information about this vulnerability and its elimination.

Vulnerability in the Indexing Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition.
More information about this vulnerability and its elimination.

Vulnerability in Windows Could Allow Information Disclosure (888302)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an op...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Malware exploiting this vulnerability: unknown
This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an open connection to an available shared resource.
More information about this vulnerability and its elimination.

Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message.
More information about this vulnerability and its elimination.

Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft MSN Messenger 6.0
Microsoft MSN Messenger 6.1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Media Player 9 Series
Microsoft Windows Messenger version 5.0
Microsoft Windows Millennium Edition
Microsoft Windows Messenger version 4.7.0.2009
Microsoft Windows Messenger version 4.7.0.3000
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This v...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Office 2003
Microsoft Office 2003 Service Pack 1
Microsoft Office XP
Microsoft Office XP Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This vulnerability could grant a currently logged-on user to take complete control of the system.;This remote code execution vulnerability exists in OLE because of the way that it handles input validation. An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution.
More information about this vulnerability and its elimination.

Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execu...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 3
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (867282)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of a...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Internet Explorer 5.01 Service Pack 3
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 5.5 Service Pack 2
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 64-Bit Edition)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003)
Microsoft Internet Explorer 6.0 (Microsoft Windows XP 64-Bit Edition Service Pack 1)
Microsoft Internet Explorer 6.0 (Microsoft Windows XP 64-Bit Edition Version 2003)
Microsoft Internet Explorer 6.0 Service Pack 1
Microsoft Windows 2000 Server Service Pack 3
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulner...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message.
More information about this vulnerability and its elimination.

Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: HKTL_EXPLANI.A, HKTL_PNGEXP.A, HKTL_PNGFILE.A
A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
More information about this vulnerability and its elimination.

Vulnerability in Message Queuing Could Allow Code Execution (892944)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete con...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows XP
64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP Service Pack 1
Malware exploiting this vulnerability: HKTL_EXPLANI.A, HKTL_PNGEXP.A, HKTL_PNGFILE.A
A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
More information about this vulner

Member Avatar for ere8

I tried to install Malwarebytes, but when I got to the step where it should have automatically downloaded the latest update, I got the following error message:

"Update failed. Make sure you are connected to the internet and your firewall is set to allow Malwarebytes Anti-Malware to access the internet."

How should I proceed from here?

Thanks!

- Rachel

Member Avatar for ere8

I went ahead and performed the Malwarebytes scan, even though it wouldn't download the update. That log is below.

Thanks again for all of your help, both of you!
----------------------------------------

Malwarebytes' Anti-Malware 1.09
Database version: 507

Scan type: Full Scan (C:\|)
Objects scanned: 90176
Time elapsed: 1 hour(s), 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 90
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055234.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055238.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055240.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055242.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055243.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055244.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055246.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055249.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055250.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055253.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055255.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055261.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Member Avatar for MoralTerror

Hi ere

Reset your System Restore using the following procedure

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Reboot the PC then go ahead with the remaining Windows Updates including SP2. Let us know how that goes.

Member Avatar for ere8

Okay, folks. SP2 is now on my machine, and I had no problems with the installation. IE is still not working, although I don't know if that was supposed to fix it.

Next? :)

Thanks again for all the help!

- ERE

Member Avatar for die die

hi i am having the same problem an i am looking for i way to fix i have wipe an re install windows 7 on my system an i still cant get to facebook page all other sites are working fine except that one can anyone help with this

Member Avatar for jholland1964

hi i am having the same problem an i am looking for i way to fix i have wipe an re install windows 7 on my system an i still cant get to facebook page all other sites are working fine except that one can anyone help with this

This thread is three years old.
You need to begin your own thread, clearly stating all of YOUR problems and complete the steps given in our Read Me Sticky and copy/paste the logs produced in your own thread. Then somebody will offer assistance.

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.