Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
Some video files can tell certain video players to open 1 or more websites,
including Windows Media Player.
These webpages can then install malicious activex programs that in turn
install
spyware, hijackers, etc.
I've even seen a webpage trick IE 6 into running an HTA file, without asking
me for permission,
which opened several full sized IE windows to try and distract me from the
fact that it was
creating a couple dozen shortcuts and trying to download and run a screen
saver.
While cleaning up the mess, i also discovered, that the site had installed
an activex object that downloaded 2 files, 1 to C:\
and 1 to the system folder. 1 of them would copy and rename the other file
each time i shutdown and make sure a start up entry existed for it.
What it sounds like happened to you, is that the video file opened multiple
to websites, and atleast 1 of them installed a hijacker
that mat be running as a BHO of some sort.
There are very few ways for a program to autorun in windows:
1) Start folder entry
2) Registry Run entries
3) BHO's
4) Virus infected file loads it or is it.
5) It's also possible that entries were added to your hosts file, to
redirect you to a
certain website without altering the address bar.
IF you still have malicious software running you need to verfiy every
running process.
1) Easily checked and verified.
2) You can check these entrie with Spybot Search & Destroy or msconfig.exe
3) You should be able to view most, if not all installed BHO's from IE's
Tools | Internet | Programs Tab | Manage Add-ons Button
5) Spybot can show you the contents of your host file or you can navigate it
in a text editor
Spybot can also show you your installed BHO's and registered ActiveX
objects, Running Processes, and Start Up Items.
I would find each file that loads as a start up item, all BHO's, and ActiveX
objects.. Check filenames that seem odd or out of place.
Right click on each file and select Properties. If it's a system file or
from MS it should have a version Tab with author|company info, description
etc..
This info should give you a clue as to it legitimacy, and I've found that
many authors of malicious software, can't help but use this area
to brag how L33T they are. (please pardon my use of really really lame slang
used by really really really lame persons).
If, after reviewing each loading file, you still don't have an suspicions,
you can usemsconfig.exe, to keep Start Up items from loading,
to try and narrow down the possibilities, by booting with a limited startup
and try to browse the net.
You can also ask here, about any entries (Startup, BHO,ActiveX,Hosts file,
etc.) that you unsure about.
"katie" <anonymous@discussions.microsoft.com> wrote in message
news:%23z9sgTpuFHA.3752@TK2MSFTNGP09.phx.gbl...
> No, that is "The Sims" it is a game made by Maxis. No problems with that
> at all as I havent actually played that for a while and the problem didnt
> exist at that time. This is a new problem that stemmed from playing a
> quick time movie. I didnt actually do anything other than press the play
> icon in quick time. Then I had loads of pop ups all leading to the same
> site saying "THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT" it just
> happened to attach itself to the one web page that I had open at that
> time.
> Thanks for your support and help.
>
>
>
Some video files can tell certain video players to open 1 or more websites,
including Windows Media Player.
These webpages can then install malicious activex programs that in turn
install
spyware, hijackers, etc.
I've even seen a webpage trick IE 6 into running an HTA file, without asking
me for permission,
which opened several full sized IE windows to try and distract me from the
fact that it was
creating a couple dozen shortcuts and trying to download and run a screen
saver.
While cleaning up the mess, i also discovered, that the site had installed
an activex object that downloaded 2 files, 1 to C:\
and 1 to the system folder. 1 of them would copy and rename the other file
each time i shutdown and make sure a start up entry existed for it.
What it sounds like happened to you, is that the video file opened multiple
to websites, and atleast 1 of them installed a hijacker
that mat be running as a BHO of some sort.
There are very few ways for a program to autorun in windows:
1) Start folder entry
2) Registry Run entries
3) BHO's
4) Virus infected file loads it or is it.
5) It's also possible that entries were added to your hosts file, to
redirect you to a
certain website without altering the address bar.
IF you still have malicious software running you need to verfiy every
running process.
1) Easily checked and verified.
2) You can check these entrie with Spybot Search & Destroy or msconfig.exe
3) You should be able to view most, if not all installed BHO's from IE's
Tools | Internet | Programs Tab | Manage Add-ons Button
5) Spybot can show you the contents of your host file or you can navigate it
in a text editor
Spybot can also show you your installed BHO's and registered ActiveX
objects, Running Processes, and Start Up Items.
I would find each file that loads as a start up item, all BHO's, and ActiveX
objects.. Check filenames that seem odd or out of place.
Right click on each file and select Properties. If it's a system file or
from MS it should have a version Tab with author|company info, description
etc..
This info should give you a clue as to it legitimacy, and I've found that
many authors of malicious software, can't help but use this area
to brag how L33T they are. (please pardon my use of really really lame slang
used by really really really lame persons).
If, after reviewing each loading file, you still don't have an suspicions,
you can usemsconfig.exe, to keep Start Up items from loading,
to try and narrow down the possibilities, by booting with a limited startup
and try to browse the net.
You can also ask here, about any entries (Startup, BHO,ActiveX,Hosts file,
etc.) that you unsure about.
"katie" <anonymous@discussions.microsoft.com> wrote in message
news:%23z9sgTpuFHA.3752@TK2MSFTNGP09.phx.gbl...
> No, that is "The Sims" it is a game made by Maxis. No problems with that
> at all as I havent actually played that for a while and the problem didnt
> exist at that time. This is a new problem that stemmed from playing a
> quick time movie. I didnt actually do anything other than press the play
> icon in quick time. Then I had loads of pop ups all leading to the same
> site saying "THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT" it just
> happened to attach itself to the one web page that I had open at that
> time.
> Thanks for your support and help.
>
>
>
Facebook
Twitter
Instagram