[Ham-Computers] RE: IE awareness of internet connection.

[Hsu, Aaron (NBC Universal)]

As others have pointed out, sounds like you have some Ad/Spyware or a
browser hijacker installed (collectively known as "malware").  Malware is
currently more of a pain than trojans or virii as much malware are "gray
area" legal and funded by advertising companies.

How does various "malware" get on your system?  The legal ones install
themselves usually with your permission.  If you recently downloaded and
installed a "free" application (including many that claim to prevent virii
and malware), then it most likely also installed an additional app that
serves advertising on your computer.  This advertising is what "pays" for
your "free" application.  Many of the peer-to-peer file sharing apps have
malware attached.  You may not realize it, but you agreed to let the malware
install itself when you agreed to the "free" app's End-User License
Agreement - aka "EULA" - (that box that asks "do you agree to this license"
when you install the app.  Ever answer yes to the question, "would you like
us to make this your home page?".  This is one way a browser hijacker can
install itself.

The illegal malware apps can also "hitchhike" on another installer (like
above), but there is no mention of it in the EULA.  These apps can also
install themselves by exploiting bugs in the Windows operating system and
Internet Explorer.  Last month, a major bug in Internet Explorer and IIS was
exploited to "infect" unpatched machines.  All a person needed to do was
visit an IIS-based website with IE and, "voila!", malware installed itself
to your system.  It's possible Loren's system was "infected" in this way.

What can be done?  The system needs to be "cleaned" of malware apps.
Depending on specifically what malware is installed, this can be an easy
task, or it could take hours.  I've worked on a dozen systems over the past
month removing malware by hand.  The average time is about 4 hours and I had
one that took about 8 hours total.

Yes, there are apps out there that will scan for and remove many malware
apps.  Two free ones are Spybot and Ad-aware.  However, neither found many
of the malware apps I ran into.  PestPatrol's on-line scanner did a better
job, but still missed a couple.  It takes a lot of effort to get those
really obnoxious ones!  The problem is that all of these malware "scanners"
look for filenames, not signatures (like anti-virus programs).  As such,
many malware apps now use totally random filenames to hide themselves.  Of
course, this helps locate them too as legit files usually have a
"descriptive" name.

The best thing you can do is to find a computer guru that knows how to
remove malware and hire him/her.  The next best thing you can do is to find
a good newsgroup or forum on the 'net that specializes in removing malware.
The Experts-exchange is a good place to start.  I would first suggest that
you search the forum archives to see if a solution already exists for your
situation.  Then post your current tasklist (usually with "Hijackthis") and
the on-line gurus will help trackdown your problem and offer suggestions.

How can one prevent getting malware?  The first is "don't download and
install any free/shareware without first researching the app".  Those
pop-ups that advertise pop-up blockers and spyware removers?  They're
malware...they just kill the other ones so they can get all the advertising
revenue.  The most commonly found malware are "search toolbars".  Precision
Time and Date Manager are also common adware apps (by Gator).  

Another thing you can do to prevent malware is to STOP USING INTERNET
EXPLORER.  Even Microsoft has advocated the temporary use of other browsers
until all the bugs in IE can be patched.  I personally use Mozilla v1.7.1
(http://www.mozilla.org).  "Firefox" is the "next gen" thing from
Mozilla.org, but it's still beta and pretty rough.  The Mozilla browser is
proven and widely supported.  Firefox's main advantage over Mozilla is that
it looks like IE...minimal learning curve (if there is one for browsers).

And, as always, please no "Windows vs Linux vs Unix vs MacOS" debates.  It's
pointless and useless for most people.

Good luck in your malware search!  E-mail me if you need additional info and
I'll get back to you as soon as I can.  I use to offer more assistance, but
I'm currently inundated with "in-person" requests for help.  If you don't
mind delayed responses, I can help as best I can.

73,

  - Aaron Hsu, NN6O
    (nn6o)@arrl.net


-----Original Message-----
From: Loren Moline WA7SKT [mailto:lmoline at hotmail.com] 
Sent: Friday, August 13, 2004 10:42 PM
To: ham-computers at mailman.qth.net
Subject: [Ham-Computers] IE awareness of internet connection.

Hello,

Recently one of my computers on my home network started showing a
window...no internet connection and when I click try again it is ok..then if
I leave computer for a while and come back and run IE again it does the same
thing when going to the first website.

Does anyone have any idea what changed. I have been running Zone Alarm for a
firewall for some time but this just started.

Loren

Loren Moline WA7SKT  CN86cx
Member: ARRL, Pacific Northwest VHF Society #151
2 Meter EME initials = 25
2 Meter EME with 4 X K1FO - 12's, IC-820H, and 380W from TE Systems 1452G