Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
IE
ie55.activexcontrol
ie55.add_ons
ie55.browser
ie55.com.codedownload
ie55.css
ie55.databinding
ie55.dhtml
ie55.dhtml.authoring
ie55.dhtml.behaviors
ie55.dhtml.scripting
ie55.icw
ie55.misc
ie55.multimedia
ie55.oe.stationery
ie55.outlookexpress
ie55.programming
ie55.setup
ie55.webbrowser_ctl
ie6.browser
ie6.ieak
ie6.oe.wishlist
ie6.setup
ie6_oe.stationery
ie6_outlookexpress
  
 
date: Mon, 30 May 2005 10:23:45 -0700,    group: microsoft.public.windows.inetexplorer.ie55.browser        back       


Trojan Horse Virus, Java/Byte Verify, MS03-011    
The virus launches explorer into a web address as follows

res://C:\WINDOWS\system32\shdocpa.dll/security.htm

I can not change properties to another address - explorer always goes back 
to the same address.  

Is there any way to extract the virus?

I recently used AVG Anti-Virus - It had kept the virus in a vault - when I 
decided to delete the items in the vault, it appeared to free the virus and 
cause the problem.

Please let me know what can be done.
-- 
Sincerely,

jlee
date: Mon, 30 May 2005 10:23:45 -0700   author:   jlee

Re: Trojan Horse Virus, Java/Byte Verify, MS03-011    
First, is your system patched up to eliminate that threat?  Have you gone to 
Windows Update and downloaded and installed all the Critical patches yet? 
If not, at least get the specific patch for that issue:

MS03-011: Flaw in the Microsoft VM Could Enable System Compromise
http://support.microsoft.com/default.aspx?scid=kb;en-us;816093

Then run your anti-virus program again.  Most AV programs will also 
recommend disabling System Restore if you are running ME or XP as they don't 
clean that folder:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Clean-up instructions from a couple popular AV products.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100261

If your IE home page still resets itself after getting patched and cleaned, 
see this site for possible help and more information:

Home page setting changes unexpectedly, or you cannot change your home page 
setting
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q320159

In addition to the info there, check your StartUp folder for any programs 
that look suspicious.  If no joy, go to Start, Run, type in "msconfig" (no 
quotes), click Okay, go to the StartUp tab, and look for any line there that 
look suspicious.  You probably went to a web site and clicked on something 
that made the additions/changes to your registry or added a script to your 
system that caused this problem.  This can also be caused by running an 
email attachment or clicking on something in a HTML email.

You may also want to check out StartPage Guard -
http://pjwalczak.com/spguard/index.php
StartPage Guard protects your PC from cyberscam, by monitoring status of 
your internet browser StartPage and preventing it from any unauthorized 
changes.

And to keep from having to manually edit the registry to unlock your 
homepage settings, try this little script by Doug Knox, MS MVP:
http://www.dougknox.com/security/scripts_desc/nosethomepage.htm

More information here:  http://www.cexx.org/hphijack.htm
-- 

Jon R. Kennedy
Charlotte, NC, USA
jkennedy2@carolina.rr.com

"jlee"  wrote in message 
news:9C8DBAB9-B986-45DD-99F0-8D30D6A7FB85@microsoft.com...
> The virus launches explorer into a web address as follows
>
> res://C:\WINDOWS\system32\shdocpa.dll/security.htm
>
> I can not change properties to another address - explorer always goes back
> to the same address.
>
> Is there any way to extract the virus?
>
> I recently used AVG Anti-Virus - It had kept the virus in a vault - when I
> decided to delete the items in the vault, it appeared to free the virus 
> and
> cause the problem.
>
> Please let me know what can be done.
> -- 
> Sincerely,
>
> jlee
date: Mon, 30 May 2005 18:11:17 -0400   author:   Jon Kennedy

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us