Exploit.CVE-2005-1790

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Hello.
Since a while I have a problem with Internet Explorer that tends to
bother me. On certain webpages (www.cnet.com for instance), as soon as
I move my mousepointer over the frame where the webpage is displayed,
IE crashes. This problem has been occurring ever since I was stupid
enough to click on a weblink received from some unidentified
<censored>. AVG came up with a notification that a virus had infected
my PC and eversince I've had this problem with IE.
Here is some info about the virus as it has been identified by AVG:
http://www.ibbu.nl/~nsprakel/avg.jpg

Does anyone know how to solve this problem with IE and how to remove
the virus completely from my PC?
I've tried system restore, can't re-install IE and scanning for and
fixing problems with various anti-spyware software (spyware blaster,
ad-aware and spybot S&D) to no avail.

Thanks a lot for any help or suggestions in overcoming this issue, kind
regards, Niek


Re: Exploit.CVE-2005-1790

name  typed:
Quoted text here. Click to load it

Your system is pooched!


Booting the WinXP CD then running FORMAT will work!

Please read:
Prevention protection implementation
http://boards.cexx.org/viewtopic.php?t=11523
Use a pencil and check off each item when completed.



Re: Exploit.CVE-2005-1790


YoKenny wrote:
Quoted text here. Click to load it

Buying a new computer will also work, but I was hoping for a less
rigorous solution.

Quoted text here. Click to load it

Anyway, thanks for the security tips.


Re: Exploit.CVE-2005-1790



Quoted text here. Click to load it
|
| Anyway, thanks for the security tips.

First it was NOT a virus.  It is exploit code nothing more, nothing less.

This Exploit code was mitigated by MS05-054 and patched by KB905915 so if you
are up-to-date
with your patches -- no worries !

http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx

If your PC has the latest IE cumulative update then your PC is NOT "pooched" nor
compromised
and you were given bad advice !

Dump the contents of your IE cache and scan the PC again.
Start --> settings --> control panel --> Internet options --> delete files

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Exploit.CVE-2005-1790


David H. Lipman wrote:
Quoted text here. Click to load it

I'm pretty sure I installed KB905915 and generally I'm up to date since
I regularly update windows.

Quoted text here. Click to load it

Are these cumulative IE updates installed automatically if you
regularly visit windowsupdate.com ?

Quoted text here. Click to load it

I've tried dumping the temporary internet files, but that doesn't help.
I also deleted the actual files that AVG identifies as containing the
exploit code. Now when I scan with AVG it doesn't report any problems.
Yet, the problem with IE crashing on certain webpages (as soon as I
move the mousepointer over the frame where the webpage is displayed)
persists.

Quoted text here. Click to load it


Re: Exploit.CVE-2005-1790



|
| I'm pretty sure I installed KB905915 and generally I'm up to date since
| I regularly update windows.
|
Quoted text here. Click to load it
!

Excellent !


|
| Are these cumulative IE updates installed automatically if you
| regularly visit windowsupdate.com ?
|

Yes.


Quoted text here. Click to load it
|
| I've tried dumping the temporary internet files, but that doesn't help.
| I also deleted the actual files that AVG identifies as containing the
| exploit code. Now when I scan with AVG it doesn't report any problems.
| Yet, the problem with IE crashing on certain webpages (as soon as I
| move the mousepointer over the frame where the webpage is displayed)
| persists.


The important thing is the HTML Exploit code no longer is present.  However you
still have a
problem with IE.  What that problem is I don't know.  You may want to post your
problem in a
MS IE News Group.

news://msnews.microsoft.com/microsoft.public.internetexplorer.general

I do suggest switching to FireFox or Opera as your everyday web browser and just
use IE for
pulling updates from the Windows Update Web Site or those IE specific content
bearing web
sites.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Exploit.CVE-2005-1790


Quoted text here. Click to load it

Do you have browser helpers loaded? Yahoo toolbar, google toolbar, aim,
things of that nature?

Download ERUNT, and HIJACKTHIS (google for them).

Run erunt, backup your registry, then run hijackthis and email me the
logfile. We'll disable your BHO's one by one.

BHODemon is also able to do this, but doesn't always work depending on
the browser version and your version of windows.
 

When IE crashes, does windows offer to restart it?



--
Dustin Cook
http://bughunter.atspace.org
BugHunter MalWare Removal Tool

Re: Exploit.CVE-2005-1790


Dustin Cook wrote:
Quoted text here. Click to load it

Nope. I do have some extra icons in the toolbar, for icqlite, ebay and
backflip.

Quoted text here. Click to load it

I have a log generated by hijackthis shared here:
http://www.ibbu.nl/~nsprakel/hijackthis.log

Notice that all the winmx entries are ok since that circumvents the
latest attack by the RIAA to prevent sharing mp3s on winmx.

Quoted text here. Click to load it

Nope. It just offers to send an error report. Here is the window
generated by IE when it crashes:
http://www.ibbu.nl/~nsprakel/ie_crash.jpg

Thx for your help. Although it seems the main problem is already solved
(since IE is no longer crashing) I'm still interested in ensuring that
the code exploit that messed up my system hasn't left any other traces.

Quoted text here. Click to load it


Re: Exploit.CVE-2005-1790


name wrote:
Quoted text here. Click to load it

Oh, I forgot to mention that I also started a thread about IE acting
weird on an internet explorer forum and someone there suggested
disableing add-ons...
Disableing the QUICKfind BHO Object resolved the problem I had with IE.
I'm not sure exactly how it relates to the code exploit.


Re: Exploit.CVE-2005-1790


name wrote:

Quoted text here. Click to load it

Great! I'm glad it's not crashing on you anymore. It doesn't relate to
the exploit code your antivirus program found. It really doesn't take
much to piss IE off. :)

--

Regards,
Dustin Cook
http://bughunter.atspace.org


Re: Exploit.CVE-2005-1790


Dustin Cook wrote:
Quoted text here. Click to load it

Perhaps it was an internet update (from windowsupdate) that triggered
the problem since I had the Add-on for a long time and it hadn't caused
any problems until the code exploit incident.

Quoted text here. Click to load it


Re: Exploit.CVE-2005-1790



|
| Perhaps it was an internet update (from windowsupdate) that triggered
| the problem since I had the Add-on for a long time and it hadn't caused
| any problems until the code exploit incident.
|

A pure cioincidence and nothing more.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Exploit.CVE-2005-1790


David H. Lipman wrote:
Quoted text here. Click to load it

I don't buy into that. Judging from the date of files on my computer I
must have had this Add-on installed for at least a year and something
must have set it off.
When I got the notice from AVG, I did updated windows fairly soon
afterwards and this might have caused the Add-on to act up.
Alternatively, since updating windows caused the windows genuine
advantage crap to be installed, it's also possible that my hack to
circumvent the genuine advantage BS caused the Add-on to start crashing
IE.

Quoted text here. Click to load it


Re: Exploit.CVE-2005-1790



| I don't buy into that. Judging from the date of files on my computer I
| must have had this Add-on installed for at least a year and something
| must have set it off.
| When I got the notice from AVG, I did updated windows fairly soon
| afterwards and this might have caused the Add-on to act up.
| Alternatively, since updating windows caused the windows genuine
| advantage crap to be installed, it's also possible that my hack to
| circumvent the genuine advantage BS caused the Add-on to start crashing
| IE.
|


Like I said, it was Exploit code.  If your PC was fully patched then the Exploit
code is a
moot point and thus there is no correlation.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Exploit.CVE-2005-1790

@nntp.aioe.org:

Quoted text here. Click to load it

No it's not.

Ie has problems, but a reformat probably isn't necessary. Google for
IEFIX.EXE, run it and report the results. We'll see how it goes from
here.
 
 
Quoted text here. Click to load it

As well as hose his pictures, documents, etc.

--
Dustin Cook
http://bughunter.atspace.org
BugHunter MalWare Removal Tool

Site Timeline