Activex and norton antivirus



Raj
07-10-2005, 01:05 AM
When I went to a website today, I received a message that IE6 stopped the
site from installing an Activex control. At the same time, I received a
message from Norton Antivirus that the Trojan Horse Alwayup was located in
the Temporary Internet Files and could not be repaired or accessed. I ran the
Norton full system scan and also checked manually but could not find the
Trojan Horse file that was mentioned by the Norton alert.

Is it possible that the Trojan Horse File detected by Norton is the same as
the Activex control that was stopped from installing by IE ?

Maurice N ~ MVP
07-10-2005, 01:05 AM
This link is to Symantec's page on the Alwayup Trojan
http://tinyurl.com/af7e2

I'd suggest you insure your NAV is up-to-date with definitions, and then to run it in Safe Mode of Windows.

Run Disk Cleanup while in Safe Mode also to clean out all your temp files.
--
Maurice N
MVP Windows - Shell / User
-----

"Raj" wrote
> When I went to a website today, I received a message that IE6 stopped the
> site from installing an Activex control. At the same time, I received a
> message from Norton Antivirus that the Trojan Horse Alwayup was located in
> the Temporary Internet Files and could not be repaired or accessed. I ran the
> Norton full system scan and also checked manually but could not find the
> Trojan Horse file that was mentioned by the Norton alert.
>
> Is it possible that the Trojan Horse File detected by Norton is the same as
> the Activex control that was stopped from installing by IE ?
>

MAP
07-10-2005, 01:05 AM
Raj wrote:
> When I went to a website today, I received a message that IE6 stopped
> the site from installing an Activex control. At the same time, I
> received a message from Norton Antivirus that the Trojan Horse
> Alwayup was located in the Temporary Internet Files and could not be
> repaired or accessed. I ran the Norton full system scan and also
> checked manually but could not find the Trojan Horse file that was
> mentioned by the Norton alert.
>
> Is it possible that the Trojan Horse File detected by Norton is the
> same as the Activex control that was stopped from installing by IE ?

>>Is it possible that the Trojan Horse File detected by Norton is the same
as
the Activex control that was stopped from installing by IE ?

Yes,Delete your temp.internet files,I would say that the trojan was stopped
before it had a chance to install.Many trojans install via activeX.
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html

--
Mike Pawlak

Maurice N ~ MVP
07-10-2005, 01:05 AM
As to your last question, yes it is possible that website would have passed the trojan to your system.
What was the website?

One other point: When you had run NAV, did you have your browser *closed* ?
If you had it open, and the files were in-use --- it's likely why they could not be removed.
That's another reason for running cleanups in Safe Mode.

--
Maurice N
MVP Windows - Shell / User
-----

<snipped>
>
> Is it possible that the Trojan Horse File detected by Norton is the same as
> the Activex control that was stopped from installing by IE ?
>

Raj
07-10-2005, 01:05 AM
Thanks for your help. NAV was up-to-date when this problem occurred. I went
to the Symantec link for Alwayup Trojan and ran a full system scan in normal
use mode and also did another scan in safe mode. Both times, NAV did not
detect any infected files. I also manually found the temp folder and
temporary internet files folder and scanned the contents using NAV and no
infected files were detected. I will now clean up the temp files using Disk
Cleanup in Safe Mode.

"Maurice N ~ MVP" wrote:

> This link is to Symantec's page on the Alwayup Trojan
> http://tinyurl.com/af7e2
>
> I'd suggest you insure your NAV is up-to-date with definitions, and then to run it in Safe Mode of Windows.
>
> Run Disk Cleanup while in Safe Mode also to clean out all your temp files.
> --
> Maurice N
> MVP Windows - Shell / User
> -----
>
> "Raj" wrote
> > When I went to a website today, I received a message that IE6 stopped the
> > site from installing an Activex control. At the same time, I received a
> > message from Norton Antivirus that the Trojan Horse Alwayup was located in
> > the Temporary Internet Files and could not be repaired or accessed. I ran the
> > Norton full system scan and also checked manually but could not find the
> > Trojan Horse file that was mentioned by the Norton alert.
> >
> > Is it possible that the Trojan Horse File detected by Norton is the same as
> > the Activex control that was stopped from installing by IE ?
> >
>

Raj
07-10-2005, 01:05 AM
Thanks for the advice. I will delete the temp folder under safe mode.

"MAP" wrote:

> Raj wrote:
> > When I went to a website today, I received a message that IE6 stopped
> > the site from installing an Activex control. At the same time, I
> > received a message from Norton Antivirus that the Trojan Horse
> > Alwayup was located in the Temporary Internet Files and could not be
> > repaired or accessed. I ran the Norton full system scan and also
> > checked manually but could not find the Trojan Horse file that was
> > mentioned by the Norton alert.
> >
> > Is it possible that the Trojan Horse File detected by Norton is the
> > same as the Activex control that was stopped from installing by IE ?
>
> >>Is it possible that the Trojan Horse File detected by Norton is the same
> as
> the Activex control that was stopped from installing by IE ?
>
> Yes,Delete your temp.internet files,I would say that the trojan was stopped
> before it had a chance to install.Many trojans install via activeX.
> SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
>
> --
> Mike Pawlak
>
>
>

Maurice N ~ MVP
07-10-2005, 01:05 AM
WTG, Raj.
--
Maurice N
MVP Windows - Shell / User
-----

"Raj" wrote
> Thanks for your help. NAV was up-to-date when this problem occurred. I went
> to the Symantec link for Alwayup Trojan and ran a full system scan in normal
> use mode and also did another scan in safe mode. Both times, NAV did not
> detect any infected files. I also manually found the temp folder and
> temporary internet files folder and scanned the contents using NAV and no
> infected files were detected. I will now clean up the temp files using Disk
> Cleanup in Safe Mode.

Raj
07-10-2005, 01:05 AM
Hi, the website in question is :

http://www.oldielyrics.com/c/creedence_clearwater_revival.html

I was on this website when I received the messages from NAV and IE Activex.
I then shut down the browser and did a system scan using NAV in regular mode
and also in safe mode. No "threats" were detected by NAV.

"Maurice N ~ MVP" wrote:

> As to your last question, yes it is possible that website would have passed the trojan to your system.
> What was the website?
>
> One other point: When you had run NAV, did you have your browser *closed* ?
> If you had it open, and the files were in-use --- it's likely why they could not be removed.
> That's another reason for running cleanups in Safe Mode.
>
> --
> Maurice N
> MVP Windows - Shell / User
> -----
>
> <snipped>
> >
> > Is it possible that the Trojan Horse File detected by Norton is the same as
> > the Activex control that was stopped from installing by IE ?
> >
>

Maurice N ~ MVP
07-10-2005, 01:05 AM
OK, went to that site. Popups blocked by SP2-IE (yea). Temp enabled popups. It attempted to create a new window for media.fastclick.net. Did not work --- window created but no contents --- page not found.
Blocked by my Hosts file which was populated by me (in small part) and MVP Hosts file. Yea. Thank you Mike Burgess.

See Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp200­2/hosts.htm

--
Maurice N
MVP Windows - Shell / User
-----

"Raj" wrote
> Hi, the website in question is :
>
> http://www.oldielyrics.com/c/creedence_clearwater_revival.html
>
> I was on this website when I received the messages from NAV and IE Activex.
> I then shut down the browser and did a system scan using NAV in regular mode
> and also in safe mode. No "threats" were detected by NAV.
>


Activex and norton antivirus