Blocking Webpage intrusion

Printable View

January 10th, 2002, 11:00 PM
GenTech07

Blocking Webpage intrusion

Overview: The problem is how to prevent/block external alteration of my START MENU and FAVORITES Folders by intrusive webpage scripts/cookies/apps that could potentially affect my system in more dramatic ways.

Detail: My system has been bypassed while on the internet, even with an IDS and Personal Firewall in-place. Miscellaneous links and/or groups of links have been placed in my Favorites Folder and even within the Windows START MENU Folder. I am not certain which webpage(s) are at fault. Subsequently, I have not seen any source code that would indicate a culprit or that could be used to develop an effective counter.

Bottom Line: Is there a way to unilaterally block this method of intrusion into my system?
:3pow:
January 11th, 2002, 01:43 AM
jezter6

javascript

I've seen javascript automatically add links into my favorites in IE, as well as change my start page to something else...but I wouldn't see how JS could start adding things to your start menu (except that your favorites can sometimes be in the start menu...mine doesn't happen to be)....

are the mysterious new links in the programs folder or somewhere else?
January 11th, 2002, 02:09 AM
GenTech07

Yes, the new links will sometimes show up in one or more newly named folders that have been added to the Programs Folder within the Start Menu. This is how I first discovered the intrusion.
January 11th, 2002, 06:18 AM
Tedob1

uninstall windows scripting host from add remove windows programs, in ie's security options, disable active scripting and jave compiler. dont allow, or ask first for, activex objects and ask first for unsigned everything.

this should help some.
January 11th, 2002, 11:44 PM
Conf1rm3d_K1ll

Re: Blocking Webpage intrusion

Quote:

Originally posted by GenTech07

Detail: My system has been bypassed while on the internet, even with an IDS and Personal Firewall in-place. Miscellaneous links and/or groups of links have been placed in my Favorites Folder and even within the Windows START MENU Folder. I am not certain which webpage(s) are at fault. Subsequently, I have not seen any source code that would indicate a culprit or that could be used to develop an effective counter.

The same thing has happened to me also. Not only did it do all the above but it also added a key to the registry under the "run once" folder.

Not satisfied with doing that it then proceeded to disconnect my modem and attempt to dial an overseas number. All this happened in less than 2 seconds!

My box has the standard security measures in place (firewall, AVG, proport and The Cleaner) but none of these security programs had any affect in stoping the malicious code. Although Tiny did finally speak up when my dial up was changed and tried to connect. Better late than never...