keep getting strange results 1

[eyec]

i posted this in the Java thread but i don't think it is a java problem. any suggestions?

tia

<script language='javascript' src='[URL unfurl="true"]http://127.0.0.1:1032/js.cgi?pcaw&r=24464'></script>[/URL]

i only see this on one pc when i view the source of many webpages. i do not see it on my other pc on the same home network.

 

[kjv1611]

Is that possibly a proxy that has been setup on the one computer either by mistake or by some program - malicious or not?

Have you tried scanning the computer with antivirus and antispyware software?

Of course, you want to be sure to have antivirus AND antispyware software on every pc.

 

[eyec]

found a program that tried to set up a proxy and have killed it but it is not malware related.

still checking on this. but have not found any virus or spyware on the machine.

thanks for the reply.

 

[kjv1611]

Is the java script line gone in the source for the web pages, now?

 

[eyec]

NO!

 

[kjv1611]

Good, then sounds like you're problem is fixed.

 

[kjv1611]

Oh, oops... I sort of misread that one...

 

[kjv1611]

You could also try to run a hijackthis log of the machine to verify where the problem is.

Another possible sollution could be to run a registry editor program in case the program that was trying to send you to a proxy left behind a registry entry that is causing the change.

Also, did you go back and verify that your internet settings were not still set to go to a proxy after uninstalling the program?

In Internet Explorer:
Tools -> Internet Options -> Connections -> Lan Settings ->Make sure "Use a proxy server..." is unchecked.

 

[eyec]

have done all of the aove mentioned scans/checks.

found nothing, yet.

 

[kjv1611]

Hmmm..

Did you reboot your machine after the uninstall of the program?

If you tried hijack this, try posting a log here, and someone would probably spot the problem..

 

[eyec]

i think it is something associated with my dsl modem.
checking on some things now.

hijack log is clean.

however, i have found some programs in Zone Alarm Trusted zone that i can't identify. they have symbols for program names!

 

[tazuk]

Has the PC in question got Zone Alarm Pro installed? That was the conclusion on another forum here

TazUk

Blue-screening PCs since 1998

 

[eyec]

yes, i am running ZA Pro

these 2 programs show up in ZA with Super Trusted Level properties. i have since taken away their access but can't find any info on them. they show as 0kb.

any help?

 

[eyec]

tazuk,

thanks for the link.(have a star) it looks like that is the problem - exactly what i am getting - incluning the postamble.

still the above programs have me on edge.

 

[tazuk]

Thanks eyec.

I think the extra javascript may be linked to ZA Pro privacy settings for advertising, based on this.
What makes me a little concerned about it is that port 1032 is usually used for ICQ (or so I understand). It might be worth using a port and or file scanner to establish what and to where this machine is communicating - I often use ActivePorts and FileMon for this sort of thing.

I used to run ZA Pro on my desktop but never came across the programs you mention above, or indeed any programs being added to the Super Trusted level automatically. However my understanding of Super Trusted level is shaky (I gave up on ZA Pro and went back to the free version after it made networking nigh on impossible for me to figure out), but I understand that one of the requirements for remote control of the ZA Pro client is that the application used to connect to the client machine be approved at the Super Trusted level. This would suggest that you are right to be concerned as it should not be appropriate for an unknown application to promote itself to this level of trust without manual confirmation (wearing my developer hat here..).

I'll keep digging as and when I can.

TazUk

Blue-screening PCs since 1998