Re: thewhothismonth.com

["Jim M" <petenotped@xxxxxxxxxxx>]

> From: "Sue Tal" <suetal@xxxxxxxxx>

> My computer also has been screwed up lately too, so I am sending this from
> another location.  This stupid thing called "realphx.com" keeps affecting a
> lot of stuff.

I've had problems with similar scripts that I've picked up while surfing.  
These things are nasty.  They embed themselves in your computer's 
"regiistry" and get triggered when certain things happen.  you have registry 
settings that determine what url to go to when explorer is started, when a 
search returns no results, when you type in a partial url (e.g. www... 
instead of http:\\www....).  I have had all of these settiings and more 
reset to go to sites which set off a cascade of sites which you can't close. 
 At that point, I unplug my cable modem from my PC, which stops the sites 
from loadiing and then i can close them down.

I'm not sure I have a solution for you.   I have tried Ad-aware and McAfee, 
but they haven't picked up this scriipt.  Which is not to say that you 
shouldn't run these things, they are absolutely necesary.  I'm convinced 
that my computer was infected through Google's toolbar, which I ironically 
downloaded because it promised to block pop-up ads.  It did that, but I have 
read articles which state that versions of it leave a vulnerability that 
allows scriipts to infect your machine.  I've cleaned up a lot of it, but my 
computer is still a mess.  I get pop ups all over the place, and it freezes 
up much more often than nit did before.

What I would suggest is that you go to Google and click the "Groups" tab.  
Enter the name of the site that's causing the problem.  You will get results 
that contain discussions between regular folks and techie nerds about 
problems similar to yours.  It takes some diggiing, but you can usually find 
someone who's going through something similar to you.  i've pasted one, 
below, that looks interesting.

Good luck,
Jim M

P.S., I'm 37, and have been a Who freak since about 1980. I joined the list 
when I heard about Pete's accusation. (can you tell from my address?)  I 
knew this would be the place to hear all the news first, and I was right.  I 
didn't expect to stay long, but all the talk about the music remined me what 
I loved about it.  I've bought (and listened to) more Who music in the last 
year than I had in the previous ten.



From: "Thor Larholm" (thor@xxxxxxxx)
Subject: Re: New AIM Expliot/Worm/Adware-script (realphx.com related)


View this article only
Newsgroups: mailing.unix.bugtraq
Date: 2003-10-13 08:58:24 PST


As with the previous AIM exploit we saw, this one is just trying to use the
Object Data vulnerability variation.

MS03-040 was released last friday, fixing this variation.

http://www.microsoft.com/technet/security/bulletin/ms03-040.asp

As such, this is not trying to use any unpatched vulnerabilities and 
provided
that you are up-to-date on at least critical patches you are safe. The 
MS03-040
patch is one of those cumulative patches that all IE users should install
immediately, since it is a revised version of MS03-032 it fixes not only 
several
critical vulnerabilities (of which Object Data is just one) but it also 
fixes
all previously patched IE vulnerabilities. Consider it your starting point.


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
"Counterpoint: Linux vs. Windows Viruses" -
http://www.securityfocus.com/guest/23028
Service announcement - http://www.pivx.com/larholm/unpatched/

_________________________________________________________________
Fretting that your Hotmail account may expire because you forgot to sign in 
enough? Get Hotmail Extra Storage today!   
http://join.msn.com/?PAGE=features/es