Virus in startpage Microsoft?

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

sinterklaas

Thread Starter
Joined
Aug 9, 2001
Messages
58
Doing lots of formats and fresh installs for friends, I usually first check the internet connection by loading the Microsoft startpage, before I install Norton AV. Last time I had to wait for someone who was desperately looking for his username and password, so I decided to install NAV 2001 first, then configure the dial-up and after that update the virusdefs. The connection was ok, so after updating I opened IE 6.0 to set his requested startpage. I waited for the pre-installed Dutch Microsoft startpage (www.msn.nl) to load, and -to my surprise- got an alert from NAV: it had found a trojan horse in "mc.vbs" !

I scanned this file on several pc's (almost every pc has it in its TIF), but NAV 2001 did not find any viruses - neither did NAV 2002.

Does this mean that NAV does not recognize a trojan horse when it is already there before NAV is installed? That implies that there must be an incredible amount of computers with this vb script running, while their owners think they are safe because of NAV...

Please don't panic: I must be wrong. But where?
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,484
Hiya

Apparently, if you have MSN Messenger installed on the machine, through MSN Messenger's COM/ActiveX interface.
MSN Messenger then manually modifies the source of the HTML page, through a VBS script you can find at MSN.

This is a section from the following site, which explains a little. Its about a person ringing as to why it was to be installed on his system:

Darn, I can't copy. Oh, well, here's the page:

http://www.xanga.com/contentfolders.asp?user=Coyote&tab=reviews

Its about half way down and begings with MSN And Their Online...

Try it without MSN and see if it occurs.

I hope that explains some of it. From what I read in that site, they don't want to admit to putting it in.

Regards

eddie
 

sinterklaas

Thread Starter
Joined
Aug 9, 2001
Messages
58
Hi Eddie

Found Xanga.com, but could not find something starting with "MSN and Their Online...". Wrong link, or is it just bedtime for me? Anyway, I appreciate your answer.

I would like to know whether this script is a dangerous Trojan or a harmless file. And also, if it is dangerous: what can I do to remove it?

BTW, I did not install MSN Messenger - I never do.

Hope you can give me some more information.
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,484
Hiya

I'll look into it, but if you wait for the page to load...may take a while, its halfway down and it says

MSN and their online interractive support Regarding mc.vbs on MSN.com Home Page

I have read something here:

http://groups.google.com/groups?q=m...=1979b01c13101$834f5fb0$b1e62ecf@tkmsftngxa04

about a vbs.mcon_c virus. Is this what was coming up with Norton?

http://www.avp.ch/avpve/worms/net/mcon.stm

http://www.europe.f-secure.com/v-descs/mcon.shtml

As in how to remove it, I don't know yet.
If this wasn't what was coming up with Norton, what was?

Regards

eddie
 

sinterklaas

Thread Starter
Joined
Aug 9, 2001
Messages
58
Thanks for your support!
SavvyLady: the virusscan you suggested only found one virus in my temporary internet files; Norton found two (JS.EXCEPTION.Exploit and VBS.Seeker.E)...
Eddie: you were right about the link: it did not load properly. I've read the other articles as well, but could not find an answer. Just questions, like mine. Well, it's good to see that I'm not the only one :rolleyes:
I'm sure I don't have the worms named in the last two articles. Norton only came up with 'Trojan Horse', and 'repaired' the file. That's all...

What on earth is that VB script doing??!
Why does NAV only marks the file as trojan as long as it is installed before the file arrives?
And: will deleting be enough to stop it?
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,484
I don't know if this will help in this case, but you could se if it does. Tools | Internet Options. Advanced tab. Scroll down through Browsing and look for Enable Install on Demand. Uncheck this, apply and OK.

If you go along now, does a popup box appera asking if you wish to download?

eddie
 

sinterklaas

Thread Starter
Joined
Aug 9, 2001
Messages
58
Hewee: thanks for the tip! I do have a good scanner myself, but I will keep this one in mind for others who haven't.

eddie: I really appreciate your efforts. I unchecked the box as you said, but no popup appeared...

Rollin'Rog: think you're right. Your solution may not be the answer to my question, but it solves the safetyproblem (if there is one...). And that is what you are here for, after all. You're doing a great job!

I guess that it is none of my business whether this file is dangerous or not, but I'm still curious why NAV thinks this file is a trojan. So, if you don't mind, I'm gonna ask Symantec. :p

( Yes, I know I should have done that before I asked you.
And yes, I will let you know the answer (if I get one).
Isn't that the least I can do? )

;)
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top