• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

IE keeps losing focus

A

archcommus

Diamond Member
I'm using IE7 Beta 3 and periodically after I navigate to a website IE loses focus. I am not getting any strange pop-ups or anything right now, however just earlier today and for the past few days I was - just a few pop-ups when going to regular sites like AT, and occasionally even a message box or two. I do have the IE pop-up blocker enabled. I've already run Ad-Aware, Spybot, and Windows Defender in safe mode and with System Restore off and all three found NOTHING.

Any ideas?
 
The first thing that came to mind when I read this was IE7's quirky tab mechanism that sometimes takes the IE window out of focus.
 
1) AnandTech doesn't have pop-ups (normally). You shouldn't get pop-ups when you're here; are you saying you did?

2) what antivirus software are you using?
 
Originally posted by: mechBgon
1) AnandTech doesn't have pop-ups (normally). You shouldn't get pop-ups when you're here; are you saying you did?

2) what antivirus software are you using?
Click to expand...
1) Yes, I did, and message boxes, as well, so I know I have/had some kind of spyware.

2) NOD32. Found nothing during the full scan this morning, however during use today it popped up with a WinAntiVirus/WinFixer threat or something like that, which I terminated.
 
FVCK the virus just popped up again. And so did the pop-ups and message boxes. But all the scanners are reporting nothing in my safe mode scans!
 
Originally posted by: archcommus
FVCK the virus just popped up again. And so did the pop-ups and message boxes. But all the scanners are reporting nothing in my safe mode scans!
Click to expand...
Ok, next questions, and also could you post screenshots of stuff that comes up:

1) what version of Windows is this, both the type and the service-pack level.

2) do you have a software firewall? If so, what is it.

3) do you have a hardware firewall (a router)? If so, what brand/model.

4) if you have a router, then are any other computers sharing it? Also, if it has wireless capabilities, then do you have encryption turned on (or wireless fully disabled) to keep people from mooching it?



The reason for these questions is that you mentioned "message boxes," possibly an indication that your system is running nekkid without firewall protection and is getting Windows Messenger boxes. You may also want to do a ShieldsUP! scan at Gibson Research's site (click the All Service Ports button and wait for the results).
 
Originally posted by: mechBgon
Originally posted by: archcommus
FVCK the virus just popped up again. And so did the pop-ups and message boxes. But all the scanners are reporting nothing in my safe mode scans!
Click to expand...
Ok, next questions, and also could you post screenshots of stuff that comes up:

1) what version of Windows is this, both the type and the service-pack level.

2) do you have a software firewall? If so, what is it.

3) do you have a hardware firewall (a router)? If so, what brand/model.

4) if you have a router, then are any other computers sharing it? Also, if it has wireless capabilities, then do you have encryption turned on (or wireless fully disabled) to keep people from mooching it?



The reason for these questions is that you mentioned "message boxes," possibly an indication that your system is running nekkid without firewall protection and is getting Windows Messenger boxes. You may also want to do a ShieldsUP! scan at Gibson Research's site (click the All Service Ports button and wait for the results).
Click to expand...
Thanks for the help. I'll post screens when it happens again.

1) XP Pro SP2

2) Yes, Sygate.

3) Yes, Dynex E401 or something like that (rebranded D-Link I believe).

4) No wireless, one other computer hooked up to it, also with Sygate installed.

It's basically pop-ups advertising buying their software, a message box that says my computer may be in danger and I should click OK to learn more (I just X it out), and the virus that pops up, which NOD32 identifies as

Time Module Object Name Threat Action User Information
7/1/2006 23:02:14 PM IMON archive http:://locator1.cdn.imagesrvr.com/sites/winantivirus.com/main/
ages/scanner/files/WinAntiVirusPro2006ScannerInstall.cab Win32/Adware.WinFixer application Connection terminated

Again thanks for your help in this matter.

Edit: DEP was previously set to essential only, I now put it to all.

 
Ok, it sounds like you have an as-yet-unidentified downloader Trojan trying to drag more stuff in. NOD32 is identifying the stuff being dragged in, but not the actual culprit yet. If you didn't already, update your virus definitions, go through NOD32's configuration panels and switch-on/max-out every capability (compressed-file scanning, heuristics, etc), then run another scan. If there's the option to include system memory in the scan, as well as the hard drive, obviously you want to scan the memory too.

If the malware has files stored on the hard drive, Kaspersky's online virus scanner might be able to identifiy them, maybe try that too. Hopefully their ActiveX scanner works with IE7 beta 3.
 
Pop-Ups.....On Anandtech!?......::studder::.....

Sounds like Spyware or a Virus, try a full scan with Adaware AND Spybot S+D AND Windows Defender, and also might want to try another Anti-Virus like AntiVir.
 
Well I haven't done Kaspersky online yet, but I rebooted in safe mode, turned System Restore off again, and ran a full NOD32 scan with all the options. Found nothing.

Rebooted into normal mode, played a game, then launched IE and immediately got this pop-up. That's the first one I've seen since mechBgon requested pics.

I've already run Ad-Aware, Spybot, and Defender scans in safe mode, all found nothing.
 
If you'd be open to this idea, consider uninstalling NOD32 for now, and installing a free 30-day trial of Kaspersky Antivirus Personal 6: http://www.kaspersky.com/trials Go through the settings panel and enable all the options at maximum except the Application Integrity Control feature. Update, reboot if needed, and run an exhaustive scan with it.
 
Well I guess I'm not using NOD32 anymore. Kaspersky's online scanner didn't work with IE7, but I tried Bitdefender's and it found 8 infected files, while NOD32 was continually finding none. That's a shame, I really liked that program. I guess I'll replace it with the Kaspersky trial for now.
 
Well Kaspersky definitely seems to be the way to go, found a ton of stuff right after install and I really like the interface. Also does not seem to have a much bigger footprint than NOD32 did. Question, is it okay to not use Proactive Defense? Most of it just seems like an annoyance.

Also, should I be concerned that I was doing normal activities for those few days that I had this trojan on my system? I'm hoping it was only a method of delivering pop-ups and messages and not key-logging or anything like that.
 
Originally posted by: archcommus
Well Kaspersky definitely seems to be the way to go, found a ton of stuff right after install and I really like the interface. Also does not seem to have a much bigger footprint than NOD32 did. Question, is it okay to not use Proactive Defense? Most of it just seems like an annoyance.

Also, should I be concerned that I was doing normal activities for those few days that I had this trojan on my system? I'm hoping it was only a method of delivering pop-ups and messages and not key-logging or anything like that.
Click to expand...
What I'd do, is look at detailed descriptions of the specific malware that it found, and see what sort of stuff it's likely to do (e.g. keystroke-logging). If you post the names of the malware that it reported, I can help find out.

The Proactive Defense might be worth the hassle if you routinely use an Administrator-class account, because your account (if exploited/hijacked) has the power to do anything. I've probably harped on the merits of Limited accounts enough for one lifetime, but... Limited accounts rock 😎

 
I think these are them:

Infected: Trojan program Trojan-Downloader.Win32.ConHook.aa C:\WINDOWS\SYSTEM32\CLICT3G.DLL 27 KB
Infected: Trojan program Trojan-Downloader.Win32.ConHook.aa explorer.exe\clict3g.dll 44 KB
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top