Mouseover script help?

URGENT help needed re virus - "malicious script"? - in IEXPLORE.EXE, per Norton

• Hello. (System details/versions below). 1. About 11 am today (June 16, 03) I got a message from Norton saying a "malicious script was detected" and identifying the script as IEXPLORE.exe. The Norton screen also said I needed to do something, and suggested deleting the file, so I said yes. Did not get a confirmation that the file was deleted, though. 2. Shortly afterwards, I was unable to send email (I use Outlook), because the program told me there was not enough memory for the default editor -- Microsoft WORD. I then tried to open Word directly, and had trouble -- "not enough memory available." 3. I called my computer expert, who suggested I likely had a virus, should back up data and bring machine in for re-initialization, etc. 4. I backed up all data (from C: drive to another internal hard drive, F:). 5. Other programs seemed to be running fine. Then WORD began running fine. 6. My computer expert still said, safer to probably re-initialize. 7. I quickly checked with Symantec, searching "malicious script" and wound up looking at a bulletin from Renoworks Software that "Norton AntiVirus script detection...identifies ALL scripts as malicious by default. This is by design." HELP! If #7 is correct, then I may NOT have a virus. I told my computer expert that all programs now seem to be running ok, including WORD, but he still thinks I might have to re-initialize (of course, that means a fee and a lot of work for me, too, re-installing all the non-system stuff). One final point: About 3 days ago, I noticed that Microsoft word had acquired one strange form of behavior: In the headers and footers, I now see the code onscreen rather than the result: i.e., I see "{ FILENAME }" in a header instead of the actual file name. The printouts are still OK, tho. This PRECEDES the WORD problem today -- which, as explained, seemed serious yet seemed to be temporary -- and is still there. I'm not seeking a twofer, here, but the facts may be relevant. Anyone who solves this should get a $5 fee, separately from the main question. Brad Immediately afterward, I am running Windows 2000 (professional, I guess) version 5, on my home computer. I have Norton Systemworks 2003 professional edition, and run Live Update very often and do system scans regularly. Last scan was about 3 days ago. (First of my Drive C:, and then of 2nd internal hard drive F:)

• Answer:

  Hi bbb!! I will post the answer with the hope that you can use it in the future as reference. I think that you had a minor virus infection. The solution for this is to do an online antivirus scan. The better service that I know is the offered by Bit Defender, you just only visit the following page and follow the instruction: http://www.bitdefender.com/scan/licence.php After you run this scan, the downloaded secanner detect the virus called JS.Trojan.NoClose.B This is a not dangerous pest: "The infection is activated by the execution a code in JavaScript embedded in a Web page or a HTML message. When said page is visualized, the browser remains minimized and cannot be closed or to maximized easily in some cases. Also a large quantity of windows are opened, aiming at different directions of selected URLs listed in its code. If the connection to Internet is active, these directions are accessed without the authorization of the user. The windows remain hidden to the user, but active in memory, causing from time to time a notorious loss of resources in the system. Because they are hidden, the user cannot close them. The solution consists of rebooting Windows, and to eliminate the code that originated the infection, by means of the scan with one or more updated antivirus. The Trojan does not produce another change in the computer, neither has included any routine of infection, not being been able to spread it alone. An updated antivirus, monitoring in real time, also stops the action of this pestware." Translated from "Troj/JS.Noclose.B. Agota los recursos del sistema": http://www.vsantivirus.com/js-noclose-b.htm This explains why, when you started another program and the malicious code was running, you received "not enough resources or memory" messages. Now you are wondering why you have not problem, at the same time, with other programs than Word. I guess that Internet Explorer, as a previous running program, had physical memory assigned, when you try to start a big program like Word (which need a lot of memory) not enough memory was available and it did not start. For more info about the JS.Trojan.NoClose.B pest from the Bit Defender´s site: http://www.bitdefender.com/virusi/virusi_descrieri.php?virus_id=3 One more thing, your IEXPLORE.EXE file did not infected, I guess, it was used by the pestware and you deleted it from a system cache folder (DLLCACHE). This is the place where windows stores the important system files (usually DLL and EXE) that's used during a WFP (Windows File Protection) recovery. See "What is the Windows File Protection (WFP) in W2K/XP computer?": http://www.petri.co.il/what's_windows_file_protection.htm You can do an online scan once a week, and use it as a second opinion. Some recommedations: -The Proxomitron: To diminish the risk of infection and to avoid damages caused by the use of malicious code embedded in webpages by the simple fact to visualize them, I recommend the installation of the free utility Proxomitron. See "The Proxomitron An Introduction ": http://www.sankey.ws/proxomitron.html Download it from here: http://www.pluto.dti.ne.jp/~tengu/proxomitron/files/ProxN45.exe -Pest Patrol: "PestPatrol is a powerful security and personal privacy tool that detects and eliminates destructive pests like trojans, spyware, adware and hacker tools. It complements your anti-virus and firewall software, extending your protection against non-viral malicious software that can evade your existing security and invade your personal privacy." It costs $39.95 http://www.safersite.com/pestpatrolhe/ Additional note: Heuristic is known by Symantec as Bloodhound, you can access it by the Options menu. The following page may be useful to you: "How to configure Norton AntiVirus to provide maximum virus protection " (note the paragraph that says "Choosing the "Highest Level of Protection" may cause NAV to incorrectly report a virus." in the manual scan section): http://service1.symantec.com/SUPPORT/nav.nsf/pfdocs/2001031614323606 I hope this helps you in the future, I am glad because it do that today. If you need a clarification please post a request for it. Best regards. livioflores-ga