i have started getting alerts from NAV to stop/allow a suspisous script to be run. this is what it looks like in the log Date: 9/17/2003, Time: 16:08:36, Iain on PC Script Blocking detected suspicious activity. File: C:\WINDOWS\system32\-Embedding Object: FileSystem Object Activity: GetSpecialFolder This script was stopped. i have bene getting a LOT of backdoor/subseven trojans trying to access my pc for a while now which i have posted about. i wondered if maybe when ive turned the firewall off for a bit it has managed to get in and install this. what shuld i do? i cant find this system32\-Embedding. i have done an online trojan scan but found nothing and am currently scanning with norton but i suspect nothing will turn up. what should i do. am i ok as long as i keep denying the script to be run untill i remove it? what is it and how do i get rid of it?

ok its turned out to be verifierbug.class which had infected C:\Documents and Settings\Iain\JPI_CA~1\jar\1.0\archive.jar-27b6d965-1594bea1.zip i quarantined and deleted it but it has already come up again saying its is trying to excecute

ok ive just realised the warning is only coming up when i go to google.com when in google it says "thispage cannot be displayed" whats going on???! please someone reply :(

Might be relevent, been seeing a fair amount of verifier bug stuff lately. Of note, the site approvedlinks .com is a known pain associated with the CoolWebsearch highjacker. Message 3 in thread From: Andrew Clover (and-google@doxdesk.com) Subject: Re: Installation methods View this article only Newsgroups: alt.privacy.spyware Date: 2003-08-21 19:15:29 PST John Ives <aaaaaaaaa@hotmail.com> wrote: > What I want to know is are there any known Spyware programs/Hijackers out > there that install by using Java (maybe using a security weakness) or by > some other similar means? Yes. The most widely-used Java-related vulnerability is the ActiveXComponent bug in IE, which has been used to install TinyBar and various other home/search repeat-hijackers. Another more recently exploited hole is the bytecode verifier bug in the MS JVM; so far I've only seen this used to run plain hijackers (eg. approvedlinks.com). -- Andrew Clover mailto:and@doxdesk.com http://www.doxdesk.com/ Full Thread Can't hurt to run CWShredder at the bottom of this page: http://www.spywareinfo.com/~merijn/cwschronicles.html Read the story as well, as I said it can't hurt. hth shep

Why don't you try Trojan Remover, this freeware for one month, downloadable at: http://www.simplysup.com/tremover/details.html The most popular anti-trojan program so easy to use ? made especially for unexperienced users...

i tried trojan remover and thanks for all the info sxshep what im not sure about is wether it has installed itself on my pc and nortion is stopping it from running this script when i go to google.com or wether it hasnt installed at all and i can somehow remove it. because none of the remover tools have come up with anything. so even thought its not doing anyting bad does this still mean its made itself impossible to remove as described in that article.

Hi echobunny, I had exactly the same thing, with google and stuff. Some info about this is on: http://www.computing.net/windows2000/wwwboard/forum/51763.html (read the third message to "fix" this. That helped me to "deactivate" it, but I don't know how it came in, or if it is still lurking around somewhere. Good luck.