N
Thu Apr 29 15:29:42 CDT 2004
In article <329501c428fc$be5a8710$a301280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
> Hello Norman, thanks for your reply. I've tried everything
> you suggested, except changing the file extension as I
> didn't know how to do this, and nothing has changed
> unfortunately. I was wondering if deleting the whole WMP
> folder from the C drive, as it can't be done
> from "Add/Remove", would remove everything to do with the
> player ( I would just download it again )? Or would this
> potentially cause problems elsewhere in the system ?
Malware tends to hook the registry. You probably should first try something
like Ad-Aware and Spybot S&D to see if they find any registry keys that need
deletion. If those show clean, I think you can safely delete the WMP folder,
and then reinstall the player. Keep this in mind; I am not an MSFT expert, I
only know what has worked for me.
As an example, somebody pointed out a site which offered a sample exploit
for an MSIE vulnerability. After checking the site, and deciding that it
would not actually install malware, I tried the test. On my first round, I
got script pop ups, because my MSIE is set to prompt for scripts in the
Internet zone, and denied them. Nothing happened. But re-testing, and
permitting the scripts, allowed the site to overwrite the MSFT file with a
different file. Windows Media Player was gone, and a harmless graphic player
was in its place. All I did was reinstall the Windows Media Player. Hmmm. I
did rename, and move the graphic program; it was interesting in its own
right. Anyway, what you propose doesn't sound dangerous, if you are applying
it to the Windows Media Player folder.
With both Ad-Aware and Spybot, you should first use their update option
after installation, and before operation. With Spybot, you should try and
have some awareness of what programs are actually part of your OS
configuration; Spybot is very aggressive, and marks some files which some
people actually use. It does have a backup/restore option by default,
though.
http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/
You should also consider changes to your MSIE security. I can't remember the
URL to the site with some good information, but I can tell you my own
Internet zone script permissions:
For ActiveX, "unsigned" and "not marked as safe" are disabled, the rest are
set to "prompt". For Scripting, everything is set to "prompt". For Microsoft
VM, Java is disabled. I have changed MSIE from using the Windows Java VM to
using Sun Java 1.4.2_03. In addition to disabling the Java VM in the
security settings for the Internet zone, I also made changes on the Advanced
tab. I unchecked all boxes for Microsoft VM, and checked the box beside "Use
Java 2 v1.4.2_03 for <applet>. Both changes require restarting the browser.
The result is that you will get a lot of script prompts because of the sites
which expect to be able to run ActiveX scripts on MSIE. You have to decide
if any of the sites are sufficiently trustworthy to move into the "Trusted
sites" zone. I don't normally use MSIE, though; currently, my preferred
browser is Mozilla 1.6. No prompts for scripts. No ActiveX. Most sites work
just fine without it.
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint