"Wong Yung" wrote:

> Sebastian Gottschalk wrote:
>> Not quite true. One can sometimes trigger to download new or old versions
>> of existing ActiveX controls (ignoring IE's settings), and then make such
>> exploits work again. Even aside from that, just invoking an ActiveX control
>> without any possibility to access its scripting, can have devasting side
>> effects - f.e. invoking TlntSrv.TlntClientEnum (not safe for scripting)
>> made Windows 2000 Server SP3 start the Telnet Server Service if installed.
>
> Now I'm getting scared...So how can I be sure there isn't any nasty
> stuff on my computer as a result of this?

You could start by looking for those files mentioned in the exploits
(u.exe, d.exe and tm.exe), although sometimes the malware will delete
the initial files once it's installed.

> I've run a full antivirus
> check, a full antispyware check and a full anti-trojan check using
> Trojan Hunter and these programs at least say I'm clean. I am fully
> patched up (I always install the updates as soon as they become
> available). And I've run netstat and it doesn't show any strange
> internet connections and my firewall doesn't show any strange
> connections though of course it could be piggying-back on another
> program.

If there's no unusual activity you are probably ok, but unless you're
very familiar with your system the only sure way is to reformat the HD
and reinstall the OS.

There's now an 'ADODB.connection' vulnerability which has just been
discovered. See http://isc.sans.org/diary.php?storyid=1807

Next time you use IE on the Internet, be sure to disable ActiveX
completely.