Internet Explorer continual long running script error – malware or fix available ?

Internet Explorer continual long running script error – malware or fix available ?

This has been edited from an actual help question/answer I made here: Re: [Windows_Vista] in Internet explorer 9 http://tech.groups.yahoo.com/group/Windows_Vista/message/3879 Mon Apr 1, 2013 1:20 pm

The symptoms were that the user was getting the ‘long running script error’ (or similar) error messages at multiple websites – not just one….

One common cause can be this…..

Stack buffer overflow http://en.wikipedia.org/wiki/Stack_buffer_overflow From Wikipedia, the free encyclopedia

“In software, a stack buffer overflow (also known as stack smashing) occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure; usually a fixed length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than there was actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. This type of overflow is part of the more general class of programming bugs known as buffer overflows.[1]…..” FULL http://en.wikipedia.org/wiki/Stack_buffer_overflow

That is somewhat to the opposite what a crafted malware can do – flooding, injecting lengthy nonsense to the point it starts overwriting in the memory and overtakes or destroys, whatever the malicious intent.

INFO LINKS Error message: “A script on this page is causing Internet Explorer to … http://support.microsoft.com/kb/175500 Some tests and benchmarks may use scripts that take a long time to run and may want to increase the amount of time before the message box appears.

How to troubleshoot script errors in Internet Explorer http://support.microsoft.com/kb/308260 Describes how to troubleshoot the following script error: “Problems with this Web … FIX: You may receive a script error when you try to run a script on a computer …

There are many types of scripts for various content on a website. There is also like Java script. Check out this simple short information…. How is JavaScript different from Java? http://www.java.com/en/download/faq/java_javascript.xml

Since you are saying the symptoms are “dang near every page” – it seems this certainly is not just some bug at any website that has some new content they uploaded but was flawed in language causing a bug or two and they were not aware of it yet to fix it. So, to me, it seems it leans toward the internet connected browser – Internet Explorer.

Many times you get that message and there also would be a pop up to click to “Stop the script” and end of story, you go on with what you were doing. Apparently this is not happening.

QUICK FIX….. For a quick fix you can use the “magic” in Internet Explorer many users are unaware of. Lots of Firefox users say they like it more because it does not allow Active X to run and you an install plug ins to stop scripts from running at every website and give temporary permission etc etc etc. Seems to run faster. (You can click not to allow Active X to run in IE too) THAT is very messy and not necessary in Internet Explorer. You simply shove the Security setting all the way to HIGH…..

So that you do not encounter the error first change your Homepage in IE (Internet Explorer nic) to a known good site (you can change back later anytime). A good fast loader is Google.com (white page, not full of graphics etc). GO TO…. Start > Control Panel > click Classic View ( upper left) > Internet Options > panel opens and change the Homepage to http://www.google.com/ ….. click > Apply

NEXT click the Security Tab in the same panel, Internet Options. It is probably at Default settings – ‘Medium High’. If it says “Custom” then first click Default and Apply. NOW slide that Settings bar all the way up to “High” and click Apply / OK  / close the Internet Options panel.

Okay, open Internet Explorer and you are now going to experience Internet Explorer running even safer and faster than the similar Firefox set up without having to click nothing for each individual site. HIGH Security settings in Internet Explorer stops all kinds of website add ons and scripts and java and auto runs and embedded players and on and on and on. It stops all the crap kind of like Plain Text email does. This setting should stop whatever was running and try going to a few familiar sites to see how it performs. (Don’t forget after all said and done to click Default again in Internet Options IE for normal browsing).

NEXT if IE is browsing okay I would absolutely want to run a good scan with a quality antimalware program. I am assuming you probably have one installed as a veteran Windows user. There is possibly a malware that is failing in attempt to rifle the Internet Explorer browser – hijack it – but is a flawed malware and can not execute properly for its nefarious intents.

A common attack at rigged websites is…..

Cross-site scripting Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/Cross-site_scripting Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into …

….BUT again you are saying it is not an individual website but is occurring everywhere. So if there is no malware present – ruled out by full scan by quality amtimalware as Symantec, Trend Micro, Emsisoft, Bit Defender, NOD32 etc etc – I would move to a more advanced solution.

ADVANCED ….

RUN WINDOWS UPDATES AND APPLY ALL IMPORTANT UPDATES. IF YOU STILL EXPERIENCE PROBLEMS AFTER APPLYING ALL HELP — CONSIDER UPGRADING TO INTERNET EXPLORER VERSION 10 – ALWAYS ALWAYS ALWAYS UPGRADE TO LATEST BROWSER UPGRADE VERSIONS ! THESE ALWAYS CONTAIN IMPORTANT SECURITY UPGRADES.

Most users are oblivious to Java exploits and zero days in security news. This is a REAL worldwide event and many entities are completely disabling Java. As recommended and as I do ( I am in pc security since 2005 anyway) – I uninstalled Java from my computers and have disabled ALL Java plug ins in ALL browsers.

READ UP  / Seeing is believing…. (my security blog)   Catch Up With Java Malware Information March 3, 2013 — bluecollarpc https://bluecollarpcwebs.wordpress.com/2013/03/03/catch-up-with-java-malware-information/

You can now see the horrific extent and nightmarish ongoing continual cyber crime attacks to circumvent Java and security to take over computers worldwide. I don’t remember ANY such event in this magnitude since I have been online from 1999. For users unaware, the only possible defense was quality Real Time Protection antimalware. Additionally, this does not apply in your case – the recent Internet Explorer Zero Day….

US-CERT – Microsoft Releases Security Advisory for Internet Explorer http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/2539 Microsoft has released Security Advisory 2794220 to address a vulnerability in Microsoft Internet Explorer 6, 7, and 8.

RECAP…. (my advice) ….

# Regain control of navigation of the system by placing Internet Explorer in ultimate High Security Settings. Note, Internet Explorer is not a separate software but is part of the Windows OS (operating system) – Unix Certified.

# Perform a complete full scan of the system and files with a quality antimalware product and have installed same with Real Time Protection activated. Quarantine any malware found, should be automatic. Try installing ….. / run it…. (clean scan will also rule out botnet activity) BitDefender Launches Free 60-Second Virus Scanner http://www.bitdefender.com/solutions/60-second-virus-scanner.html

# Restart the computer and perform a quick scan by quality antimalware program without internet connection.

# Uninstall Java from the computer at Control Panel > Programs/Features. (Optional, I would). As well, disable Java in ALL browsers in their Tools/Settings.

# Clean ? Connect to the internet and run Windows Updates and apply ALL security and Important Updates.

# Upgrade ALL browsers to their latest versions. Firefox > Click About Firefox… will scan instantly to see if latest version is installed. Same/similar in Google Chrome browser, others. (Little known fact, Opera and Firefox along with a handful of other softwares received the ultimate disgrace as being rated “Riskware” in 2009 or 2010 by respected institutes worldwide ! )

# If still experiencing trouble, I would reconsider an informed choice as to “quality” antimalware. Many users believe hype and paid advertising good reviews by like magazine type destinations rather than the real world truth from independent labs and word of mouth from experienced advanced users. For instance, you may have heard raves over free MalwareBytes. This product has not even achieved the simplest certifications yet…..

VB100 Award = Perfect scores ! (Top AntiVirus World Prize) http://www.virusbtn.com/vb100/index http://en.wikipedia.org/wiki/Virus_Bulletin

West Coast Labs http://www.westcoastlabs.org/

AV-Test.org http://www.av-test.org/

Malware Research Group http://malwareresearchgroup.com/

Welcome to the independent and renowned ProtectStar Test Lab http://www.protectstar-testlab.org/

Welcome to AV-Comparatives.org http://www.av-comparatives.org/

# ADVANCED…. TRY DIAGNOSTICS IF STILL EXPERIENCING SAME PROBLEM BEFORE REINSTALLING WINDOWS…. DOWNLOAD / INSTALL…… these can help identify malware undetected…..

HiJackFree (Genuine Freeware) [wrkx w/ Netbooks] Freeware! HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. For your full control over your system. http://www.hijackfree.com/en/

Alternatively you may want to install…. HiJackThis http://sourceforge.net/projects/hjt Description. HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis – Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/Hijackthis HijackThis (also HiJackThis or HJT) is an open source enumerating tool for Microsoft Windows originally created by Merijn Bellekom, and later sold to Trend Micro. ….. and post the HiJackThis Log for analysis. IN THESE DIAGNOSTICS DO NOT CLICK “FIX” ANYWHERE ! Generally for advanced use or may render software or even Windows itself inoperable with a wrong removal or fix !

# Last resort, if this continues as mentioned, I would have to consider reinstalling Windows and bring ALL things up to speed security-wise as mentioned…. Run Windows Updates apply all, upgrade all browsers, uninstall Java and disable Java plug ins in all browsers, install quality antimalware with Real Time Protection enabled.

— Gerald309-> (for reference) HOME: https://sites.google.com/site/pcsecurityhelper/ (webmaster bluecollarpc.us, down for the moment)

Additional Follow Up (these are just my opinions, suggestions I am no expert LOL) http://tech.groups.yahoo.com/group/Windows_Vista/message/3880

In the one Microsoft Information/Help link, Microsoft suggests diminshing the time out time so that in these events it would not seem to be an endless looping hung application or frozen scenario or crashing abrubtly intermittingly.

To do this, they give the Windows Registry keys to edit or insert – writing into the Windows Registry. …..jv16 PowerTools http://www.macecraft.com/ and http://en.wikipedia.org/wiki/Jv16_powertools is about best in world for well over 10 years. The free version (registry clean up) does not have the registry write in / modification features. You can do this manually but the paid version just makes it easier to do. Apparently, Microsoft is instructing to cut short the time-out to avoid the hung application scenario (meaning the browser in this case) or frozen browser. Apparently the fix will cut short the script etc running and then with in seconds or whatever the browser is normal again without these running. The FIX there is for versions 8 down though.

In other words look at…. “Let me fix it myself” http://support.microsoft.com/kb/175500

This would be a high tech solution as the average user has never even opened the Windows Registry or even know that user access exists. Of course this is where all the warnings come in to “NEVER touch anything in the Windows Registry unless you know what you are doing or you may damage Windows and/or other softwares. ”

I am not suggesting you alter your registry. I am offering the information to read between the lines as to what the problem actually is. Then to go from there in any possible solution as easy as possible.

SAMPLE MALWARE POSSIBILITY AS PROBLEM…..

Internet Timeout Virus http://www.ehow.com/facts_7559067_internet-timeout-virus.html

QUOTED:

“Timeout Virus Sends Different Messages Web Scanners Bundled with certain Anti-Virus Packages can cause Time out

The Internet Time Out Virus sends out varying messages. Some include:”A Run time error has occurred. Do you want to debug? Line 34 Error: Permission denied” or “Runtime Error! Program:E\Program Files\Internet Explorer\iexplore.exe. This application has requested the Runtime to terminate it in an unusual way”. Microsoft Support offers a fix for this you can download. Some Causes Viruses are a fact of life online.

A family of programs called Vundo Trojan can cause some Web browsers to have problems loading certain high traffic sites such as search engines and social media. It spreads through network drives and uses different methods to reside on your computer. It is not easy to detect. Firewalls Selectively block Internet Access Run a full system spyware scan daily.

Sometime the problem occurs because a timeout limit to return data has been imposed on the server by your Web browser. The default timeout limit could be five minutes to 60 minutes. In case of server problems, the browser will keep waiting. A solution is to reset or change the default time out setting. Incorrect firewall settings may also give a timeout message.”

UNQUOTE.

I added this to maybe help identify what I suggested as problems and how to fix easily.

The bottom line here would be that reinstalling Windows is such the overkill and unnecessary if a simple registry edit was the cure. I am going to look for this for IE version 9 to see if they posted a fix.

Addditionally if you want to skim over some Windows Registry information help to get a little familiar to what is being said you can look at a help page I have \up here form my web (Google Sites) https://sites.google.com/site/pcsecurityhelper/windows-registry-help

I would just review things mentioned in the several help answers and wait a little for maybe more and keep posting, hang in there to get it fixed.

gerald philly pa usa Home https://sites.google.com/site/pcsecurityhelper/PCSecurityHelper

PS….TIP: If you move towards editing the registry, a paid software with registry Back Up features is not necessary. Simply open the Windows Registry and click Export and then Save to like My Documents with any File name you want to give it like “Registry Back Up Jan 2013” example.

Click Start > Run > type in “regedit” without the parenthesis > click OK > … the Windows Registry Opens…. > click File > Export

Note that this takes about 10 to 20 seconds to complete before ready to save it as a file. NOW if there has be any mistake made then you simply close everything running (browsers, email, software program, etc etc) and Go To the back up file you saved in like My Documents. YOU SIMPLY DOUBLE CLICK THE BACK UP FILE AND WINDOWS REGISTRY REINSTALLS TO THAT SAVED FILE WHEN IT WAS WORKING. It will over write the entire registry and write in the registry as it was saved. Of course you do not do other things as install new softwares, Windows Updates, etc in between time while working on the registry. You do your fix task and confirm it is okay by navigating the pc a bit and maybe open afew softwares one at at time and close them. things working ? try a reboot and try again to confirm the registry edit is okay and everything is working.

The reinstallation of the Windows Registry is like System Restore. The System Restore Point is a snaphot of the entire system at that instant. Same thing in the Windows Registry back up file. It can only rewrite that “snapshot’ in time of what was in it. If you were to make changes (as installations and updates/upgrades) before checking the edit was okay – then these new registry keys from the changes would NOT be in the back up and would not then work no doubt until uninstalled and reinstalled if possible. A manual uninstall may be necessary of these as would be “corrupted” due to missing registry keys and entries.

CLEAN UP TIPS……. http://tech.groups.yahoo.com/group/Windows_Vista/message/3881?l=1

As Microsoft mentioned to clean up Temporary Internet Files, the easiest wy to do this is with a very popular safe durable software called CCleaner (nic crap cleaner) used by millions and millions of Windows users. It is Genuine Freeware meaning NO ads, ad pop ups, etc etc.

CCleaner http://www.ccleaner.com/ http://en.wikipedia.org/wiki/CCleaner

Here is the normal settings used in it for entire safe clean up of junk temporary internte files etc….

Recommended Settings and use of CCleaner – Temporary Internet Files Clean Up Browsers, Applications January 14, 2012 — bluecollarpc https://bluecollarpcwebs.wordpress.com/2012/01/14/recommended-settings-and-use-of-ccleaner-temparary-internet-files-clean-up-browsers-applications/

NOTE it is recommended NOT to keep any cookies stored on the PC as malware now can break into a PC and take it over through stored cookies. This was happening at Facebook users. SEE:

Delete ALL cookies ALL the time EVERY time Facebook malware reminds us December 27, 2011 — bluecollarpc https://bluecollarpcwebs.wordpress.com/2011/12/27/236/

TIP: You rarely hear about cleaning up Java temporary files. Malware tries to reside and hide here from detection and removal. You can achieve this by opening the Java Panel…..

Start > Control Panel > Java …. double click the Java panel icon to open it.

In settings there, go to the Temporary Files and click delete all. This affects nothing and is safe to perform anytime. There can be age old files there and a mini malware payload. It is better to even choose “Do Not Store Java Temporary Files On This Computer”. This blocks Java based malware from executing a payload from these files. This is a safe setting or they would not offer it. May slow navigation a nanon second if that. I did this 5 years ago or more before actually uninstalling Java due to current ongoing crisis with it.

gerald philly pa usa https://sites.google.com/site/pcsecurityhelper

Advertisements

Home/Small Business areas of Security in Online Communications

Home/Small Business areas of Security in Online Communications

Security of communications in a Home/Small Business endeavor or existentially. (I had to add this to my blog ! )

SOURCE — I am member Gerald309 – http://www.theeldergeek.com/forum/index.php?showtopic=43544  )

Of course this is the core in the security and IT industry with all the products available, and of course all the many departments in those products and general security in all communications on the world wide web. I could only scratch the surface and perhaps point you to some beginning areas that can expand into the “learning curve” knowledge – and since you are alert enough to consider security itself, you are well on your way to that simply by reading a post as this. Securing communications products and appliances are involved in secure communications. This is a very vast area of world wide web security itself and can be easily perceived in the many zero days and continual security alerts as vulnerabilities discovered and their solutions – generally patches, updates.

The two sides are all the communications from the client side (home/business network of computers) and all the communications to and from the server side (hosted on the world wide web). If I guessed right – you are concerned with the basics of secure communications against “leaks” which can occur on both sides of the equation in many areas. Some of the basics are like digital secure email for example.

Digital IDs for Secure Email

http://www.verisign.com/authentication/digital-id/index.html

Compare Digital IDs – Authentication, Secure Email & Secure Office

http://www.globalsign.com/authentication-secure-email/digital-id/compare-digital-id.html

Above are just two items of a vast array of security points of a vast industry with a vast amount of products. The learning curve can occur with introduction of communications and the security aspects which can involve all the threats exploiting them continually.

Just one aspect of this is generally called “sanitization” and as a search term…

Sanitization

http://en.wikipedia.org/wiki/Sanitization_%28classified_information%29

Same ballpark…. (even a corruption source and malicious use of hiding)

Data cleansing

Not to be confused with Sanitization (classified information).

http://en.wikipedia.org/wiki/Data_cleansing

In threats, there is the spyware area of “data mining” (which becomes much more aggressive for nefarious uses – cyber thefts)…

data miner (spyware)

http://www.webopedia.com/TERM/D/data_miner.html

I can not locate it handily, but I wrote a first “paper” about deceitful data scraping ….

Data scraping

http://en.wikipedia.org/wiki/Data_scraping

And so even these very, very few items are not even a surface scratch of all involved and are a part apparently addressed by the product mentioned <http://www.anonymizer.com/ > . There are a zillion as such now and it takes first understanding the scope of dangers – and then what addresses that as a confident determination in a security solution. Much of all things are simply “cured” by keeping all machines fully patched and all softwares and add ons. That basically gets rid of 90 percent of the ills and of course this is all assumed as installing the cutting edge quality products of antivirus, antispyware, and software and hardware firewalls and employing with severe prejudice – Safe Practices. As mentioned, adding any remote type connectivity to the home/business computer network introduces and multiplies dangers such as here – what has become a deplorable wireless security connection anywhere now with virtually all wireless signal encryption hacked.

One more point of all this is the actual webhosting and their server side security and reputations which need be observed obviously. One item here is the infamous…

Cross-site scripting

http://en.wikipedia.org/wiki/Cross-site_scripting

There are so many, many instances now of website break in worldwide in all – .com, .org, .gov, etc. . The obvious beginning is securing the home/business side of network computers (non-corporation) to at least determine any leaks and infections are not coming from the client side as example, uploading infectious files or photos, etc. Then, with this “forensics” if you will, it can be determined any malware and data ills and break ins are indeed occurring on the server side – webhost and servers. This is out of the hands on the client though they may work with you in any instances (not rare anymore). One example of this was that I suffered what is called “defacement” of my personal security theme website a couple years ago. This is that too familiar scenario whereby a cyber criminal hacks into the webhost and/or servers and places the defacement with the message “…if you want your site back, contact me with money at so and so…” – a typical extortion plot generally aimed at business. Unfortunately, the client has to wait until the webhost remedies the infection. This is where much research should be employed into the security aspects of the webhosting security reputation as well as all applications used on the website. C-Panel hosting really gives the client hands on in many areas.

The only bottom line is that I have not heard yet that WPA Enterprise is compromised For business, there is enough free information available but generally no one will get involved in actual security solution without price – IT Security. I do advise to look around a bit ‘yellow pages’ in your exact local regional area for these services for Home/Small Corporate business. In the least if hired, you will have among the best bondable security solution available. And again, there are a zillion products for a zillion things much as the medical industry churning out specialism in treatment – one for this one for that and so on. This can be completely counter productive and even damaging (much like the ills of using two antiviruses on a desktop ignorantly) and whereas IT Security will indeed deal with the entire over all picture.

I mentioned Trend Micro as well known and of course is one of the handful of these top quality products on the cutting edge of defense and not as hype but fact proven by independent lab testings. I am testing out their new netbook edition, but going back a year or two they did actually have four or five different security level settings for their laptop/notebook edition included firewall which included defending against direct attack while on Wi Fi wireless internet. I assume they still had that. This product virtually assures your machine (s) are defended and not infected. One side of the equation confidently secure. A basic beginning and they have almost all these communications protections incorporated aside from others the client can install like document type stuffs and secure email and so on.

Simply, trying to point you to data areas that you seemed interested in securing. Massive isn’t it ! The more you become involved in security you will see there is indeed a split in the area across the board and IT. Many just advise quickly for a sale not caring – profit driven, taking advantage of consumer ignorance. Many adjust security for convenience – whatever is least interaction for the client for their irresponsible praise which many times involves data theft resulting in massive ID Thefts of their customers which they will be both responsible for in a court of law – usually the business owner blaming IT.

Just mentioning things that do not even scratch the surface, I think you can appreciate this is not a one liner response subject. Quite the opposite. Costs are always a target, but to even make money on the Net – security should never be a target of the axe obviously to even be solvent in today’s marketplace online.

Not being professionals and experts and programmers in the industry, the consumer business person can easily rely on responsible user input (what’s hot – what’s not, what worked – what didn’t) from experience the best teacher to add as additional, but not sole source, for “Informed Decisions” in security solutions.

Forgive the answer if I entirely misjudged that you are a simple home laptop/desktop user looking for wireless security as opposed to a business owner. No, then, that product is not for this – it is a business enterprise solution type product.

EDIT… just looking I did see they actually indeed have a Home User Version. My apologies in advance. The WPA is encryption of what is in the air – the communications undecipherable. This is what has been hacked and there is no solution for that except a new upgraded WPA as they did with former WEP. What is in the air over the wireless internet (Wi Fi) is everything your are seeing and doing. Breaking into this, hacking WEP and WPA, the cyber criminal is basically seeing an entire text version of all to easily see sites visited, emails and documents and files opened an so on. It does not matter at all what is on client or server side. This is not what is being hacked.

More, see….

End-to-end principle

http://en.wikipedia.org/wiki/End-to-end_principle

Wireless Intercept & “Wiphishing”

http://technology.pitt.edu/security/risks/wiphishing.html

Webmaster, http://BlueCollarPC.US/

%d bloggers like this: