ActiveX scripting

Discussion in 'malware problems & news' started by pwr, Jun 2, 2007.

Thread Status:
Not open for further replies.
  1. pwr

    pwr Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    70
    Hi,

    I recently had my PC become infected with some trojans. And I wonder how this could have happend in the first place. Now, I have Agnitum Outpost, NOD32, SnoopFree and Spybot Resident running all the time. I know Spybot Resident is meant for IE mostly, but I use it eventhough I use FireFox.

    The Trojans were all ActiveX. And I have setup Outpost so I have to manually permit ActiveX etc.

    My question: How come that when I permit a site's ActiveX crap, none of the above programs I have running, checks it? I mean, Spybot S&D will find it after a manual scan, so why can't NOD32 or something find it on-the-fly?

    Cheers!
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Do you have the names of the trojans?

    Do you remember the exact circumstances that caused any of these infections?
    It's not clear to me how ActiveX scripts would run in FireFox.

    Do you remember any of the web sites?

    regards,

    -rich
     
  3. pwr

    pwr Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    70
    I can't remember which sites, but Outpost comes up with a dialog box that asks about whether I want to allow activex scripting from this site. But my question was more: what kind of "live protection" can I use against ActiveX that goes a little deeper than just asking if I want to allow it or not?

    Here's a screenshot:

    http://maniacmansion.dk/ax.jpg
     
  4. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    If you are using Firefox you don't have to worry about ActiveX, because ActiveX controls, legitimate or malicious, don't work on Firefox.
    IE will prompt the user when a site wants to install an activex control, but many malicious controls are installed through exploits.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    1. Not everything ActiveX is bad

    2. I dont know about ActiveX scripting, but Firefox doesnt not support/load activex controls such as those used for many online scanners.

    What I would do is use the NoScript extension for Firefox.
     
  6. pwr

    pwr Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    70
    Ok thx, I'll look for that =)
     
Loading...
Thread Status:
Not open for further replies.