Latest HTAStop? Old one on your site.

Discussion in 'other anti-malware software' started by DarkStar, Aug 2, 2003.

Thread Status:
Not open for further replies.
  1. DarkStar

    DarkStar Guest

    4.0.1.0 1.00.003 is what is still available for download from you.

    Can you update yours to HTAStop2003 please?
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Darkstar,

    I'm afraid this is the only mirror that has been updated: http://www.simtel.net/product.php?url_fb_product_page=67031

    Regards,

    Pieter
     
  3. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    All sites listed currently offer old version.
    I have been i contact with Nancy and she will send me a copy of it as soon as she has time to go to her emailer and i will also offer PSC freebies for download.
    Stay tuned
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Yes, it looks like they must have recently updated the HTAstop.exe program since even their recent article still referred to the original 1.0 version that was released back in April 2001.

    The new version is even more effective in preventing HTA based exploits, as they've taken additional steps to disable HTA capabilities in the OS.

    I've tested the new version and it looks really good.
     
  5. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    OTHER PSC FREEBIES

    DSOStop2.EXE
    The "DSO Exploit" (Data Source Object) was first reported by GreyMagic
    Software of Israel on February 27, 2002 and a "workaround" for Microsoft's
    defective code was provided by Axel Pettinger and Garland Hopkins on March
    3, 2002. Their fix requires the user to manually edit the registry. Many
    computer users are extremely nervous (and justifiably so) about doing this,
    owing to years of warnings and advisories not to. This FREE utility will
    safely do it for those who do not feel confident running and editing
    "Regedit." Read the details for more information and links
    to the registry modification instructions and test site.

    CR2Kill.EXE

    CR2Kill is designed to detect and delete the CodeRed II and III worm from
    IIS servers. It then will send the user, with their permission, to the
    Microsoft site where the ISAPI patches are available.

    HTAStop2003...HTAstop.exe
    It's now possible for a "rogue" website to actually embed trojans, worms
    and/or viruses directly into a web page. In the past, pages that offer
    seemingly attractive downloads which contain such malware required you to
    click to start any download to your computer. Now it's become automatic,
    using features in the Windows operating system known as scripting.These
    scripts can load programs without you knowing, and then they run
    immediately. All
    you have to do is visit the site, without doing anything besides viewing
    the page.

    HTAstop acts as a brickwall against these scripts, disabling them so the
    download doesn't occur. HTAstop protects you against one variety of script,
    our IEClean covers all twenty seven.

    0click2.exe

    0click2 is a small, simple, free program for users of Windows95, 98, NT and
    2000 which allows you to "disconnect doubleclick from the internet" and
    this in turn prevents their banner ads, their cookies and their tracking of
    your activities. 0click2 works by causing all
    referrals to doubleclick from any site to be blocked at your own computer.
    0click2 works only with the standard Microsoft winsock for dialup
    networking, DSL, ISDN and cable modems and does not work with other winsock
    programs such as AOL(Compuserve),
    Trumpet Winsock or Twinsock. 0Click2 adds new functionality to allow you to
    choose to block other sites as well.

    These two are really old, so you may not want to use them. ShareClean
    doesn't workwith OS-es above the original Win98 (not SE), as well.

    Socklock.exe

    If SockLock is used BEFORE you fall victim to Happy99 or other SKA class
    trojan attack, it will protect you from infestations by this trojan horse.
    You can actually download and enjoy the fireworks display presented by the
    Happy99 trojan without any risk of infestation or spreading
    the trojan further to other hapless victims as SockLock PREVENTS any SKA
    class Winsock infesting trojan from being able to do anything more than
    display the cute distraction. They CANNOT infest your machine (or anyone
    elses) if SockLock has been used to lock your winsock
    against modification. SockLock also creates two 72 byte files which prevent
    SKA class trojans from being able to install at all on your machine once
    you activate the protection using SockLock.


    SClean.EXE

    If you subscribe to cable modem service, or are using a high speed internet
    connection such as ADSL, HDSL or xDSL, or are on a corporate intranet or
    LAN, you could be exposed to a serious security problem if you are
    connected to the Internet through an
    ethernet card in your Windows95 machine.

    The problem involves Windows95's built-in "File and printer sharing"
    (otherwise known as NETBEUI/LANMAN protocol) and a flaw in it which allows
    people connected to your service to access all parts of your hard disk and
    lets them read, write, delete or modify files
    anywhere on your machine. Share Clean is designed to eliminate the problem.
    It's as easy as pushing one single button to secure your machine against
    outsiders.

    http://groups.yahoo.com/group/MickeyTheMan/files/PSC/
     
  6. DarkStar

    DarkStar Guest

    Is it true that the latest HTAStop2003 won't work on WinXP?
     
  7. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Could you share the source of this
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :) last i recall was xp was hta based programing and disabling hta on an xp system wasnt good

    another of microsoft xp goodys thx microsoft blaze put beer on windows xp cd lol but windows xp makes a fine beer coaster lol :D
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I have Win2k SP4 and the new HTA stop screws up a couple of functions on my machine.
    One example is if I go to the control Panel and try to open add and remove programs, I can't.
    Not sure how much is affected.
     
  10. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    For interested parties, I have run HTAStop for quite while now, first on W2K PRO no probs, and now Win XP. However, if you want to stop the exploit without using HTAStop, simply use Wormguard and put HTA scripting extension in the BLocked Editor's List, along with VBS, etc. etc.

    Cheers, TAS.
     

    Attached Files:

  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i want new hta stop where do i get it
     
  12. DarkStar

    DarkStar Guest

  13. dqa

    dqa Registered Member

    Joined:
    Mar 17, 2002
    Posts:
    33
    Location:
    London
    The HTA Stop 2003 edition is available at the URL at the bottom of the FIFTH post (I make it! ;) ) down on this page- Mickey-the-Man's page at Yahoo...

    regards,

    dqa

    :cool:
     
  14. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    I tried both the old and then the new version of HTAstop for the first time following the release of that PSC article. I monitored what each program did and saved the settings before using either of them. I decided to use the new HTAstop 2003 (4.0) tool on my XP system in the end, and it hasn't effected any other system functions.

    The changes made by HTAstop are very simple. It breaks the file association for .hta files in the CLASSES_ROOT in the registry; it breaks the CLSID association, (see the DSLR Security thread noted above for more on what that does), and finally it renames the mshta.exe file and replaces it with a copy of notepad.exe.

    The only reason I could think that it might negatively impact a system is if that system is using HTA scripts to perform some functions. But, of course, you never quite know what effects what with Windows. :rolleyes:
     
  15. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Same thing here, but as HTA STOPcan easily be activated/deactivated at the click of a button, it's no big deal.
     
  16. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :'( it wont let me dowenload
     
  17. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Try here

    http://www.simtel.net/product.download.mirrors.php?id=67031

    regards,
    bill
     
  18. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Which one won't let you download ?
    This link should work : http://groups.yahoo.com/group/MickeyTheMan/files/PSC/
    Simply choose which PSC freebie file you want. In this case we are talking about HTAstop.exe

    Or this one: http://mickeytheman-mtm.hypermart.net/files/PSC/HTAstop.exe
     
  19. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Mickey,
    this is what I get !!

    http://f1.grp.yahoofs.com/v1/oA8vP6Qb_843CPkkzY7eUWUzdJQsFkLCt67KdRhOW-18dOMXPT0QaggBdLOpFT5kNOQYzlfR5ObbTKfX/PSC/HTAstop.exe

    regards,
    bill
     
  20. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    I just posted another link in previous post to another server
    http://mickeytheman-mtm.hypermart.net/files/PSC/HTAstop.exe

    Also this one: http://mickeysecurityandprivacy.port5.com/files/HTAstop.exe

    Or this one: http://mickeytheman.digitalrice.com/files/HTAstop.exe
     
  21. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Gee, that's a lot of HTAstop. :eek: :D
     
  22. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    A popular download as i exceeded limit on one of the servers ! ;)
     
  23. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Holy HTAstop !! :D



    Mickey, bon travail !!

    regards,
    bill ;)
     
  24. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
  25. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    So is it safe to say HTAStop2003 is safe to run on WinXP HE, right?
     
Loading...
Thread Status:
Not open for further replies.