"This page has an unspecified potential security flaw"

Welshjim · 11th August 2006

If this should be in the Security Forum, pls move it and the second post.

In a rare moment of rash exploration, I thought I would try this program.
http://www.nirsoft.net/utils/pspv.html
The instructions told me that my AntiVirus would detecte the program as a Hack Tool, and it did. However, I just clicked the warning off and proceeded.
NirSoft Protected Storage PassView runs from the pspv.exe file without installation.
I ran it. I found it told me little (though that may be my lack of understanding as to how to use the data). So I removed the program (pspv.exe file and .chm Help file) from my PC.
Now when I want to look into my Content.IE5 folders, I am told "This page has an unspecified potential security flaw". The message is in a box with Internet Explorer in the Title Bar. I can click the message off and view the Content.IE5 files, but it is annoying.
I have cleared my TIF (using both Internet Options and SystemSecuritySuite which cleans out the index.dat file, too), used System Restore (to the date before I used pspv.exe), gone through the Registry, run several scans with my AV and Antispyware detectors. (I also scanned with NortonAV with and with scanning for HackTools.) Nothing is found. I also ran HiJackThis and, although I am not expert, found no obvious problem. See HJT log in next post.
And the message still pops up.
Anyone have any ideas how to stop the message?
P.S. I should mention that I am not sure NirSoft caused the problem, but it occurred about the same time I installed/uninstalled pspv.exe.
Also I Googled the error message, but none of the references seem to apply. I have checked my settings in IE Tool|Internet Options|Security tab|Internet and Intranet Zones|Custom Level|Scripting. All are at Enable.

Welshjim · 12th August 2006

This is the HiJackThis log for the above post

Logfile of HijackThis v1.99.1
Scan saved at 10:52:58 PM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/My%20Documents/home.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno2\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll
O15 - Trusted Zone: http://epaper.abqjournal.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.bbc.co.uk
O15 - Trusted Zone: http://www.cbsnews.com
O15 - Trusted Zone: http://support.dell.com
O15 - Trusted Zone: shop.ecompanystore.com
O15 - Trusted Zone: http://www.jajah.com
O15 - Trusted Zone: http://www.java.com
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://local.live.com
O15 - Trusted Zone: http://safety.live.com
O15 - Trusted Zone: http://www.live.com
O15 - Trusted Zone: http://www.mfasantafe.org
O15 - Trusted Zone: www.mvpaward.com
O15 - Trusted Zone: http://www.opera.com
O15 - Trusted Zone: http://forums.pcworld.com
O15 - Trusted Zone: http://s.pcworld.com
O15 - Trusted Zone: www.pcworld.com
O15 - Trusted Zone: http://www.pcworld.com
O15 - Trusted Zone: http://*.snipurl.com
O15 - Trusted Zone: http://definitions.symantec.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: http://www.symantecstore.com
O15 - Trusted Zone: http://www.turbotax.com
O15 - Trusted Zone: http://www.tvexe.com
O15 - Trusted Zone: http://www.virustotal.com
O15 - Trusted Zone: http://*.windowsmedia.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://download.zonelabs.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1117999379921
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1118443235187
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/F...ansferCtrl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/Visit.../TLIEFlash.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex...te/sdkinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RetroLauncher - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

**PeteC** · 12th August 2006

Jim

I see no obvious problems in your HJT log.

I suggest you run the computer through the Microsoft Baseline Security Amalyser 2 and see if anything comes up. Can't readily find the download at MS so the URL points to MajorGeeks.

**Geri** · 13th August 2006

Hi Jim
Check these two sites....

http://www.spywaredb.com/remove-prot...rage-passview/

http://www3.ca.com/securityadvisor/p...x?id=453076930

I would kill processes shown and delete files shown. (If found)

Then I would run a online scan at Kaspersky and maybe also Panda.

Geri

Welshjim · 13th August 2006

PeteC--Thnks for the idea of MSBSA. I ran it. Everything but two of the IIS items looks OK. (See attachment) The red check IIS items do not see particularly pertinent. In spite of MSBSA's report I can find no IIS Samples. Concerning the IIS Lockdown Tool, I am not certain/confident that it applies to me. I do run any of the programs/servers involved
http://www.microsoft.com/technet/sec.../locktool.mspx
The only server I use is my ISP's server. I have no in-house server, nor router--just a direct connection to the ISP through a cable modem.
I got to the point in using the IIS Lockdown Tool where I was asked to pick a server template. As mentioned I was not confident that I could, especially when the instructions imply it is important to pick the right server. Many choices are given. The ones that might apply are:
1)Static Web Server
2)Other (Server that does not match any of the above)
3)Server that does not use IIS.
Any advice?

I am beginning to think that perhaps (by coincidence) the problem may be due to having installed the recent Windows Updates on or about the same date. I will test them out, one by one, this PM.

Geri--Thanks for the references. I am suspicious whether Protected Storage PassView really is malware. I have heard from others that they use PSPV without problems. And NirSoft themselves warn that PSPV will be detected by AV programs as a HackTool. But I wonder what the downside of that is unless some other malware got control of PSPV.
I have checked/scanned my PC fairly rigorously and find no traces of the PSPV files mentioned, so my earlier removal seems effective. But I will try Kaspersky.

**Geri** · 13th August 2006

Hi Jim
Don't think this really apples to you because you dL it yourself, verses coming upon it randomly on your machine.
But it wouldn't hurt to check.....

"Protected Storage PassView 1.50 is one of Password Cracker spywares.
Finding it on your computer means that your computer is infected with Password Cracker and crucial data could be endangered or even lost.

This Password Cracker is also known as:
•TrojanDropper.Win32.PVStealth.b - named by Kaspersky."

Geri

Welshjim · 14th August 2006

Thanks to all for your help.
The problem is indeed caused by one of the August 9 Windows Updates. Specifically 921398 (MS06-045).
I uninstalled almost all the August 9 updates, individually. When I uninstalled 921398 the problem message no longer appeared. When I reinstalled, the message was back.
Now I have the problem--Do I go without the Update or install it and get the message?
A secondary problem is that all the August 9 Updates are already downloaded to my harddrive (and this remains the case even after uninstalling them) so possibly when I am offered any future Updates, there is no way to pick and choose. At least I saw no option to not include one Update's installation (from the already downloaded files) and pick only the rest.
Of course I could install all and then again uninstall 921398. (Or maybe I could uninstall the WindowsXP-KB921398-x86-ENU.psm file so Windows Update does not think I already have the download?? I cannot remember if that then still gives the opportunity to choose which Windows Update to install and which to ignore. I have no outstanding Windows Updates at the moment.)

I am glad to have exonerated NirSoft's Protected Storage PassView.

Geri--Others have told me that PassView is not malware, but in any event, I have run Kaspersky, Norton AV, AdAware, SkywareBlaster and Windows Defender. Before I removed PassView the only one to detect it was NAV. And what was said is that it is a "Hack Tool", which, of course it is.
Now, none detect it. So it seems to no longer be on my harddrive.

**Geri** · 14th August 2006

Hi Jim
Just wanted to share what I found, incase it would maybe help

Quote:

The problem is indeed caused by one of the August 9 Windows Updates. Specifically 921398 (MS06-045).

Could you not contact MS and see if this has been a problem with others as well? and see if they have a work-around?
I DL'ed the updates shortly after the release and have not had this problem? It could be that you have your security settings set higher then I do??

I always woundered why a update would effect some and not others, Don't really understand that

Well at least it is nice to know "what" the problem is, I would try MS and see what they say anyway.

Geri

Welshjim · 14th August 2006

Geri--Sorry to hear you do not have the problem.

Thanks for the suggestion. I will contact MS.
BTW--If I was not clear, the problem occurs only when I try to open a Content.IE5 folder. C:\Documents and Settings\UserName\Local Settings\Temporary Internet Files\Content.IE5
I can open all other folders and files with no problems.

**Geri** · 15th August 2006

Hi Jim
Just tried that. Sorry but had no problem

All I have in there is a index.dat file. Opens in note pad with a bunch of stuff I can't read

Don't really understand why you are going there?

Geri

**markp62** · 15th August 2006

Just my two cents, I have used the Protected Storage PassView, and it isn't dangerous. What I believe does come up as dangerous is the code used to decrypt the passwords stored by IE.

Welshjim · 15th August 2006

Geri--I love Favicons, and Content.IE5 is where they go when you create a Favorite. However, they will be deleted when you clean your cache, so you have to get them out of Content.IE5 and save them somewhere else.

markp62--I have no reason anymore to think that Protected Storage PassView was the problem. Thanks for your reassurance.

**PeteC** · 17th August 2006

Jim

Picking up on this after a few days away ....

I don't have IIS installed so cannot comment

VicMax · 17th August 2006

I called MS and it took them the better part of a week to "resolve" the problem. The update in question (KB921398 -- MS06-045) deals with "drag & drop" and FOLDERS with GUID (Globally Unique IDs) extensions. (You may recall a patch that dealt with FILES with GUIDs as extensions.)

In my case, the problem did not occur when I "navigated" to the folder but ONLY when I used a "shortcut" to get there. When MS called with the resolution, I asked if this had anything to do with the internals of how the OS handles the Content.IE5 folders (and we all know what a pain in the "A" Microsoft has made of their OSes as far as accessing those folders!). The tech confirmed that this is the case.

IMHO, the ultimate solution is for MS to begin treating these folders like all other folders (i.e., via "standard security mechanisms"), but that is too easy! After all, MS knows what is good for me and I just have to believe them. (My apoologies for the sarcasm if anyone finds it offensive.)

At any rate, the solution they provided simply turns off messages from being issued to the user for the specific security zone involved.

My case number is/was SRX060809600084 if anyone wants to ask for the solution. I personally am hesitant to pass it along for three reasons:
1) The solution only masks the problem of the patch being buggy
2) MS has caused this problem because they insist they know better than I do as far as what is good for me, how my system should be administered, and what I should be allowed to access (almost as if it were THEIR system!)
3) I am not entirely pleased with the solution (although it certainly provides relief from the messagebox popping up) and do not particularly recommend it because I am not certain that it will not negate the value of the patch itself.

The MS tech indicated that the patch also made changes to shell32.dll and assured me that those changes would "protect me". I guess I have chosen to believe him, but I cannot recommend others have the same level of confidence that I do.

I hope this helps.

Welshjim · 17th August 2006

VicMax--Thank you so much.
Your post is a blockbuster. So I am not so crazy after all.
And, yes, I also use a shortcut to get to an open Content.IE5 folder. At least I did before installing the 921398 Update. But once I click off the first error message (which finally opens the Content.IE5 folder), I must also click off another of the same message when I try to open each of the alphanumeric folders.
I am into my fourth day of emails with MS. So far the usual "do this and that" from a script.
If you have no objection, I plan to tell MS about case SRX060809600084 without elaboration other than to say that others apparently are having the same problem.