I've been working on incorporating the doxdesk (http://www.doxdesk.com/software/js/parasite.html) and cusimano (http://www.cusimano.com/scripts/detect/) parasite detection scripts into some of my most trafficked web pages.

The second computer with HotBar installed that I had been using to check the display of the scripts suddenly started to crash when displaying a page with the doxdesk script. It may have been one of the recent microsoft updates in IE. Now, the browser will only render the page up to the point of the script, then hang. A refresh will crash the browser in module ie_spy.dll, supposedly a part of Kensington Mouseworks software.

Three questions:

Does anyone know how to fix this crash, so I can continue to use this infected computer to check the display of the detection scripts?

Is there a way to automatically trip either of these scripts, just to see how they display on the page, without having to infect your machine?

Can you give me some good examples of incorporating the detection scripts into an html page?

Thanks in advance.

You've join the 42 % of all owners of computers last year who required a service call due to BHO adware/spyware installs. Only way around it is to get Ad-Aware from www.lavasoftusa.com (http://www.lavasoftusa.com) and the Spybot program and clean your system prior to running your browser.

Charlie ... http://abw.infopop.cc/smilies/parrot.gif

If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

NROforum,

Hi and Welcome to ABW! http://www.abestweb.com/smilies/welcome.gif

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Can you give me some good examples of incorporating the detection scripts into an html page?<HR></BLOCKQUOTE>

http://www.parasiteware.com

<font size="2" face="Verdana">Haiko


The secret of success is constancy of purpose. ~ Disraeli</font></p>

Thanks to both of you for the quick replies.

I'll do that, and keep you updated!

Is there a simple way to see the scripts in action without using a real infection?

Not that I know of NRO

<font size="2" face="Verdana">Haiko


The secret of success is constancy of purpose. ~ Disraeli</font></p>

I followed your advice earlier.

I installed Ad-Aware (http://www.lavasoftusa.com/) and Spybot Search & Destroy (http://security.kolla.de/) on the infected computer.

I'm sure it wasn't the 113 entries Ad-Aware found that were screwing up this system, I think it must have been one of the 65 that Spybot S&D found right after that.

Running Ad-Aware again caught HotBar trying to reinstall itself.

Having finally attained a clean system, I checked the page at doxdesk, and it worked fine, so I immediately re-infected the system with a fresh dose of HotBar.

I now have my script detector working fine. Thanks guys!

Thank you for this post. I had the same problem when I checked my pages on my infected computer. The browser window kept crashing. Now I know it was the parasites and not the script on my pages that was causing the problem. Cleaned off the computer and my browser started working like a charm.

---
Judge your success by the degree that you're enjoying peace, health, and love.

Hi All

I have been trying to test the script from doxdesk. I installed the hotbar toolbar and did a test. Nothing was detected. I tested on a friends site who is using the javascript in question, nothing found. wasn't found on parasiteware.com either.

Of course Spy Sweeper lit up like a Christmans tree.

What do you recommend I use to test this script on my site?

Out of curiosity, are you using Netscape? The Doxdesk script can't detect parasites via a
Netscape browser.

Wayne

NorthernStudio

I use Slimbrowser regularily but was testing with IE 6.

So I re installed hotbar, restarted my computer. I fully wormed its way into my system.

Using IE 6 I went to parasiteware.com...didn't detect hotbar.

Went to the friends site mentioned in the post above... Nothing. Confirmed it was working with the site owner. She said it was working fine.

Am I missing something? I assume Hotbar is something that this script will detect as it was mentioned above.

Any suggestions anyone?

Sophist,

Could be hotbar has changed some of its coding since Andrew updated the detections last. These apps are constantly mutating and changing themselves.

It can also depend on how the site owners are using Andrew's script. If they are calling it from his server then it automatically is up to date whenever Andrew has updated. If they are hosting it on their own server, then they have to update the detection file (download the newest version from doxdesk and upload to their server).

You also have to be allowing ActiveX to run on your browser for it to work. All the pages here in the parasiteware forum have the script on the pages. Are you seeing anything here?

I know this site owner runs it through her server. I can't say when she updated but I know she is very diligent.

I have ActiveX set to prompt and of course I allow it when it notifies me. I didn't get anything here either. However the other day it notified me of something on my machine. One that both Ad-Aware and Spy Sweeper missed.

Can you recommend another program I can try to test this script. One that isn't too nasty.

Yeah Hotbar can be a pretty nasty one. It's the gift that keeps giving also.

You can try MyWay Search Bar(comes in a lot of bundles), Shop At Home Select (you can get it off their site), 180 (n-case not sure if it will pick up Zango) or WhenU (pretty sure it detects Whenu). It's not going to pick up most of the TopMoxie apps (Ebates, igive, UPromise, etc). Some technical coding reason I've never fully understood with my programming challenged brain. http://abw.infopop.cc/infopop/emoticons/icon_smile.gif

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>A refresh will crash the browser in module ie_spy.dll, supposedly a part of Kensington Mouseworks software. <HR></BLOCKQUOTE>

This is definitely an old version of the script then. I fixed this a long time ago.

The problem is that the (awful) old version of the MouseWorks software has a BHO which uses the same class ID as ShopNav's. Whilst ShopNav had been tested and didn't crash when its BHO was instantiated, the same was not true of MouseWorks.

The cause of this is thought to be that the BHOs from both ShopNav and MouseWorks were developed from the same example code out of Visual Studio. Neither vendor bothered to change the class ID: indeed, there are at least two other programs that re-use exactly the same ID.

(Newer versions of parasite.js check for a different ActiveX object from ShopNav, which doesn't share a classid with anything else as far as we know.)