Preamble: XP SP3, IE8, one HD C, one backup HD D, one USB drive . CRT monitor.

I had a problem of breach of security that wiped out my hard drive, my backup drive and my USB drive. I started feeling the effect of this problem about three weeks ago. I was limited literally to only three websites. Another phenomenon occurred, the monitor luminous intensity decreases sometimes to complete darkness. I had to turn off the monitor and wait at least one minute and turn it on again. This phenomenon happens when I am online. It happened rarely when I turn off the modem.

I tried to run Trend Micro HouseCall using the Java option (of course before the disks were wiped out). Here’s what I got (http://home.earthlink.net/~votanhagen/Java1.jpg):

I updated the script, or I thought I did. Then I clicked on scan now, this is what I got (http://home.earthlink.net/~votanhagen/Java2.jpg):

If I try to update the script again, I get the message:

“Verifying Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 13).”

If I continue, Trand Micro freezes at the point where it downloads the update files. At that point I was unable to go to the internet or run an antivirus.

My Zone Alarm is on but the strange thing about it is that it started to allow applications to go to the internet unchecked, e.g. windows explorer, control panel, acrobat distiller, word, excel, power point, and every other application that has no business whatsoever to go online. The nasty thing about it is that if I block one application from going online, the next time I check Zone Alarm it gets back online.

Another thing happened is that most of the folders were blocked and I could not open them, e.g. when I click to open the folder My Documents I get the message Access denied, you have no permission to open this folder. I am the only one who uses this computer and I have all administrator priviliges.

The same thing happens if I use the browser option.

At that point I decided to reformat the disk and reinstall fresh copy of windows. Mine is OEM SP2 from Dell. That did not cure the problem. Now I have a fully updated freshly installed windows and the stanza of Trend Micro java and freezing at the download updates is the same.

I do not know if this observation could be helpful to solve the problem. When I formatted the disk, I had two partitions, one is labeled C and the other one is about 8 GB without name. I could not delete the last one separately, I could not format it separately. Its trace disappears upon deleting partition C but it comes back upon setting up a new partition that was labeled automatically C. Could it be the case that the unnamed partition be the host of a nasty software that controls what I can do with my computer?

Any suggestion as how I could run HouseCall?

If you run zonealarm and trend micro together your asking for trouble to start .
You have not indicated of the computer is a Dell as well.
The 8 gig partition may be the restore partition.
Ifr you are sure it isnt and in doubt about whats on that partiition.
You can use Wipe or Zap and remove everything from the harddrive and start
with a new partition and a clean load of windows

I haven't thought about zap or wipe. I will do that. I did run HouseCall all the times with ZoneAlarm running. I never had a problem. As a matter of fact, I run HouseCall after I reinstalled windows and before I installed ZoneAlarm. The same stanza.

I had two partitions, one is labeled C and the other one is about 8 GB without name. I could not delete the last one separately, I could not format it separately. Its trace disappears upon deleting partition C but it comes back upon setting up a new partition that was labeled automatically C.
Are you sure its size is 8GB? If it's 8MB, it will be the unallocated space Windows leaves when a drive is partitioned, to allow for future conversion to a Dynamic Disk.

Are you sure its size is 8GB? If it's 8MB, it will be the unallocated space Windows leaves when a drive is partitioned, to allow for future conversion to a Dynamic Disk.

Yes 8 MB. The question now, could anyone spawn a malicious sofware in that space of the disk and could not be detected?

I don't think so, it's unallocated space. The drive clusters can contain data, but nothing can run from there (or even access that data I would think, short of using absolute address block reads through the BIOS or drive controller). And every drive partitioned under DD-capable Windows versions will have that unallocated space, I've never heard of it being used for any malicious purpose. If the drive is wiped using the utilities already mentioned, or DBAN, Eraser etc, any data that was there will also be removed.

Anybody can help me understand why I cannot run HouseCall on my computer? It keeps complaining about java and it freezes there.

Another issue, the monitor dims only when I go online.

Help please

My XP is Dell SP2, updated to SP3.

go here and check (http://java.com/en/download/installed.jsp?detect=jre&try=1) you have the right java.

Important Notes about HouseCall 6.5
HouseCall 6.5 has two independent Core Engines to choose from:

1.The ActiveX Core Engine: to use this engine, please adjust here the IE browser’s Security level to Medium at least and be sure that signed ActiveX objects are enabled.

2.The Java VM Core Engine- to use this engine, please install the Java VM from www.java.com

Does the activex version work?

Yes I have the correct Java. Here's what I got:

Verifying Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 13).

still not luck.

Does the activex version work?

There is no activex in housecall folder, house call is not downloading it. this is a screenshot (http://home.earthlink.net/~votanhagen/Java3.jpg) where it freezes. Notice the page is truncated and there is not vertical sliding bar. With or without zone alarm the same stanza.

The Java icon does not last for long in the tray.

I tried to restore windows. It does not restor. This is a new fresh installation of XP2 using Dell CD and updated with SP3 download from microsoft.

Which browser are you using? Have you tried another?

I have ie8. I had ie6. the same stanza. It is really a puzzle.

Try it in firefox.

Running Housecall 6.5 you should see an option to run a java scan or an Active X scan when you use the online scan. If you are using a version of Housecall installed on your computer, you need to be aware that your version contains security flaws that make it a potential backdoor for hackers. It's possible you might have a damaged download as well. Currently, TrendMicro only offers v. 7 of Housecall, not the older versions

If you want to run Housecall, you should go to their site and use the v. 7 Beta. Alternatively, you could run Eset's online scan or, even better, download and run a trial of NOD32.

http://cyberinsecure.com/trend-micro-releases-update-for-housecall-due-to-vulnerable-activex-control/

Try it in firefox.

I installed Firefox and ran HouseCall using Firefox. It did run without a problem. One glitch though, when I launch Firefox, I get this message:

"There was a problem sending the command to the program"

That message comes out every time I launch Firefox. It remains in the background. I see it after I close the browser or I minimize it.

If you are running zone alarm, it is likely that is the cause. Experiment by turning off ZA and trying it. If it goes away, you have a configuration problem with ZA.

As for IE, I suggest you reset internet explorer settings in Tools, Internet Options, Advanced Tab.

If you are running zone alarm, it is likely that is the cause. Experiment by turning off ZA and trying it. If it goes away, you have a configuration problem with ZA.

As for IE, I suggest you reset internet explorer settings in Tools, Internet Options, Advanced Tab.

With and without ZA, the same stanza.

I have the same problem with ie6 at work as well. Firefox runs well, ie6 does not. It is exactly the same problem at work as at home. I am using the default options in the advanced tab of internet options.

Internet explorer gives two options, one using java based scan, and another one a browser based scan. Neither works. Firefox gives only the java option.

I used to run housecall every week before I got my disk wiped out at home. But now I have the same problem at work too.

So, Votan, are you using the new v. 7, or are you still using the old, insecure Housecall?

And frankly after seeing all this. I cant understand why you wouldnt use a standard antivirus?
Seems like running housecall is a lot of problems versus say installing NAV 2009

Why would you run housecall at work? Are you the IT guy at work?

Why would you run housecall at work? Are you the IT guy at work?

No I am not the IT guy at work. I only have full administrator privilege on my desktop. It was my curiosity to see whether I could run housecall from work, because it is still not working with ie but it works with Firefox at home and at work.

And frankly after seeing all this. I cant understand why you wouldnt use a standard antivirus?
Seems like running housecall is a lot of problems versus say installing NAV 2009

The issue is not whether or not I have antivirus installed on my computer, it is why suddenly it stopped working with ie and not it works well with Firefox.

So, Votan, are you using the new v. 7, or are you still using the old, insecure Housecall?

I am using http://housecall65.trendmicro.com, this is the default URL when I go to trendmicro.com website and I choose run housecall.

No I am not the IT guy at work. I only have full administrator privilege on my desktop. It was my curiosity to see whether I could run housecall from work, because it is still not working with ie but it works with Firefox at home and at work.

The issue is not whether or not I have antivirus installed on my computer, it is why suddenly it stopped working with ie and not it works well with Firefox.

At work you may be local admin, but policies are still boing pushed from the server, one of which may disallow running java applets or activex controls.

At home your may simply be blocked by your own firewall.

At home your may simply be blocked by your own firewall.

NooNoo my dear NooNoo, with and without firewall at home, no firewall whatsoever, the same as with firewall: housecall does not run with ie, Firefox runs with firewall running at home and at work.

Then you have incorrect activex and java settings.... or a bho attached to IE that is preventing it working.

Then you have incorrect activex and java settings.... or a bho attached to IE that is preventing it working.

I downloaded BHODemon but apparently it does not run. It is no longer maintained. Malwarebyte and housecall (using firefox) apparently are unable to detect a bho. Is there a sure fire bho removal utility somewhere?

yep...hijackthis... you want version 2.02.

I downloaded hijackthis 2.0.2 and ran it at work and at home. At work it worked fine and I could run houscall with ie8 using the browser option but the java option is still not working.

At home, neither options worked. It is still complaining it could not download the update files. I removed zonalarm. All of the same. I ran malwarebyte and housecall using firefox. nothing was detected.

Another thing I noticed. I could not restore to any of the highlighted dated. Any hint what I could do next?

my opinion is that there isn't any malware on the system and that there is a possibility of an actual virus on both systems that is affecting the housecall and not picked up by malware/spyware scanners. Which is why I rather rely on a good installed virus scan than some web based one. My suggestion is to get a command based viral scanner and run it off a dos boot disk or at least run it in command prompt in safe mode.

Tried a repair install? If your restore points are corrupt, you should uncheck the box for system restore so that the old points are deleted and then reboot and redo the check box so you have the ability to create new restore points.

Niclo, at work the system has an antivirus software running.

'wiped out my hard drive, my backup drive and my USB drive'

Just for confirmation, but you did reformat ALL those drives including any flash drives you have been using?

Did you at any time transport files via the USB (external) or flash drive from home to work?

"Just for confirmation, but you did reformat ALL those drives including any flash drives you have been using?
"
I reformated the hard drive and the flash drive. I haven't formatted the backup drive. I disconnected it. I have a lot of files that I am still strugling to recover.

"Did you at any time transport files via the USB (external) or flash drive from home to work? "

Yes. Perhaps there I should feel guilty?

Keep in mind that no new bho is detected by hijackthis.

Also, firefox runs fine, downloading update files from trendmicro was not and is not a problem. The only thing though is that ie8 gives two options: using java or using browser. neither is working; firefox gives only one option but it works without a complaint.

Housecall 6.5 does not want to work in IE8 for me either.... Housecall 7 works just fine though... I suggest you use the version 7 offered in the red link...

Housecall 6.5 does not want to work in IE8 for me either.... Housecall 7 works just fine though... I suggest you use the version 7 offered in the red link...

I downloaded Housecall 7. It scans only windows folder and subfolders. Am I missing something?

I discussed the issue with trandmicro on the telephone. I had hard time to explain the problem to the respondent. He didn't seem to know what he was answering. Finally he gave me the esupport link. Let's see what I'll get from them.

I should say that now neither ie8 nor firefox do run housecall65, at home and at work; I had firefox running on both machines though. I scanned my PC at work with the antivirus. Negative.

Right, so where are you with fixing your computer?

Nowhere so far.

I contacted esupport.trandmicro. They don't service housecall65 because it is free. I am preparing to reinstall windows from scratch at home.

I'll keep you posted. It is really puzzling.

Are you sure you have a virus? What other checkers have you used? Eset? Panda?

I am not sure what I do have. I used sophos so far. also malwarebyte. negative.

Right, so why do you think you have a virus?

I cannot restore, ie8 used to run on housecall65, not anymore, firefox used to run on housecall65, not anymore. When I am online, the monitor dims to total blank, then it revives itself; sometimes I have to turn it off and on to get it back. This phenomenon occurs only when I am online.

Don't you see this is a strange phenomenon?

All of this started after my disk, backup disk and flash disk were wiped out.

OK, I see this as a messed up install.

What windows are you running?

It is xp, OEM SP2 (Dell) updated online to SP3

did you update to ie8 before or after you added sp3?

After

Did you go from ie6 straight to ie8?

yes

I think that may be the key - perhaps 7 had left capabilities in 8 when you upgraded before from 7 to 8

I don't remember I used 7. Perhaps you meant 6?

I was on 6. When I was upgrading to sp3 I was given the option to upgrade to 8.

Oh, the symptoms appeard first with 6. I accepted upgrading to 8 hoping it will solve the issue.

Votan, you are going round in circles. I have confirmed that housecall 6.5 does not work in IE8.

I know by now, I know.

The puzzling thing is that I installed firefox about ten days ago and it worked for a week or so. Now it doesn't. It joined the club with 8 and 6 and there are no signs of detected viruses, and I am unable to restore.

I am leaning to believe it is not a browser issue.

It's usually a firewall/security issue.
Does housecall 7 work? If so, then quit worrying about 6.5

Yes 7 works but it scans only windows folders and subfolders.

Incidentally, a folders 2054 in system32 folder on my computer at home and at work was detected a spyware yet that folder was empty. Any hint what that could be?

Also, I found an ad in Windows Secret about reImage. They pretended it was developed by a top israeli intelligence. Well I tried it. It turned out it is a trojan. It seems we are not having enough of spying on us locally, the israeli are joining the club.

Yes 7 works but it scans only windows folders and subfolders.
it scans my whole machine.


Incidentally, a folders 2054 in system32 folder on my computer at home and at work was detected a spyware yet that folder was empty. Any hint what that could be?

Does spybot or malwarebytes find stuff in this folder? The fact that the folder LOOKED empty, doesn't mean it was.


Also, I found an ad in Windows Secret about reImage. They pretended it was developed by a top israeli intelligence. Well I tried it. It turned out it is a trojan. It seems we are not having enough of spying on us locally, the israeli are joining the club.

huh? What was the link?

Read this portion:

Finds New Viruses and Trojans
Reimage® was designed by top Israeli Security experts. In many cases, PC instability caused by new viruses that are still undiscoverable by standard anti viruses, such as the latest Confiker worm that was covered in the news. Reimage® technology recognizes and removes these new threats.

From here (http://www.reimage.com/home/?tracking=windowssecrets&banner=newsletter-june-week4)

What is the llink for trendmicro 7 that scans all your computer.

So you downloaded this program from an Advert on windows secret??
Did you at least look at a review like this? (http://www.pcmag.com/article2/0,2817,2331883,00.asp)

When they say security experts, do they mean door guards? :D:D Seriously though, designing a program and implementing the code so that it works are two very different things.

Security programs are two a penny - it's always better to get a solid recommendation before trying some flashy ad.


You just launch housecall 7 and stare unblinkingly at the file names and you will see the pathnames flash by. I more than once caught it scanning files on my second partition.

Just to add some info here.

I am using Win XP SP2 fully patched. IE7 browser of choice.

Housecall.trendmicro.com was my goto, until I developed the same issue.

Java or ActiveX would not execute from their site, or would just hang on DOWNLOADING UPDATES.

Updated Java, did not help.
HijackThis showed nothing to remove that was blocking it.
I disabled and deleted all Addon to IE.
I do not have any games with Rootkits - or music, but rootkit removers found nothing.
Downloaded AVAST!, used their BootScan and found nothing.
Uninstalled HouseCall and reinstalled both IE7 and Housecall, same result.

Malwarebytes found nothing.
Spybot Search&Destroy found nothing
Lavasoft Adaware found nothing

As I do not run any PopUp Blockers, that was not the issue.
As I do not run a FireWall, that was not the issue.



What I findally did - gave up on Housecall and installed AVAST! Home Edition (which is free, I like the boottime Scan) and went on, as EVERYTHING else is working fine. My router shows no suspicious traffic.


Granted it does not "FIX" the issue.

Did it DELETE the info on the drives or make them to where they did not appear attached?

If by "it" you mean housecall, no I don't think so.

I am relieved that I was not the only one who agonized the episode of running housecall65. At least they should announce HouseCal65 is no longer working. Though I am still having two problems remnants of the attack on my disks: I still can't restore, and I tried two utilities to recover the files from the disk without success.

Which utilities? Did you try getdataback?

It (1) meant Installing Avast does not "FIX" the issue of not being able to connect to Housecalls using Java or ActiveX.

It (2) meant OP's possible infection DELETE the info on the drives or make them to where they did not appear attached

Which utilities? Did you try getdataback?

I used undelete, and PC Inspector file recovery. Both they say the files are in good conditions, doc and jpg, but when I open the recovered files I end up with a script screen.

I will try getdataback.