locked
Which copy of IE 8 was the last one opened? RRS feed

  • Question

  • A user may have several copies of IE 8 open (either as separate windows or as tabs). Now and then they open a link and are greeted by the message “Blah Blah blah program has detected a virus on your system. Press OK to scan now...."  We tell them not to press OK but have been unable to determine which copy of IE 8 the message is associated with. (If we could do that we would kill it under Task Manager).

    How we can determine the offending IE 8 process or, better yet, kill only that process?

    TIA,

    Barkingdog

    Thursday, September 9, 2010 6:58 PM

Answers

  • Use Process Explorer (task manger on steroids) to identify the IE executable and then right-click it and specify 'bring to front' that will help narrow down which PID coresponds to the one which is suffering from this.

    To avoid some/much of the malware/adware you're seeing obviously you want to restrict content at your gateway, but at the hosts you can mitigate much of it by updating the hosts file to not display such content.

    http://www.mvps.org/winhelp2002/hosts.htm

    • Proposed as answer by Miya Yao Monday, September 13, 2010 8:41 AM
    • Marked as answer by Miya Yao Monday, September 20, 2010 9:09 AM
    Thursday, September 9, 2010 7:27 PM

All replies

  • Use Process Explorer (task manger on steroids) to identify the IE executable and then right-click it and specify 'bring to front' that will help narrow down which PID coresponds to the one which is suffering from this.

    To avoid some/much of the malware/adware you're seeing obviously you want to restrict content at your gateway, but at the hosts you can mitigate much of it by updating the hosts file to not display such content.

    http://www.mvps.org/winhelp2002/hosts.htm

    • Proposed as answer by Miya Yao Monday, September 13, 2010 8:41 AM
    • Marked as answer by Miya Yao Monday, September 20, 2010 9:09 AM
    Thursday, September 9, 2010 7:27 PM
  • That's usually the start of a known trojan that continues with new variants. The message definitely entices users to click OK when they know there is security software already installed.

    I would suggest thorough scans on those machines. If they clicked OK, the loader is on the machine or may have already launched.

    Update the Java version.

    I concur with cschaar. The users are browsing non-productive websites. Restrict the content access.

    Friday, September 10, 2010 10:43 AM