[ext] NoScript 1.1.4.1, cleanup release

[Riddick51]

Riddick51:
The above applies to your situation as well, but...

just here on this thread, ive got port #1051 for 127.0.0.1. another website, another port number

This is not normal at all, quite disturbing actually.
Unless you know exactly why you open local http connections from your browser to different ports for any site you visit, you should really run an extensive anti-malware check

very well, after you mentioned that, i installed and executed:
1. lavasoft adaware SE personal
2. Webroot SpySweeper
3. Spybot - Search & Destroy

after all of those ran, i removed any issues as recommended by those programs.

still, when i browse newegg.com after that, it wants 127.0.0.1:1083
this website, wants 127.0.0.1:1083
other websites wanted 127.0.0.1:1061.

now, the question is:
1. do i have extensive malware on my computer? -OR-
2. is there something else?

i run firefox with very minimal extension. i prefer a clean, tight operation, and am well-versed in pc usage (used windows 1.0 c. '84).

[Peter42y]

Hi : I did instal no script 1141.

Right now I am having a slight problem.
When I try to upload photos from certain websites, the uploader does not work.

The funny thing is that other upload sites work without problem.


The ones that work.

http://imageshack.us/

The ones who dont work

http://www.photoalbum.cc


SITE ONE

The error message I get in javascript console

Error: getActiveXInstallState is not defined
Source File: http://www2.snapfish.com/uploadinstall/ ... _=52231863
Line: 184

SITE 2

http://www2.snapfish.com

The error message I get in javascript console

Error: getActiveXInstallState is not defined
Source File: http://www2.snapfish.com/uploadinstall/ ... _=52231863
Line: 184

I made a test in pcpitshop.
The result was:


Active X not supported
If you see the message ActiveX is not supported, then your browser doesn't recognize ActiveX at all. Netscape, Opera, or other browsers usually do not support ActiveX.".

[Peter42y]

All this saga started with a bug I got in Orkut.

After clicking in a ling..,a bug did install in my PC.

IAfter downloading a couple of any spyware programs.., and scanning computer with litle sucess I did download a brazilian tool to debug the problem and all got ok.

I did change some setings in the IE explorer to have more security but now I have the IE defaults back.

All is ok but java script does not work and I cant upload pictures to some picture hosting websites.

Before the saga started all worked fine.
Beware the brazilian adresses

[therube]

@Peter42y

PC Pitstop requires ActiveX.
Mozilla, in general, does not support ActiveX.

So any site that requires it, will not work properly with Mozilla.

[therube]

@Riddick51

Running any type of server?
Have a router? Any weird settings in there?

Perhaps this tiny utiltity might provide some insight:
CurrPorts - View Opened TCP/IP ports / connections

[Peter42y]

Thanks a lot for your answer.
I did not explain myself properly.


Before the fixes and updates I did to my system I was able to use a certain kind of uploader both with firefox and IE explorer.

After the fixes and updates I Stop being able to upload pictures one by one as I did previously.

Probably the problem happenned because a windows update I did.
QUOTE

The Problem – A computer running IE6 on Win 98SE that has been updated with all the latest MS updates will not run the PC Pitstop tests and reports that ActiveX is not supported. It will not load the PC Pitstop ActiveX control.

The Solution – As has been mentioned in several other posts on this forum the problem is MS update KB912812. The solution is to remove this update (temporarily). To do this, open the Control Panel and double-click on Add/Remove Programs. A small problem is the update is not listed under KB912812. It is listed as, “Internet Explorer Q912812”. Select this item and then click on Add/Remove to de-install it. You need to perform a re-boot to complete the removal. Then open IE6 and sign on to PC Pitstop. You should find that if you try Check ActiveX that you find all is well. You should then be able to run the Full Tests and XP Readiness without any problems. I was able to do this on a Toshiba 2180CDT laptop and a Dell Web PC.

".


http://pcpitstop.invisionzone.com/index ... pic=117573


I did that and when it comes to PC pitshop it did work.

PC Pitshop start recognizing the active X.

When it comes to the pictures I was able to upload..,the fix did not work.

Computers are misterious, indeed.

[Peter42y]

In other words : the patch " Internet Explorer Q912812 " , did something to computer that made certain uploaders stop working.

I used to upload files one by one to photo sharing websites.., and now...., no more , for some sites ( But not all).

Image sharing works fine..,photobucked also works ok.

I am able to upload pictures to these sites.

When it comes to snapfish..., I stop being able to upload pictures one by one.



http://www2.snapfish.com/htmlupload/Use ... _=52231863

[Giorgio Maone]

@StriderSkorpion, IceDogg, therube:
I guess the best way to summarize and implement all your excellent suggestions is a "trust this tab" option, which can be turned on/off using the NoScript menus. When it is on, every document and sub-document (frame) attempting to load inside the tab is automatically and temporarily added to the whitelist. As soon as you turn this option off, a dialog is displayed showing the list of the new temporary items, where you check the ones you don't want to keep: the others would be made permanent. I believe this would be an effective way to "train" NoScript on very complex sites with multiple cross-domain redirections and subframes (the new Microsoft webmail is a nightmarish example).

@Riddick51:
I'm more and more persuaded you're runningsome invasive software you're not aware of.
If NoScript is offering to allow an address, it means the page you're browsing (or a subframe of its) is loaded from that address or is trying to load a script/embedded object from there.
Since we're talking about local addresses (127.0.0.1:xxxx), you're likely running a (HTTP?) server on your PC listening at the xxxx port.
You may want to verify this using a software like TCPView ( http://www.sysinternals.com/Utilities/TcpView.html ):

• Launch TCPView
• Sort by "State"
• Check all the LISTENING items whose "Local Address" refers to a port number you've seen in the NoScript menu - the 1st column shows the process name.

Good luck.

@Peter42y:
Is snapfish.com in your whitelist (NoScript|Allow snapfish.com)?

Notice: I'm sorry I can't be very active on this forum these days, but in the place where I'm currently constrained I've got limited internet access

[Peter42y]

That is a bit annoying.

I have aproximatelly the same problem.



I have used firefox 1.06 for some time with no extensions

I never had any problems when it comes to error messages.
Recently I did install the extension no script.

Since , from time to time when I click in the link - inbox - in the yahoo mail page I get the message.

The funny thing is that such problem only happens EXACTLY in that link.

The firefox window does close and I am signed out of yahoo automatically.

Other people report almost exactly the same problem with firefox and yahoo games.

http://castlecops.com/p774135-firefox_c ... tml#774135










FIREFOX caused an invalid page fault in module MSVCRT.DLL em 015f:7800d011.
Registers:
EAX=03405360 CS=015f EIP=7800d011 EFLGS=00010206
EBX=00db00e8 SS=0167 ESP=00c9e2ac EBP=00c9e2cc
ECX=8c000000 DS=0167 ESI=0000003f FS=45a7
EDX=0303b4e0 ES=0167 EDI=034072e8 GS=0000
Bytes em CS:EIP:
89 79 08 0f 84 15 01 00 00 8b 4d f4 8b 7c f1 04
Cópia de memória da pilha:
600bd0a0 00000018 01d4e950 81991308 00000020 034072e0 0303ebc0 0000000f 00c9e300 7800c730 00db00e8 600bd0a0 01d4e950 01d4e950 01d4e950 00000000

[Riddick51]

GM, thanks for the help. i ran sysinternals and the port points to a "vsmon.exe" SYSTEM process. when i tried to end the process, i got the "cannot cancel system task" notification.

[StriderSkorpion]

That program/service is associated with ZoneAlarm firewall. I don't know if it's supposed to open ports on the localhost or not since I don't use. I'd recommend reading the help file or searching their forums to see if this is normal. If you're not using ZoneAlarm, then it's highly likely that there's something fishy going on with your computer.

[Riddick51]

That program/service is associated with ZoneAlarm firewall. I don't know if it's supposed to open ports on the localhost or not since I don't use. I'd recommend reading the help file or searching their forums to see if this is normal. If you're not using ZoneAlarm, then it's highly likely that there's something fishy going on with your computer.

cool, thanks for the info. im running Computer Associates eTrust Firewall and it is exactly like ZoneAlarm, same look and everything. i'll look into the situation you mention.

[Riddick51]

That program/service is associated with ZoneAlarm firewall. I don't know if it's supposed to open ports on the localhost or not since I don't use. I'd recommend reading the help file or searching their forums to see if this is normal. If you're not using ZoneAlarm, then it's highly likely that there's something fishy going on with your computer.

for GM and skorpion: can you tell me, regarding the port, what is it that leads you to believe that this is an "abnormal condition"? if i am running a firewall, what is the threat of the port, whether it be open or closed?

[StriderSkorpion]

Doing a quick search of port 1083, it's associated with the trojan WinHole for Windows 9x. This doesn't mean that you have the trojan as some programs open various ports. For example, port 1061 is for Kiosk, which you probably don't have (I'm not sure what it is as I've only done a precursorary search, but I don't think it's a trojan). If you have/had a trojan, it's possible that it could bypass the firewall if it was "smart" enough. Otherwise, as long as you don't allow the program access to the internet, you wouldn't have too many problems other than what damage the trojan could do independent of the backdoor. If an anti-malware scan did not show that vsmon.exe is infected, then you're probably alright. As I mentioned, some program open various ports on the loopback address that can't or aren't supposed to be connected to from the internet (like the Task Scheduler service on Windows XP).

[Peter42y]

@Peter42y:
Is snapfish.com in your whitelist (NoScript|Allow snapfish.com)?

Notice: I'm sorry I can't be very active on this forum these days, but in the place where I'm currently constrained I've got limited internet access

Thanks Giorgio for your kind answers.