prompted for a download whenever I open certain progams. Help Please!

Hello All,

Here is my problem. Everytime I open a program like Bearshare, Adobe, World of warcraft, etc. IE explorer opens up and prompts me to download a file or open it. Typically, it's an html file which I think is supposed to open up within the program itself.. sorta like the splash screen. Instead it is getting opened with IE explorer and prompting me to save it or open is. .The save path is documents/settings... Example. Whenever I used to open bearshare, a splash screen would appear in the open window of bearshare. Now, I get this darn IE explorer prompting me to download and html file or open it up seperately.

This is driving me nuts! Any help would be greatly appreciated.


Thanks much.

First thing I think you should do is make sure you are not infested with malware. Here's my canned text on Cleaning Out Malware:

********


Important Note 1: For all of the following suggested programs, and before every scan, use each application's "update" feature to ensure you have installed the latest signature/definition files. This is necessary even if you just downloaded the most recent version of the application.

Important Note 2: Be aware that most free software is free for home and non-commercial use only. Be sure to read the EULAs before using.

Important Note 3: To avoid conflicts, ensure only one firewall and one "real-time" (also known as "in resident", "in memory", "auto-protect" or "active scanning") scanner program of the same type is running at any given time. That is, have only one firewall, one real-time anti-virus, one real-time anti-spyware, and one real-time anti-Trojan program running at any time.

Important Note 4: Performing major system scans and cleaning is never risk free. Although every program listed here has a long history of reliable performance, things can go wrong, especially with a problem system. Hardware can fail and power line anomalies can wreck havoc (use an UPS!). Back up your important files regularly. And I recommend you create a System Restore “Point” now, before running through the cleaning procedures. System Restore allows you to “roll back” system files, Registry keys, installed programs, etc. to a previous state.

1. Quit all running applications,
2. Go to Start > All Programs > Accessories > System Tools > System Restore,
3. At the System Restore Welcome Screen, click the Create a restore point radio, button, then click Next,
4. Name the Restore Point (Example: Before system clean),
5. Click Create.

Begin Cleaning

• Delete Temporary Files before scanning to rid system of thousands of temporary files. This action often significantly reduces scanning times and may clear out files that are corrupt or are infected with malware. Deleting cookies as well ensures all "tracking cookies" are removed too. Note that deleting cookies will force the manual entry of user names and passwords for sites requiring them on your next visit, so make sure you know them.
  
  
  • ATF Cleaner 3 is a simple, easy to use, temporary file cleaner for Windows, Internet Explorer, Firefox, and Opera users.
    
    
  • CCleaner is a popular tool for more advanced users. During installation, uncheck the option to install the Yahoo toolbar. Before first use, check Options > Settings and ensure Only delete files in Windows Temp folders older than 48 hours is unchecked. CCleaner's Issues section is also an excellent Registry cleaner, but as with any Registry cleaner or editing tool, it should only be used with extreme caution by experienced users. I recommend you create a System Restore Point, and you should always backup the Registry before making any changes. Be sure to follow CCleaner’s prompts to make the necessary backup.
    
    
  • To delete temporary files directly from the browser without using CCleaner or ATF, do the following:
    
    
    • Internet Explorer 7
      • Click on Tools > Delete Browsing History...,
      • Click the Delete all... button,
      • Check Also delete files and settings stored by add-ons,
      • Click Yes.
    • Internet Explorer 6 or earlier
      • Go to Tools > Internet Options> select the General tab,
      • Click the Delete Cookies button, then OK,
      • Click the Delete Files button, ensure Delete all offline content is checked, then OK.
    • Mozilla Firefox
      • Go to Tools > Options,
      • Click the Privacy button,
      • Click the Clear All button,
      • Click Clear All Information.
  
  TIP - Delete all Temporary Internet Files and Cookies before defragmenting your hard drives. It is counterproductive to defrag with 1000s of tiny temporary files on the drives.

• Scan for Spyware - No one anti-spyware program gets them all. Therefore, it is necessary to use an arsenal of tools. Past controversy over some anti-spyware makers' decisions to delist known spyware emphasizes the need to attack on multiple fronts. I recommend you download, install, and use the latest versions of one or both of the following:
  
  
  • SpyBot Search and Destroy - To avoid conflicts with other real-time scanners, do not install TeaTimer
    
    
  • Ad-Aware 2007 – There have been many complaints about the new Ad-Aware's unnecessary use of system resources. Ad-Aware 2007 installs a program called aawservice.exe, and configures it to run as a "service" that loads at every boot. This occurs even though the free version of Ad-Adware 2007 is "on-demand" only; there is no "real-time" scanning feature. This service consumes 20 to 30Mb of RAM! That's a lot for a file doing nothing most of the time. Even though it consumes few CPU cycles when not active, and readily moves its working set of RAM to the hard drive’s Page File if needed by other programs, the fact the unneeded service runs at every boot up, consumes so much RAM, and does not terminate after exiting Ad-Aware, concerns many. I share that concern. If you choose to use Ad-Aware 2007 (still an excellent anti-spyware program), you may want to change how the service is configured so that it does not start until you call up the program.
    
    • Go to Control Panel > Administrative Tools > Services
    • Right click on Ad-Aware 2007 Service
    • Select Properties
    • From the drop down menu, change "Service type:" to Manual
    • Click Apply, Ok
    Run your scans. When done, to terminate the no longer needed aawservice.exe program, go back into the Control Panel Services applet and stop the service, or reboot your computer. I recommend the latter; complete all your malware scans, then reboot. Rebooting after scans is often a necessary step anyway.
  
  If you don't have a current real-time anti-spyware scanner, get one NOW!. I recommend using one of the following:
  
  
  • Microsoft Windows Defender (XP/Vista)
    or
  • SUPERAntiSpyware Pro - Note that only the Pro (not free) version includes real-time scanning
    or
  • AVG Anti-Spyware (formally "ewido") is proving to be an able product, plus it includes ewido's anti-Trojan scanner.
  
  WARNING: There are many good anti-spyware alternatives - but there are more malicious fakes! Beware! Ensure any anti-spyware program under consideration is not listed on the Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites before even thinking about downloading.

• Scan for Trojans - As in the fight against spyware, it is best to hit Trojans with a variety of weapons.
  
  
  • Trojan Hunter (30-day trial version) - skip if using AVG Anti-Spyware/ewido from above
    
    
  • CWShredder (stand-alone version) checks for and cleans all known CoolWebSearch variants

• Scan for Viruses and Worms - Assuming you have an anti-virus program, download the latest signature files and perform a thorough scan. If you don't have an anti-virus program, get one NOW!, update the signature file, and perform a thorough scan. AVG Free is excellent. I keep one anti-virus program running in "auto-protect" mode at all times, and have another on hand for "on-demand" scanning. Remember to disable the running scanner before scanning with the "on-demand" scanner.
  
  Scan with one, two or all three (in turn) of these free on-line virus scanners as a double or even triple check. Some very malicious malware have been known to disable PC based AV scanners. These on-line scanners help compensate for that. Temporarily disable your real-time AV scanner first.
  
  
  • Kaspersky Online Scanner (Items found and not removed will be listed in report.)
    or
  • Trend Micro HouseCall
    or
  • PandaSoft ActiveScan

• Scan for Rootkits - Rootkit is a term originating in the UNIX world to describe a set of "stealthy" tools used to obtain and/or maintain root access. A person with "root" access can do anything. Windows rootkits gain access by exploiting known vulnerabilities on un-patched systems, then use that access to install a "back door" to maintain that access to your system. Use one of the following:
  
  
  • AVG Anti-Rootkit Free
    or
  • Microsoft Rootkit Revealer
  
  Note: Remember to re-enable any real-time scanning disabled during these scans when done.

Prevent Re-infestation - Use the above tools to clean your system, and to help prevent future attacks from compromising your system again. In addition to those tools you also need the following:

• Firewall - If you are not using a software based firewall, get one of these NOW!
  
  
  • Comodo Free Firewall (which also supports Windows Vista),
    or
  • Sunbelt Personal Firewall (formally Kerio Personal Firewall),
    or
  • ZoneAlarm Free - a long time favorite, is sadly losing support among experts for foisting unwanted extras on unsuspecting users. Be sure to select I only want basic ZoneAlarm protection. This will still down load the entire 38.8Mb Security Suite, but after the 15-day trial period, you should be left with only Zone Alarm Free.
  
  Important Note - XP SP2's Windows Firewall: Windows Firewall (known as Internet Connection Firewall, or ICF, in SP1) is woefully inadequate and should be replaced immediately. It only blocks unauthorized incoming access attempts. Comodo, Kerio and ZoneAlarm block incoming and outgoing unauthorized access attempts, thus preventing Trojans, keyloggers, and other spyware from "phoning home" with your personal information should they manage to get past your other defenses. Windows Firewall in Microsoft Vista is two-way (although the default configuration is only set to block inbound connections!). Do not use more than one software based firewall.
  
  Important Note - Routers and Firewalls: If you have a router you still need a software based firewall on each system on your network. This is true even if it is a network of just one computer. If you are not using a router, you should, especially if you are using broadband (cable or DSL high-speed Internet). Ensure your router uses NAT (Network Address Translation). NAT is a very effective security feature that provides hardware firewall type features. There are several offerings for under $50.00USD. Some offer dial-up support, and some include a print server for network printing. Using a router also allows you to disable printer and Internet connection sharing on your connected computers.
  
  
• Pop-up Blocker - There are several good pop-up blockers, including those found in Internet Explorer 7 and Firefox 2. I recommend you enable them. Many add-in toolbars, such as Google Toolbar and Yahoo Toolbar, also have pop-up blockers. It is fine to also use one of those. However, I caution against using more than two pop-up blockers to avoid conflicts and confusion. The thing to remember is the "self-discipline" portion of Practice Safe Computing from above; if a pop-up gets through, just close the pop-up, do not click on any links.
  
  
• Spam Blocker - Most ISPs offer spam blocking tools and I recommend you enable them. However, NO spam blocker is perfect, so I caution you to remember that. Some spam messages will not be identified, and some legitimate messages will be falsely identified as spam. I recommend you select an option that tags "suspected" spam, and/or moves suspected spam to a spam/quarantine folder, rather than automatically deleting them. For example, my ISP appends (tags) the subject line with "--spam--", which is easy for me, and spam filters, to spot.
  
  In addition to ISP based spam blockers, I recommend a client (on your PC) based spam blocker too. There are many to choose from. I use and strongly recommend MailWasher Pro. There is a bit of a learning curve, but by far, what puts it above and beyond all other spamblockers is that you process all your mail from all your accounts on the servers! That is, BEFORE the email is downloaded on to your system. This is huge, in my opinion. Other spamblockers download the entire email (and and attachments!) and dumps it on to your machine, and then analyzes it for possible malicious code. To me, that's like asking a stranger to step inside your home, THEN asking him what he wants.

I know all of the above is a lot but this is what it takes to get and keep your systems clean, running at full performance, and safe. But it gets easier to manage once it is all set up. I recommend all scanners be scheduled to update, then scan daily - mine run in the middle of the night. It is an important part of Practicing Safe Computing to also set up a routine to regularly scan your system(s) manually.

*************

A Final Comment About Security Suites. Security suites, such as Norton 360, ZoneAlarm Security Suite, and others, are complete security packages containing a firewall, anti-virus, anti-spyware, spam blocker, pop-up blocker, and more, all controlled from a single user interface or "Control Center". While certainly suites are less expensive than purchasing separates from several vendors, and easier to use, from a security standpoint, I feel suites are putting all your eggs in one basket. With any business, these suite makers look for ways to cut costs. Any programmer knows that if you can reuse code, you save time and money. Therefore it only follows these makers will reuse code as much as possible in their suites. This has the potential of introducing compromises between the components of the suites, and creating single points of failure, or in the security world, single points of vulnerability. The user interface, update website, scheduler, and files database are 4 examples of possible single points of failure, where a fault in one of those areas may affect several or all tools in the entire suite. If the user interface breaks, for example, all your defenses may be compromised or taken down. In the case of the shared files database, with a suite you have the same group of people deciding which files both the anti-virus application and the anti-spyware application will scan. Is that a problem? I don't know. But I do know from a security standpoint, an "overlapping" defense, where different sets of eyes are watching over things, is much better than a single set.

Even the best suites do not excel in all areas. One may have a superior firewall, but only a fair anti-virus. Another suite may have a great anti-virus, but a weak anti-spyware. If you "roll your own" suite, you can build a superior suite consisting of the best tools in every category that meet the demands for your computing habits.

*************

If you were referred to this post as part of the resolution process being worked in another thread, when done with the above scans, please post back in the originating thread with a status update.

*************
Edit History
9/6/2007 - Add explanation for not installing TeaTimer
8/14/2007 - Added Report information concerning Kaspersky Online Scanner - Digerati
8/11/2007 - Added Kaspersky Online Scanner - Digerati
7/24/2007 - Updated Sunbelt Personal Firewall link and name - Digerati