Few days ago I removed some advanced Malware from my system; removing it was difficult 
and I used several methods.  My AV resident shield didn’t detect it because is was 
advanced Malware. I received it when I was viewing an M$ Word document in Windows 
Wordpad. It was stealth executable Malware within the content (that document was 
the only cause after looking at download log). I only found out about the Malware 
install after noticing suspicious folder when routinely checking dictionaries. 

Now after that, I am afraid to open any .DOC, .XML, .HTM, (download) in case active 
content is within. 

Where could I obtain a processes monitor (preferably freeware, compatible with W98), 
which can monitor for any suspicious/unusually-high processes?

If ever I opened another item with active content, the process monitor will alert 
me if unknown software is executing, right? Any ideas to prevent this? 

Tip: Run a free scan for common Windows errors ad

re: Active content trouble Wednesday, February 14, 2007 at 4:47 pm Posted by gewg_ (4444 messages posted) |Few days ago I removed some advanced Malware from my system; | s.jester | What tool did you use? |My AV resident shield didn’t detect it because is was advanced Malware. | Interesting theory. The rest of your description leaves me dubious. |I received it when I was viewing an M$ Word document in Windows Wordpad. | "Received" seems an odd word to use. I doubt the connection between the use of that app and the infection is that concrete. |It was stealth executable Malware within the content | Now you're just making up stuff. A non-executable file format cannot execute code (with the exception noted below). |Now after that, I am afraid to open any .DOC, .XML, .HTM, (download) |in case active content is within. | The kinds of malware associated with M$ Office files formats are "Macro Viruses". Any modern anti-virus app will find them and kill them. If an exploit is so new that the most recent virus definition file doesn't include it, THEN you might be at risk[1] **if** you open the document with a M$ payware app which runs the macro.[2] Wordpad does NOT execute macros. [1] This is usually a TINY window of vulnerability. The standard work-around is to let the file "cool off" for a day or more after which you update your virus signatures, scan the file, THEN open it. [2] Visual Basic for Applications was a really STUPID idea. [Reply or follow-up to this message] re: Active content trouble Friday, February 16, 2007 at 4:18 pm Posted by s.jester (25 messages posted) Yes, it was active content that infected my computer, and that is possible, its not made up. Active content has the capability of triggering actions automatically without awareness (until I found out, which was difficult). I doubt it was a MacroVirus, because active content code can even be activated when previewing, or even selecting! and furthermore, MicroViruses don’t exist/can be place in Wordpad! On Wednesday, February 14, 2007 at 4:47 pm, gewg_ wrote: >|Few days ago I removed some advanced Malware from my system; >| s.jester >| >What tool did you use? > >|My AV resident shield didn’t detect it because is was advanced Malware. >| >Interesting theory. The rest of your description leaves me dubious. > >|I received it when I was viewing an M$ Word document in Windows Wordpad. >| >"Received" seems an odd word to use. >I doubt the connection between the use of that app and the infection >is that concrete. > >|It was stealth executable Malware within the content >| >Now you're just making up stuff. >A non-executable file format cannot execute code (with the exception noted below). > >|Now after that, I am afraid to open any .DOC, .XML, .HTM, (download) >|in case active content is within. >| >The kinds of malware associated with M$ Office files formats are "Macro Viruses". >Any modern anti-virus app will find them and kill them. > >If an exploit is so new >that the most recent virus definition file doesn't include it, >THEN you might be at risk[1] >**if** you open the document with a M$ payware app which runs the macro.[2] > >Wordpad does NOT execute macros. > > >[1] This is usually a TINY window of vulnerability. >The standard work-around is to let the file "cool off" for a day or more >after which you update your virus signatures, scan the file, THEN open it. > >[2] Visual Basic for Applications was a really STUPID idea. [Reply or follow-up to this message] re: Active content trouble Sunday, February 18, 2007 at 3:29 pm Posted by MartinM (7551 messages posted) What on earth are you talking about ??? Why not answer the questions - what was the infection, and how did you remove it - and you might possibly get some help. [Reply or follow-up to this message] re: Active content trouble Monday, February 19, 2007 at 6:28 am Posted by s.jester (1 messages posted) Listen, I don’t know who or what you are, but I certainly know that I’ve passed this stage of trouble, you know! I will say again that, Active Content refers to documents that can trigger actions, and the danger of active content, is that I think the users generally perceive documents as benign, or passive entries, more here. I’ve now got another active content infection from JavaScript code web page, plz, how can I resolve the issue? On Sunday, February 18, 2007 at 3:29 pm, MartinM wrote: >What on earth are you talking about ??? > >Why not answer the questions - what was the infection, and how did you remove it >- and you might possibly get some help. [Reply or follow-up to this message] re: Active content trouble Monday, February 19, 2007 at 6:49 am Posted by MartinM (7551 messages posted) So, since you won't say what the infection was, or how you got rid of it, you make it hard to give help. Please yourself. [Reply or follow-up to this message] re: Active content trouble Monday, February 19, 2007 at 6:56 am Posted by s.jester (2 messages posted) yes, i had an iffection that came from active content, i was previewing the wordpad file, and suddenly i noticed that `teknum systems shredder` was installed on my comp. i got rid of it by deleting it & the regisrty bits. it came from that file i was previewing, it was larger than i thought & disabled my av software any ideas On Monday, February 19, 2007 at 6:49 am, MartinM wrote: >So, since you won't say what the infection was, or how you got rid of it, you make >it hard to give help. > >Please yourself. [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows 98 Discussion Forum