IE8 will not open for me any more

Sure. Go to: www.hu.usp.br If you follow the .br with "/resultados" (br/resultados) and are not already told (as I was a couple of years ago some Portugese words that mean the site does not support netscape) then you can enter my ID (XXXXXX)* in the top of two boxes, but I don´t give you my access code for the second box. (It is case sensitive relative long mix of numbers and letters - not worth your time to see my PSA history.

I think this University of Sao Paulo hospital clinic´s data site was built, not very well, years ago when Netscape was the only other browser and not much used and they simply have never paid to modernize it. If you do get to point where you can enter XXXXXXX, let me know what browser you used.

PS - sorry I responded so quickly without reading your "make a PM request" but that site is well known - printed on most papers the clinic gives out and I don´t care if some silly hacker wants to see my PSA data - Good idea to keep him/her busy instead of doing harm.

* On second thought, I replaced my ID with some XXXs. If you want need it, I will send by PM.

 

Log in or Sign up to hide all adverts.

Browser Compatibility Test Details


Test Information
URL: http://www.??.???.br/
Date Tested: Friday, Aug 10, 19:06 EDT
Page Rating: rating = 2
URL: http://www.??.???.br/
Total Incompatibilities: 67
Number of Problems : 11

Tool Rating Summary
Load Time rating = 1 108.08 seconds,
height/width problems Detailed Report
HTML Check & Repair rating = 1 24 errors Detailed Report
Browser Compatibility rating = 2 11 problems Detailed Report
Spell Check rating = 1 355 possible errors
Universit�, rio, HU, Intranet, Primeiro, acesso, aqui, de... Detailed Report
Link Check rating = 5 0 bad links Detailed Report
Bad Links Summary Report rating = 5 0 bad links View a Demo Report
Remote Links Summary Report rating = 5 0 bad links View a Demo Report


info c/o netmechanic

 

Log in or Sign up to hide all adverts.

seems legit... shall get back later... possibly the site can be viewed using Opera..

 

Log in or Sign up to hide all adverts.

use:
http://www.urlvoid.com/
Domain virus scanner system
and you will find that the site is infected.
Try other sites for comparison

 

Took a screen shot of the scanning results for the interest of other readers [regarding the site in question]

Please Register or Log in to view the hidden image!

To me, upon casual assessment, it means that a hacker has infected the site with IE focussed malware. And no I will not go to the site with an IE browser as I have no confidence in it's integrity.
Possibly the company involved here has some serious competition that may not wish them to be successful with their online data provisioning for clients.
The company seriously needs to consider not only it's commitment to it's customers but also it's online responsibilities regarding the propogation of malware..[viruses] to any one that uses it's services.

 

I understand little of your post 65 display but assume until told otherwise that you don´t mind my printing it and delivering it to the clinic with my next visit. I have little choice but to go the site again to get results of PSA tests - free to me there so I tightly monitor both PSA and Testosterone. However, soon I will be switching to an implant that last 3 months. No need to monitor every few weeks as I can only continue it.

For last three+ years I have held my PSA to 0.1 or less with no more than 0.3 duty cycle use of a standard in Brazil drug for suppressing Testosterone plus a "therapeutic diet" I discovered, each item of which had two or more Journal articles showing one of the agent in my diet was effective. My PSA should be "zero" as I had prostate removed nearly four years ago.

I take all diet items in a "shot-gun approach" and hope there is some "synergistic effect" too. I have in my own data with some "dose effects" clearly showing this diet helps too. Initially I took much less and only once per day. Now I take more* and three times each day. When I switched from twice to three times per day, my PSA actually decreased due to diet alone! before resuming its slow climb up to 0.1 where I go back on drug as well as my continue my diet items.

* I have mentioned in other posts one diet item -very hot red peppers. I am well adapted to them - little burning now, but once or less frequently each month, 10 minutes after ingestion I break out into cold sweats with mild nausea. The agent in red peppers stimulate nerves that detect heat. I think my body "thinks" it is seriously over heating so makes cold sweat to keep cooler. Initially I could only stand to eat a few, (they are tiny), now I eat a small cup full each day and they are 12 times hotter than hallopenias!

 

Billy I understand your dependancy on this site... have you tried to ask them to send you your information by "email notifications" to prevent the need to visit the site?

 

A quick diagnostics outputs this:

Firstly it's only identifying that it's "Compatible with Internet Explorer", it isn't actually saying "It's only compatible with Internet Explorer".

Secondly the actual login page is on:
http://143.107.64.13/default.asp
It's using an IP (which can be problematic in a VirtualHost/Subdomain environment) unless the request itself is defined within the server itself (Namely watching for a particular page to be asked for or request method to define which page to serve)

The login method isn't implemented on HTTPS/SSL, which also means that any passwords typed in are in plain text during transit between a person logging in and their server.

It contains of a Login/Password box and a box with each of the "X"'s you mentioned earlier. I would guess that it should be possible to access through Firefox. (Obviously I can't try that myself)

The actual script used appears to date from 2003 (Apyon Technology v:3.01.09 Updated: Jan,15 2003) with small formatting alterations from 2005 by Felipe (I guess the coder)
When entering data the information is parsed by an .asp (Active Server Page) which is likely residing on a Windows Server 2003 (meaning it's a little dated)

There is indeed a great deal of "Obfuscated Javascript" but obfuscation isn't always some attacker with a malicious virus output, sometimes it's just the test can't work out what's going on or realises that the script isn't easily human readible. In this case the scripts that exist actually build the page, they build the login boxes etc. But there is very little script present in the way of testing of inputs (I would gather sanitisation is handled serverside) (The javascript present isn't rogue, just poorly implimented)

This page that handled the Results is likely built prior to their implementation of Wordpress throughout the main site, with the results themselves returned via custom scripts from their server.

incidentally the website is only a subdomain of the Universities, so you're best actually sending an Email to the contact address of the Administrator.
Identify what browser you are having problems with and what address you are trying to access (I'd suggest saying any browser other than IE just so you can work around the problems in the future)
I'll send you the Email address you'd need to contact via PM.

 

I had not tried to access my PSA data with FF for a few years, so just did. I get thru to point of entering my ID and pass word, then enter key gives same msg about not supporting Netscape (In English, which may be new).

 

I couldn't get as far as that point, as obviously it needs certain information present, however "If" the site had been exploited (not sure if it has), it's possible that such an exploiter my force only IE compliance to then force worms on to IE users. But like I stated I currently don't get far enough to debug that and rule it out.

 

The facts as I know them:

• IE8 on Billy T's machine causes a restart with "bad pool......" message.
• IE8 can not be uninstalled on Billy T's machine. [which is rather intriguing]
• IE8 can not be over written with a fresh install [also a key indicator]
• Earlier versions of IE can not be installed.
• IE is the only browser that can be used to access data on site.
• Virus scan c/o http://urlvoid.com indicates the site is infected.
• Comparable scans with up to 12 other sites show all sites clean.
• The virus scanning system appears to be trustworthy. [ not just a marketing tool for AVG anti virus software ]

=========
Recommendations:

• Contact the site administrators/ company by telephone ASAP [not just email] and indicate that they should scan their own site for viruses.
• Ask them if other clients have been experiencing problems as you have.
• Ask them to send needed information by regular email notifications [ this should actually be easy to set up.]
• If you need to use a good install of IE then be prepared to do a reformat of the hard-drive as the IE has been compromised/exploited [ most likely ]
• Keep in mind that the responsibiity rests with the IT team managing the web site and not necessarilly with the medical service provider directly.

Thats how I see it. I may be wrong but the facts are what they are and all indications suggest very strongly that your IE system has been exploited. [ IE8 has a history of easy exploitation due to it's Java script handling - apparently ] Security experts are very keen to see the end of IE8.

Even if not and we assume that the virus scanning is incorrect the company has then utilised inferior scripting which has inadvertantly corrupted your browser, effectively loading an accidental malicious code on to your computer. It is possible it is innocent of intent or culpabiity. [as the site still remains infected other users are also being infected so there must be some history of client complaint or lack of use]
Regardless you will most likey have to do a reformat if you wish to use IE bowsers.

Personally, knowing how the hackers utilise "slave" or captured machines for their malicious purposes I would be seriously considering that the need to remove that possibiity is a strong incentive to reformat the hard drive. The degree of hacking sophistication causing your machine to be compromised [ causing a restart ] indicates the severity of the intent. Also you are located in Brasil, which is well known for millions of individual systems being compromised in similar manner.

Any ways, that's it for me unless new info comes to light...

 

Stryder is uncertain but CC feels strongly that the medical records site has been exploited and possibly my computer. It certainly behaves very strangely wrt IE. It occurred to me now that I may have two not very closely related problems:

(1) It is "normal" (but bad archaic design) that only IE can get data from the site. For years, attempts to use several other browsers have terminated at stage I told in post 69, with msg that the site does not support Netscape. Perhaps this is because what should appear when ID and password are entered (and did until after up grade to IE8 from Yahoo was made) is a few pages of tables. Each table has 8 to 12 lines. (I forget how many.) Each line has four adjoined blocks First hold the test request number, 2nd date it was requested, 3d name of doctor issuing the request, and last (I think) is the nature of the test(s) Perhaps one more indexing block at extreme right.

To see your results, you click on any block (I think, but perhaps only on the right most). Then new page appears with the results, the normal range, How test was done etc.

Perhaps, years ago (2003) when set up the creation of this table was code specific to IE (Possible only with table format as IE wanted it.)

(2) Other problem: The Yahoo given IE8 surely was an English version and I believe it is not a full fresh install, but an "up-grade" to IE7; however, my Portuguese IE7 was stored in archives with Portuguese names etc. I.e. Although IE8 did seem to install, it could not even open as it was a great mess. Then I messed it up much more, deleting everything I could find trying to keep IE7 download / install from finding that I "had a more recent version of IE installed" and stopping.

A "work around" is probably possible for me. I still have a Vista computer with very weak fan, a few keys that don´t work well, but I never had trouble using the IE7 (I think) in it to read my medical data. If I leave it in the refrigerator over night - it does not thermally protect shut down for about a hour. Five minutes is all I need to get my PSA, etc. data. AFAIK, going to the med data site never hurt that Vista computer.

I would guess that the med site does not do harm visiting computers. - Several thousand people go there ever month to get their data. If this "I have two unrelated problems" idea is valid, what probably happened is with Yahoo´s "aid" I shot myself in the foot and then trying to make that not hurt, cut my leg off with deletes. What do you think?

PS probably several dozen of the "thousands" of computers coming to the med data site are infected. Could a visit by an infected computer make the "infected" notices that QQ found for that site?

BTW It is quite early in the IE8 install process that it stops, with tiny fraction of a second showing "Bad_Pool_Call" msg. Could that mean IE8 is trying to up grade an IE7 file and it is not where IE8 went looking for it? I.e. is a file my delete efforts did kill. If memory serves me correctly, I never saw that mgs when installing IE8 I got from Yahoo.

 

No doubt your "playing " with your machine may have exasperated the problems. However it does not change my assessment in post #71.
As the virus scan indicates current threat activity.