Hi all,

About 2 weeks ago, I noticed this line being inserted by my system on all sites being viewed, no mater which browser. This may of been going on for longer, since this is the first it appeared 'odd' to me. I'll give you the line, and explain a little about my system/apps to help...


<link rel="stylesheet" type="text/css" href="http://images.ientrymail.com/webproworld/index.css" title="0">
<link rel="alternate stylesheet" type="text/css" href="http://images.ientrymail.com/webproworld/css2.css" title="1">
<link rel="alternate stylesheet" type="text/css" href="http://images.ientrymail.com/webproworld/index2.css" title="2">


<script language='javascript' src='http://127.0.0.1:1027/js.cgi?caw&r=13977'></script>

<script language="JavaScript" type="text/JavaScript">
function setActiveStyleSheet(title) {
var i, a, main;
for(i=0; (a = document.getElementsByTagName("link")[i]); i++) {
if(a.getAttribute("rel").indexOf("style") != -1
&& a.getAttribute("title")) {
a.disabled = true;
if(a.getAttribute("title") == title) a.disabled = false;
}
}
}

The example above is from this very page...

I have XP Home running with a proxy server (AlegroSurf) and Zone Alarm Pro Security Siute. There are verious add blockers and stuff, but I'm pritty sure they are all turned off, since they bug me...

I can tell that it's calling something from the localhost on port 1027 - I've serched for the js.cgi file and nothing found. Tried several virus scans, ad-aware scans - nothing...

My Proxy shows the username calling the page but 127.0... IP calling images, I am asuming this is the normal browsers cache calling all graphics, as the proxy only caches' text.

Any suggestions or further answers required, all ideas taken....?

127.0.0.1 is "home" One of my favorite t-shirts reads: "There's no place like 127.0.0.1" You probably already know that, but I love the joke :)

Couple of questions - Have you deleted your cache and cookies lately? Check zone alarms cookie settings too. I don't know if it would cause a problem but I know EZ's firewall does from time to time. I've seen this problem only with the added


<script language='javascript' src='http://127.0.0.1:1027/js.cgi?pca&r=10008'></script>

....and varying numbers: 10008, 1538, etc.

Have you removed any virii, worms, or trojans lately?

What anti-virus scans, adware scans, spyware scans have you used?

I would really say it's a cookie problem but, never hurts to cover all bases ;)

Many thanks for reply... :)

I do remember having bizarre problems with the cache when I first installed Zone Alarm, couldn't get any images to appear and only partial would appear on a refresh. Took about a week of clearing cache's all over the place to get everything set right..

I normally perform a weekly scan with the following:
>> Ashampoo WinOptimiser (PLat) - Reg check, Internet CleanUp, Temp files CleanUp.
>> Ad-Aware SE - Full Scan >> plus occasional quick scans when I feel 'paranoid'.
>> Zone Alarm does a weekly virus scan and updates daily.
>> Defrag when things start to slow down.

My current set-up is about 4 months old, after a complete fresh install after a needed reformat. The only things/nasties that have been found are by Ad-Aware, viruses have been removed and deleted from emails by Zone Alarm before my inbox and I have done the occasional 'Sheilds-Up' test and blocked port 135 (normally left open by default).

I'll try emptying my cookie jars and let you know if that makes a differance. Will post results later today...

Pretty sure wenwilder was spot on in pointing to zonealarm, there's a lil info here on it ->

http://www.whmautopilot.com/forum/lofiversion/index.php/t6102.html

and here

http://www.dotnet247.com/247reference/msgs/39/195343.aspx

hth

Thanks both,

Yep, I agree - I'm 99.9% certain this line is being inserted by Zone Alarm Pro. I've only had this installed about 2 months, which would explain why I haven't noticed it before.

I have emptied my cache's and cookie's and it's still being inserted.

It is a relief, as I am now a little happier that it's not a security issue, which were my first thoughts.

:)