Long Webdav request

Here's where I "think" we're at:

1. We are constantly being locked out of our site hosts system by their Intrusion Detection System. This happens when either browsing the site with Mozilla Firefox, or updating the site with MS FrontPage.

2. Each time this happens, their IDS log shows our IP as initializing a "Long WebDav" request. They have told us the most likely culprit is a virus on our system that is hijacking the packets that we're sending.

3. I'm willing to accept #1 and #2 at this point.

4. Ran Ad-Aware, and this was the logfile, of which all items have now been deleted:

obj[0]=IECache Entry : Cookie:mycomputer@~~local~~/
obj[1]=IECache Entry : Cookie:mycomputer@domainsponsor.com/
obj[2]=IECache Entry : Cookie:mycomputer@adserver.terra.com.br/
obj[3]=IECache Entry : Cookie:mycomputer@landing.domainsponsor.com/
obj[4]=IECache Entry : Cookie:mycomputer@mediaplex.com/
obj[5]=IECache Entry : Cookie:mycomputer@overture.com/
obj[6]=IECache Entry : Cookie:mycomputer@weborama.fr/

Could these items be the cause?
There does not appear to be anything else on my system - so how could a Cookie (which I thought was harmelss) do this?

5. If it is something else entirely, I would very much appreciate any recommendations you may have.

Sean Powell
Your friendly Web Development Page Editor ( and apparently security-minded numnuts )
LVL 31
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1.) Install a personal firewall like ZoneAlarm. This way while updating the site, all outbound request can be filtered.

2.) Recommend to run the Ad-Aware SE Personal Edition 1.05 in Safe Mode.

with Latest definition file: SE1R14 22.10.2004

3.) Ran Windows Update and update all current Critical Updates...;-)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
seanpowellAuthor Commented:
Thanks for your reply.

1. I'll look into that...

2. I have Ad-Aware, the logfile was posted. What do you mean by "Safe Mode"

3. Already done, except for XP SP2, which I'll wait a few years till the bugs are ironed out.

Is there any way to "confirm" that the problem is indeed on my end?

seanpowellAuthor Commented:
Zone Alarm shows this on Startup, I assume it's the IP of my broadband connection?

I also have this shown as the IP of my computer, when going to showmyip.com (last numbers x'd out)

So it's correct that I have both, yes?
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

What he means, is when the XP LOGO appears, hit F8 to get into the DOS menue.  There you can select SAFE MODE.  By running Ad-Aware at this level, services are not already started that could prevent a clean "repair".
seanpowellAuthor Commented:
Thanks :-)

I've run a complete Ad-Aware scan in safe mode and nothing.

I guess want I need to know is this:
Accessing a site generates a Long WebDAV request, and we are locked out of the hosts IDS for 15 minutes.

Is there "ANY OTHER" reason for this, besides me having a virus on my system?

Try connecting with ZoneAlarm active...any applications trying to run?
And do you get locked out?

What Anti-Virus are you running?

Long WebDAV request can cause Denial of Service (DoS), therefore the counter-measure is quite prudent but a false positive is irritating...
Other possible tools:

Spybot - Search and Destroy
CWSchredder (especially for hijacked browsers)
seanpowellAuthor Commented:
When the host ran a repair on the extensions, IIS found a problem with something called a Timer. Looks like we're clean.

Thank you for all your comments here. :-)

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.