>My concern and question is how was it even possible for this webpage to do this? and has anyone seen this before.

Yes, I've seen similar. Where I've seen it are those using IE on a PC and they do not have ActiveX disabled. If that's the case, and assuming there hasn't been some security patch out on this, ActiveX can be used to access the registry. Once there, they can set bookmarks without you knowing it, or far worse.

I just had the same thing happen to me, about a month ago. Not sure exactly where it came from, possibly a music site my daughter linked to from here hotmail spam. I got "IEGATOR" it took over my browser totally! changed my settings, disabled me from changing them back, added its own search engine "Xupiter" (There's a sucky one). Did a lot of other stuff too, lost book marks and more. So now my IE is permanently scarred, the only way I can see to revive it fully is redownload (NOT).
I used X-Clean and Ghost Surf to detect it and remove it. But my story has a happy ending. I was so pO'd at the prospect of downloading IE again that I decide to look at other browsers. Now I'm an Opera Lover! The thought of ever going back to IE or NN is like getting back with a spouse who beats you.

Thanks RC and OTE, it is not Active X has I have them set at prompt, and when on such a site I never allow them to run.

As I say I did not click or do anything which is what makes this so strange. Thankfully it does not seem to have done any damage as it was the Internet Security that told me it was trying to dial in to wherever it was and that is when I blocked and then after removed it.

Who should I email about this. I will email Symantec but anyone else?

I do not want to report the site but I want the AV vendors to be aware of this script and how it got past my very high alert status Firewall.

If the Firewall had not done its job of stopping it dialling out who knows what might have happened.

A huge tip, never use the X you THINK is the X to close the bad popup windows, use ALT-F4

If someone is using a chromeless window, they could simulate the X and you are actually clicking though. Any experienced dHTML programmer can fake you like that.

sticky-mail me the url you think did this and I will tell you what actually happened

-aV-

You can find interesting and scary information about "unsolicited commercial software" at

[doxdesk.com...]

What some of these things do to people's computers is outright vandalism.

Your problem could be due to a security hole in the M$ Java Virtual Machine. This thread [webmasterworld.com] has some details.

My Question has got to be the simplest, Then why still use IE? Opera offers a fair alternative, and old versions of Netscape are still usable. Buth offer the ability to disable java, in fact Opera offers a version totaly void of Java. Yes I do agree that "no java" can be an inconvenience, but what is more inconvient, having stuff added, stolen, or worse deleted from your computer, or having to deal with pages where you have to look at the code to navigate? Besides the more people quit using MickySoft, the more webmasters will write pages for non java users.

PS disabling java in ie does not fully disable java or active x

Probably it was a (veri)signed file, and you read the description and run it.
They can enter their own descriptions in there.

onunload="window.open('signedfile.exe');"