MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: DSO Exploit stays after "Search and destroy"
June 07, 2020, 03:30:15 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 07, 2020, 03:30:15 AM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: DSO Exploit stays after "Search and destroy"  (Read 1516 times)
hip
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« on: January 18, 2005, 11:40:37 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP pro SP1
Problem Application Name & Version: DSO Exploit
Problem Hardware Make & Model:
Error Messages: DSO Exploit



Hi,
I run "Spybot-SearchAndDestroy" and finds out a "DSO Exploit". I remove it using this very same program and when I run again "Spybot-SearchAndDestroy" there it is again and again. I am clean for Lavasoft Ad-Aware.

My McAffee antivirus 'cries' some times for it but can't remove anything. I am using (and being protected by) SpywareBlaster, too.

The log at Spybot is:

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-21-1321446302-2704883870-4021508746-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2005-01-04 Includes\Dialer.sbi
2005-01-04 Includes\Hijackers.sbi
2004-12-29 Includes\Keyloggers.sbi
2005-01-04 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-05 Includes\Spybots.sbi
2005-01-04 Includes\Trojans.sbi
2004-11-29 Includes\Tracks.uti

How can I remove this and be sure I do 'not have anything' in my PC?

Thank you,
hip
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: January 18, 2005, 01:34:37 PM »

DSO Exploit is SpyBot code problem.There is a fix for it.
http://www.majorgeeks.com/download4392.html
Logged

An Australian Member of

EDDY
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #2 on: January 18, 2005, 04:04:19 PM »

Well read the link Pancake posted for starters.. Wink

Then if you think you still have something lurking on your PC..

Download Hijackthis Ver. 1.99---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://aumha.org/downloads/hijackthis.exe

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----most entries are harmless and needed.

Cactus
« Last Edit: January 18, 2005, 04:05:58 PM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
hip
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #3 on: January 18, 2005, 10:04:29 PM »

Ok. Thanx for both answers. I did apply the patch to SearchAndDestry and succesfully got rid of the DSO Exploit. Now, there it goes the logfile of HijackThis. I believe I still may have 'something' within the Firefox configuration. Don't know why. (paranoid?)

Thanx again for your help.

Logfile of HijackThis v1.99.0
Scan saved at 19:58:52, on 18/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\Archivos de programa\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\ARCHIV~1\WEB\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Apache\Apache.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Archivos de programa\Archivos comunes\Network Associates\McShield\Mcshield.exe
C:\Apache\Apache.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\VsStat.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Vshwin32.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Webscanx.exe
C:\Archivos de programa\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\_control\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\mozilla.org\Mozilla\mozilla.exe
C:\hi _plus\descargas\descarga control\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #4 on: January 26, 2005, 03:28:21 AM »

Your logfile is not that bad hip..a little cleaning..Lips Sealed

Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

sessmgr.exe
tlntsvr.exe


Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 20, 2019, 02:49:44 AM