• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
steblein

DSO Exploit -- still not gone --

4 posts in this topic

I've worked with a young lady from another office for several hours now. We have used Spybot, Adware, and CW Shredder. I've even taken advice and used them together. I've gone through all the preliminary suggestions on your website, but had trouble with Pacman's list coming up, but nothing is totally eliminating the DSO Exploit. It's not just that DSO appears in Spybot. She continues to get numerous pop-ups and ad windows after running and "removing" any found and KNOWN spyware.

 

I'm posting the HiJack this log, maybe someone can help. We are at the point of taking the computer and paying someone $85 to wipe it, because we've spent so much time already. I don't see anything suspicious in the log, but perhaps I am missing something.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:45:14 AM, on 6/29/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program Files\Dell\OpenManage\Client\Iap.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\r_server.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe

C:\Program Files\lotus\notes\NLNOTES.EXE

C:\Program Files\lotus\notes\ntaskldr.EXE

C:\Documents and Settings\Kathie Morris\My Documents\Kathies TEMP\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fws.gov/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mail2web.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fws.gov/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.weather.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fws.gov/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.fws.gov/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 164.159.171.101 IFW9BCT-PT1

O1 - Hosts: 164.159.102.70 fw5romail

O1 - Hosts: 164.159.176.248 fwsmobile1

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [bHOUE] C:\WINDOWS\BHOUE.exe

O4 - HKLM\..\Run: [FQBLVDN] C:\WINDOWS\FQBLVDN.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~2\SRClean.exe"

O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: WebConnect Pro 5.1.7 - https://mantis.fws.gov:2443/WebConnectDU.cab

O16 - DPF: WebConnect Pro 6.2.14 - https://mantis.fws.gov:2443/WebConnectDU.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

 

 

THANKS for any help you can provide. ~ Tina :wave:

Share this post


Link to post
Share on other sites
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

 

I just spent a couple of hours yesterday getting rid of this on one of my user's machines. It's called Wintools, and was causing problems with FTP connections and popping up ads, among other things. The way I was finally able to stomp it out was by following the instructions here:

 

http://www.pchell.com/support/wintools.shtml

Share this post


Link to post
Share on other sites

The DSO exploit is just a bug in Spybot SD - ignore it. Will be fixed in next update. For details visit the SSD forum, link is in my signature, below.

Share this post


Link to post
Share on other sites

The update to fix the dso exploits reappearing bug is out already, its been out for about 3 days now.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0