Jump to content


Photo

werule; www.belgiandip.com


  • This topic is locked This topic is locked
8 replies to this topic

#1 gcs

gcs

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 May 2004 - 10:58 AM

I have read the FAQ page and have tried to follow instructions -- please forgive me if I haven't.

A couple of nights ago my computers at home and at the office were hijacked. The IT admin at my office identified at least one of the culprits as CoolWebSearch, and removed the offensive stuff with CWShredder and Spybot. I tried to do the same myself at home, but am having a couple of residual problems.

(1) From time to time a "WERULE" window pops up.

(2) After closing my browser, it reopens automatically directed to www.belgiandip.com, which is shortly superceded by a pop-up ad. Easily closed, but annoying.

I have looked through the C:\Windows\System folder and see a couple of suspicious .exe files that appear to have been created when the hijacking occurred: IDICH.EXE and SNET32M.EXE. The properties data identifies the company as "totempole". Another current file is similar: SIEXECM.EXE; and this appears in the HijackThis log I ran this morning. But SIEXECM didn't appear in the C:\Windows\System folder when I looked earlier this morning, and another one EMREGO.EXE did but is now "gone". My inclination is to delete all of these totempole .exe files, but don't want to try to do so if I run the risk of screwing up the computer. (It is my wife's computer, and she'd be really pissed if I totally screwed it up and lost her data -- that she is loathe to back up.)

Thanks for any help you can provide. Here's the HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 8:12:29 AM, on 5/22/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VOYETRA\TBS MONTEGO\VTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSMONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\BRODERBUND\MAVIS BEACON TEACHES TYPING 12 STANDARD\MINIMAVIS.EXE
C:\WINDOWS\SYSTEM\SIEXECM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seattletimes.....com/html/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r1.attbi.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\TBS MONTEGO\VTRAY.EXE /s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [siexecm] C:\WINDOWS\SYSTEM\siexecm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95.exe -w3svc
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Reminder] C:\Program Files\MSMoney\System\reminder.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDWARN.EXE
O4 - Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: MindSpring (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {85411480-DDF9-11D0-8F52-080009CDBAA9} (Starwave_Comparison_Chart) - http://stats.espn.go...arisonChart.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.17.22...etzip/RdxIE.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn..../autopricer.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn....id/MSSurVid.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://demo4.view22....ew22/V22RTE.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {A049D507-FC03-4F01-88AC-4E919BBE2E9F} (X3DOCXPlugin Class) - http://www.x3dworld....X3DPlayerD4.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft...ols/DoomCln.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8126.8673611111

#2 Newkid

Newkid

    Member

  • Retired Staff - Helper
  • Pip
  • 21 posts

Posted 22 May 2004 - 11:31 AM

Hello Gcs !

Welcome to SWI !

Your wife computer certainly not in a good shape.

But first before you start, move hijackthis.exe to a separate folder. The program will make backups in the folder in the folder it's in. In your case, it will now end up on your desktop.

Now, Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.r1.attbi.com

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [siexecm] C:\WINDOWS\SYSTEM\siexecm.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <-- Major Resource Hog

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.17.22...etzip/RdxIE.cab


Reboot your machine and boot into safe mode by tapping F8 key(8-9 times) at bootup.

This may happen that file is hidden so first unhide the files using following instructions...
http://service1.syma...x&osv=&osv_lvl=

Search and If present delete all the instances of the following file..

C:\installer\ <-- Delete Entire folder
C:\WINDOWS\SYSTEM\siexecm.exe <-- Delete this file.

Reboot your machine and boot into normal mode.

Now, Download the latest version of Ad-Aware at http://www.lavasoftu...pport/download/

After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives... It will find a number of "bad" files and registry keys. Right-click in that pane and choose "select all"

Now press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot. That ought to get rid of spyware.

When you've done all that, restart your computer, re-run Hijack This, and show us a fresh log.

With Thanks !
Newkid
Once a new technology rolls over you, if you're not part of the streamroller, you're part of the road.

No one can drive us crazy unless we give them the keys

#3 gcs

gcs

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 May 2004 - 03:14 PM

Newkid -- Thanks for the super-quick response. I had to go out and run errands, but I'm back now and will follow your instructions. Thanks, again. GCS

#4 gcs

gcs

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 22 May 2004 - 04:18 PM

Newkid -- Thanks, I've run Ad-Aware and you're right, it found a bunch of bad stuff. Here is the latest Hijack This log. (I'm crossing my fingers.) GCS

Logfile of HijackThis v1.97.7
Scan saved at 2:10:49 PM, on 5/22/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VOYETRA\TBS MONTEGO\VTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MSMONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\BRODERBUND\MAVIS BEACON TEACHES TYPING 12 STANDARD\MINIMAVIS.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seattletimes.....com/html/home/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [Disknag] C:\DELL\DISKNAG.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\TBS MONTEGO\VTRAY.EXE /s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "c:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95.exe -w3svc
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Reminder] C:\Program Files\MSMoney\System\reminder.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDWARN.EXE
O4 - Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: RealGuide (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: MindSpring (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {85411480-DDF9-11D0-8F52-080009CDBAA9} (Starwave_Comparison_Chart) - http://stats.espn.go...arisonChart.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn..../autopricer.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn....id/MSSurVid.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://demo4.view22....ew22/V22RTE.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn....ior/Outside.cab
O16 - DPF: {A049D507-FC03-4F01-88AC-4E919BBE2E9F} (X3DOCXPlugin Class) - http://www.x3dworld....X3DPlayerD4.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft...ols/DoomCln.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8126.8673611111

#5 Newkid

Newkid

    Member

  • Retired Staff - Helper
  • Pip
  • 21 posts

Posted 23 May 2004 - 12:41 AM

Good Job !!

Your new log seems clean to me :) Do you have any other issue ??

With thanks !
Newkid
Once a new technology rolls over you, if you're not part of the streamroller, you're part of the road.

No one can drive us crazy unless we give them the keys

#6 gcs

gcs

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 23 May 2004 - 11:36 AM

Newkid -- Everything seems to be running smoothly. One (hopefully little) issue remains: when I run Spybot S&D it still detects DSO Exploit, and purports to fix it. But then it finds it again. Since I don't see any symptoms, should I ignore this, or is there a way to get rid of it?

Thank you, SO much! Someone like me (an oldish guy without any real technical computer background) feels pretty helpless when confronted with a problem like this. It's great that you and your colleagues are willing to help. Thanks, again, GCS

#7 Newkid

Newkid

    Member

  • Retired Staff - Helper
  • Pip
  • 21 posts

Posted 23 May 2004 - 01:14 PM

You're Welcome GCS. :)

when I run Spybot S&D it still detects DSO Exploit, and purports to fix it. But then it finds it again. Since I don't see any symptoms, should I ignore this, or is there a way to get rid of it?


Well, the answer is Yes and No. There are several reports of this issue in the Spybot forum, which shows that it is happening for a lot of people, so in that sense it's normal - meaning your system is reacting like many others...

However, the fact that Spybot isn't properly fixing this is just a simple bug that I'm sure will be fixed soon.

Given that anyone who is properly patched (via Windows Update) is not vulnerable to this exploit anymore, this is really not a serious issue, so provided your system is patched, you have nothing to worry about and can just ignore this until the fix comes out.

Apart from that, We recommend you to have a look on the following Link :

how did I get infected in the first place?.

These are basically number of recommendations that will help to tighten the securities and which will contribute to making you a less likely victim..

With thanks !
Newkid !
Once a new technology rolls over you, if you're not part of the streamroller, you're part of the road.

No one can drive us crazy unless we give them the keys

#8 gcs

gcs

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 23 May 2004 - 10:56 PM

Newkid -- Thanks, again. I really appreciate all your help. Glenn

#9 Newkid

Newkid

    Member

  • Retired Staff - Helper
  • Pip
  • 21 posts

Posted 24 May 2004 - 12:07 AM

Glenn, I guess the link is not working right now. You can view the same link contents here also.

Glad we could help !!

With thanks !
Newkid !
Once a new technology rolls over you, if you're not part of the streamroller, you're part of the road.

No one can drive us crazy unless we give them the keys




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button