Jump to content


Photo

DSO Exploit - cannot get rid?


  • Please log in to reply
1 reply to this topic

#1 Crunch

Crunch

    Member

  • New Member
  • Pip
  • 1 posts

Posted 20 July 2004 - 05:47 AM

Hi there, lately I’ve been having a lot of problems with popups on my computer when using any website. I have to run both spybot and ad-aware daily to just limit it and even when I do the scan before I shutdown the computer, spybot finds something called ‘DSO Exploit’ (shown in the logs below). I mainly use the website www.ebay.co.uk and for emailing. I never open attachments from emails I don’t recognise with them usually going straight to the bin. Any help?

* This is the log from Spybot before shutting the computer down:

DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3699524586-3866767467-3757752560-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

* Ad-aware Log before shut down:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :20 July 2004 10:56:10
Created with Ad-aware Personal, free for private use.
Using reference-file :01R325 27.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


20-07-2004 10:56:10 - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 20-07-2004 09:46:48
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 20-07-2004 09:46:51
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-07-2004 09:46:51
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 01/01/2003 08:34:55
Last accessed : 20/07/2004 09:46:46
Last modified : 20/01/2003 16:56:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-07-2004 09:46:51
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 01/01/2003 08:34:14
Last accessed : 20/07/2004 09:46:46
Last modified : 20/01/2003 17:21:00

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-07-2004 09:46:51
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 01/01/2003 08:35:04
Last accessed : 20/07/2004 09:46:46
Last modified : 20/01/2003 17:32:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-07-2004 09:46:51
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 01/01/2003 08:35:04
Last accessed : 20/07/2004 09:46:46
Last modified : 20/01/2003 17:32:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 20-07-2004 09:46:55
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 01/01/2003 08:35:02
Last accessed : 20/07/2004 09:46:46
Last modified : 20/01/2003 17:01:00

#:8 [ccevtmgr.exe]
FilePath : c:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 20-07-2004 09:46:55
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 14/11/2002 06:44:02
Last accessed : 20/07/2004 09:46:46
Last modified : 14/11/2002 06:44:02

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 20-07-2004 09:46:55
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 01/01/2003 08:33:21
Last accessed : 20/07/2004 09:51:28
Last modified : 20/01/2003 17:21:00

#:10 [nisum.exe]
FilePath : c:\Program Files\Norton Personal Firewall\
ThreadCreationTime : 20-07-2004 09:46:55
BasePriority : Normal
FileSize : 137 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
OriginalFilename : NISUM.exe
ProductName : Norton Internet Security
Created on : 08/02/2004 15:22:02
Last accessed : 20/07/2004 09:46:46
Last modified : 03/03/2003 13:06:36

#:11 [services.exe]
FilePath : C:\WINDOWS\System32\services\
ThreadCreationTime : 20-07-2004 09:46:56
BasePriority : Normal
FileSize : 48 KB
Created on : 30/06/2004 08:49:55
Last accessed : 20/07/2004 09:46:59
Last modified : 30/06/2004 08:49:55

#:12 [hpsysdrv.exe]
FilePath : C:\windows\system\
ThreadCreationTime : 20-07-2004 09:46:57
BasePriority : Normal
FileSize : 51 KB
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
OriginalFilename : hpsysdrv.exe
ProductName : hpsysdrv
Created on : 01/01/2003 18:07:56
Last accessed : 20/07/2004 09:46:46
Last modified : 07/05/1998 23:04:38

#:13 [ccpxysvc.exe]
FilePath : c:\Program Files\Norton Personal Firewall\
ThreadCreationTime : 20-07-2004 09:46:57
BasePriority : Normal
FileSize : 33 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
OriginalFilename : ccPxySvc.exe
ProductName : Norton Internet Security
Created on : 08/02/2004 15:22:01
Last accessed : 20/07/2004 09:46:46
Last modified : 03/03/2003 13:05:18

#:14 [kbd.exe]
FilePath : C:\HP\KBD\
ThreadCreationTime : 20-07-2004 09:46:57
BasePriority : High
FileSize : 60 KB
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
Copyright : Copyright
CompanyName : Hewlett-Packard Company
FileDescription : KBD EXE
InternalName : KBD EXE
OriginalFilename : Kbd.exe
ProductName : Hewlett-Packard Company KBD EXE
Created on : 01/01/2003 18:30:55
Last accessed : 20/07/2004 09:46:46
Last modified : 12/02/2003 03:02:48

#:15 [navapsvc.exe]
FilePath : c:\Program Files\Norton AntiVirus\
ThreadCreationTime : 20-07-2004 09:46:57
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 15/11/2002 09:41:26
Last accessed : 20/07/2004 09:46:46
Last modified : 15/11/2002 09:41:26

#:16 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 20-07-2004 09:46:58
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 04/01/2004 23:14:48
Last accessed : 20/07/2004 09:52:32
Last modified : 02/12/2003 16:11:04

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-07-2004 09:46:58
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 01/01/2003 08:35:04
Last accessed : 20/07/2004 09:46:46
Last modified : 20/01/2003 17:32:00

#:18 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ThreadCreationTime : 20-07-2004 09:46:58
BasePriority : Normal
FileSize : 328 KB
FileVersion : 6.14.10.5024
ProductVersion : 6.14.10.5024
Copyright : Copyright © 1998-2002 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 29/11/2003 18:40:41
Last accessed : 20/07/2004 09:46:46
Last modified : 19/07/2003 21:10:00

#:19 [hpwuschd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\
ThreadCreationTime : 20-07-2004 09:46:58
BasePriority : Normal
FileSize : 48 KB
Created on : 17/12/2002 11:40:22
Last accessed : 20/07/2004 09:46:46
Last modified : 17/12/2002 11:40:22

#:20 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 20-07-2004 09:46:58
BasePriority : Normal
FileSize : 40 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 02/12/2002 20:56:10
Last accessed : 20/07/2004 09:46:46
Last modified : 02/12/2002 20:56:10

#:21 [mounter.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ThreadCreationTime : 20-07-2004 09:46:58
BasePriority : Normal
FileSize : 56 KB
FileVersion : 2.0.0.1
ProductVersion : 2.0.0.1
Copyright : Copyright © 2001
CompanyName : Mustek System Inc.
FileDescription : MDC3000
InternalName : Mounter
OriginalFilename : Mounter.exe
ProductName : Mustek MDC 3000 Mounter
Created on : 13/01/2004 17:50:40
Last accessed : 20/07/2004 09:46:46
Last modified : 23/01/2002 10:59:54

#:22 [ru2.exe]
FilePath : C:\documents and settings\owner\local settings\temp\
ThreadCreationTime : 20-07-2004 09:46:59
BasePriority : Normal
FileSize : 228 KB
Created on : 30/06/2004 18:13:43
Last accessed : 20/07/2004 09:46:46
Last modified : 30/06/2004 18:13:43

#:23 [dvsl.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-07-2004 09:46:59
BasePriority : Normal
FileSize : 344 KB
Created on : 06/07/2004 07:24:04
Last accessed : 20/07/2004 09:46:46
Last modified : 01/07/2004 16:23:07

#:24 [eber.exe]
FilePath : C:\Documents and Settings\Owner\Application Data\
ThreadCreationTime : 20-07-2004 09:46:59
BasePriority : Normal
FileSize : 74 KB
Created on : 07/07/2004 15:24:43
Last accessed : 20/07/2004 09:46:46
Last modified : 07/07/2004 15:24:43

#:25 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ThreadCreationTime : 20-07-2004 09:47:00
BasePriority : Normal
FileSize : 196 KB
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
Copyright : Copyright 2000-2003 FUJI PHOTO FILM CO.,LTD.
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
OriginalFilename : QuickDCF.exe
ProductName : FinePixViewer
Created on : 29/11/2003 19:08:20
Last accessed : 20/07/2004 09:47:00
Last modified : 20/12/2002 16:18:40

#:26 [atdialler1.exe]
FilePath : C:\freeserve\freeserveconnectionkit\
ThreadCreationTime : 20-07-2004 09:47:00
BasePriority : Normal
FileSize : 152 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett Packard
FileDescription : Micro Dialler for Freeserve
InternalName : RasApp
OriginalFilename : RasApp.exe
ProductName : Micro Dialler
Created on : 28/05/2003 13:48:10
Last accessed : 20/07/2004 09:47:03
Last modified : 28/05/2003 13:48:10

#:27 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 20-07-2004 09:48:06
BasePriority : Normal
FileSize : 145 KB
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 01/01/2003 08:36:16
Last accessed : 20/07/2004 09:48:06
Last modified : 09/02/2004 21:09:02

#:28 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ThreadCreationTime : 20-07-2004 09:55:13
BasePriority : Normal
FileSize : 8592 KB
FileVersion : 9.0.2717
ProductVersion : 9.0.2717
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Word for Windows
InternalName : WinWord
OriginalFilename : WinWord.exe
ProductName : Microsoft Office 2000
Created on : 18/03/1999 05:38:10
Last accessed : 20/07/2004 09:55:13
Last modified : 18/03/1999 05:38:10

#:29 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 20-07-2004 09:55:39
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14/04/2003 19:30:14
Last accessed : 20/07/2004 09:46:46
Last modified : 14/04/2003 19:30:14

#:30 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 20-07-2004 09:55:57
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12/12/2003 17:59:12
Last accessed : 20/07/2004 09:55:57
Last modified : 12/07/2003 22:00:20

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{5321e378-ffad-4999-8c62-03ca8155f0b3}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : replace.hbo


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : replace.hbo.1


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : amateur


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : anal


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : ass


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : fuck


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : hardcore


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : incest


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : lolita


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : pissing


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : porn


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : porno


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : sex


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : tgp


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : thumb


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : underage


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 17
Objects found so far: 17


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 17


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : owner@bluestreak[1].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 19/07/2004 21:59:46
Last accessed : 20/07/2004 09:57:47
Last modified : 19/07/2004 21:59:46


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : xpsystem


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Titles
Value : {not_found}


CoolWebSearch Object recognized!
Type : File
Data : 2.01.00.dll
Object : c:\windows\system32\services\
FileSize : 136 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : Replace Module
InternalName : Replace
OriginalFilename : Replace.DLL
ProductName : Replace Module
Created on : 19/07/2004 22:14:38
Last accessed : 20/07/2004 09:47:59
Last modified : 19/07/2004 22:14:38



CoolWebSearch Object recognized!
Type : File
Data : crontab.ini
Object : c:\windows\system32\services\
FileSize : 1 KB
Created on : 19/07/2004 21:58:41
Last accessed : 20/07/2004 09:46:59
Last modified : 19/07/2004 22:14:39



CoolWebSearch Object recognized!
Type : File
Data : keywords.ini
Object : c:\windows\system32\services\

Created on : 19/07/2004 21:58:42
Last accessed : 20/07/2004 09:58:25
Last modified : 19/07/2004 22:14:40



CoolWebSearch Object recognized!
Type : File
Data : sl.ini
Object : c:\windows\system32\services\

Created on : 19/07/2004 21:58:43
Last accessed : 20/07/2004 09:58:25
Last modified : 19/07/2004 22:14:41



CoolWebSearch Object recognized!
Type : File
Data : titles.ini
Object : c:\windows\system32\services\

Created on : 19/07/2004 21:58:43
Last accessed : 20/07/2004 09:46:59
Last modified : 19/07/2004 22:14:41



Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 8
Objects found so far: 26


10:58:26 Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:14:859
Objects scanned :47704
Objects identified :26
Objects ignored :0
New objects :26

Spybot after restart:
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3699524586-3866767467-3757752560-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
Any help would be greatly received. Thankyou :]

#2 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 20 July 2004 - 05:49 AM

Hi Crunch,

That's a bug from Spybot SD. Just ignore it ;)
Nucia Security Forums - Dutch Anti-Malware Support




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button