• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
CoachNed

DSO Exploit - persistent

8 posts in this topic

I've read the FAQ's and I'm familiar with the procedure. This is my 16 year old daughter's computer. She is supposed to be using this computer only for homework and homework-related browsing. Yeah, right! Her complaint is basically slow booting (3-4 minutes) and slow operation. Spyware S&D shows "DSO Exploit" as the spyware problem. I delete it--it comes back on re-boot. Over and over. I'm guessing that this is a simple fix, but what do I know? Appreciate any help or advice.

 

Here is my HJT log:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:05:54 PM, on 5/22/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\PROMON.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

C:\PROGRAM FILES\LINKSYS\WPC11 CONFIG UTILITY\WPC11CFG.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMFILES\ADOBEACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE

O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [AIM] C:\MY DOCUMENTS\PHYSICS\aim.exe -cnetwait.odl

O4 - Startup: Microsoft Office Find Fast Indexer.lnk = C:\ProgramFiles\MSOffice\Office\FINDFAST.EXE

O4 - Startup: Microsoft Office Fast Start.lnk = C:\ProgramFiles\MSOffice\Office\FASTBOOT.EXE

O4 - Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: AIM (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7910.6673958333

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://kungfuchess.com/activex/web665.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

Share this post


Link to post
Share on other sites

Hi,

As long as your system is fully patched = all Windows Update "Critical Updates" installed. Then this is a non-issue and you can put that item in the "Ignore List"

 

Run SpyBot, click Settings, select: "Ignore Products"

Click the Security tab and place a check in "DSO Exploit"

 

As for running slow ...

I don't see any nasties in your log ...

 

It could be just too much running in the background (loading from Startup)

 

[Example]

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - Startup: Microsoft Office Find Fast Indexer.lnk = C:\ProgramFiles\MSOffice\Office\FINDFAST.EXE

O4 - Startup: Microsoft Office Fast Start.lnk = C:\ProgramFiles\MSOffice\Office\FASTBOOT.EXE

 

You could have HijackThis "fix" those optional entries, these are not really required and do not affect the operation of the programs themselves.

 

Then do the usual stuff ... Defrag, Scandisk, etc.

 

Note: for a 16 yr. old that log is very clean ...

Give her a pat on the back ...

Edited by WinHelp2002

Share this post


Link to post
Share on other sites

This is a Celeron 466 with limited RAM so good suggestions on dumping some of the background apps. Yes, Win 98 is updated (by me) pretty regularly. But I'm not sure I understand your instructions about DSO Exploit. Are you saying that this is not spyware and that I should just ignore it and instruct Spybot to ignore it?

Share this post


Link to post
Share on other sites

Coach,

Yes, Win 98 is updated (by me) pretty regularly.

When you go to Windows Update and run a scan, is there any "Critical Updates" offered? If so install them all!

Are you saying that this is not spyware

Exactly, SpyBot is detecting an internal Registry setting, that has nothing to do with "spyware".

I should just ignore it and instruct Spybot to ignore it?

Only if properly patched ... if so then add that entry to the "Ignore List"

Share this post


Link to post
Share on other sites

Thanks. I ran Windows Update again and there were no Criticals to install. I reduced the number of background programs. Then I started a full system scan using NAV. That's when Norton came back and said that there was not enough free disk space to run NAV.

 

"What the heck?", I said to myself, "this computer has a 6 gig hard drive--how much homework is she storing on here?" So I took a look, and sure enough there was only 10mb free. Using Windows Explorer, I took a closer look and found nearly 5 gigs of data in "My Music!" She does not have Kazza or any file sharing apps, so I questioned the 16 year old directly. Turns out that she likes to listen to music while she's doing her homework and because she does not have a stereo in her room, she has been copying all her music CD's to her hard drive. (Light bulb comes on over dense Dad's head.) We are now picking and choosing which CD's to delete in order to free up some space.

 

So, not malware at all, just your run of the mill PEBKAC.

 

(Problem Exists Between Keyboard And Chair)

Share this post


Link to post
Share on other sites

Coach,

Turns out that she likes to listen to music while she's doing her homework

You could have had a 16 yr. old son with a hard drive full of ... well you know what I mean.

 

We are now picking and choosing which CD's to delete

Hint: when you go to delete them, hold down the "Shift" key to bypass the Recycle Bin, otherwise you will not gain any space as they will just be stored there instead of My Music.

 

Once you get things cleaned up ... resize the browser cache

http://www.mvps.org/winhelp2002/delcache.htm

The default 10% is way too big. 50 mb is fine ...

 

Important: restart in Safe Mode and run Scandisk, then Defrag to clear up the "Free Space", etc.

 

Don't forget that "pat on the back" she sounds like a good kid!

Platform: Windows 98 SE (Win9x 4.10.2222A)

Hey Dad you think it's time for a upgrade? {grin}

Share this post


Link to post
Share on other sites
O4 - HKCU\..\Run: [AIM] C:\MY DOCUMENTS\PHYSICS\aim.exe -cnetwait.odl

LOL @ sticking AIM in the Physics folder so Dad can't find it

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0