Jump to content


Guest log - SpybotSD DSO Exploit


  • This topic is locked This topic is locked
5 replies to this topic

#1 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 08 June 2004 - 01:06 PM

Hi: when I run spybot it always shows a DSO Exploit problem. It lists 4 problems in this fix and shows up everytime I run spybot. I have also list my HJT log below.
Thank you in advance for your help.
Logfile of HijackThis v1.97.7
Scan saved at 1:59:12 PM, on 6/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\craig\Local Settings\Temporary Internet Files\Content.IE5\YFRG1PMT\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://scheo.com/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://scheo.com/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.yahoo.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [System Tray] C:\WINDOWS\msccn32.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [Regsvc] C:\WINDOWS\system\regsv.exe
O4 - HKLM\..\Run: [PPMemCheck] "C:\Program Files\PestPatrol\PPMemCheck.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -aim
O4 - Global Startup: HPAiODevice(hp officejet v series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 2.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8111.8868287037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B546745-B9A2-4A97-BE61-5632F0640654}: NameServer = 206.47.244.54 206.47.244.91

#2 reeroy

reeroy

    Member

  • New Member
  • Pip
  • 1 posts

Posted 09 June 2004 - 02:07 AM

Hi,
:unsure: 1st post... I am having the same problem. I run SpybotS&D and it finds 4 DSO exploits. I hit the fix button and it says that they are fixed. Then after the next reboot, the exploit is listed as being there again. Same ones... They are all registry entries. I will post a log also if it is needed. Thnx ahead of time for any help!

Burrrpp :gack: ---Ewwww, he just puked air


Posted Image<-Me :cool: MyBand&Music

Edited by reeroy, 09 June 2004 - 02:13 AM.


#3 [dp]

[dp]

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 August 2004 - 05:53 PM

This may help explain the DSO Exploits you are seeing: DSO Exploit

#4 CyberRaptor

CyberRaptor

    Move Zig

  • Full Member
  • PipPipPip
  • 161 posts

Posted 07 August 2004 - 06:03 PM

The link is dead. What is a DSO exploit?

Edited by CyberRaptor, 07 August 2004 - 06:04 PM.


#5 [dp]

[dp]

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 August 2004 - 06:22 PM

The link is dead. What is a DSO exploit?

I just checked the link and it's good. This link, http://www.nsclean.com/dsostop.html provides an explanation of what the DSO Exploit is and this link from the Spybot forum explains as it pertains to Spybot. http://forums.net-in...showtopic=17159

#6 Sh¦ftY

Sh¦ftY

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 31 May 2005 - 06:27 AM

use the windows update to download the internet explorer update to fix this DSO Exploit or just get the update for spybot - S&D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button