Huntbar and DSO exploit on spybot

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mbini, Oct 3, 2004.

  1. mbini

    mbini Private E-2

    Does anyone know how to fix huntbar which keeps coming inspite of running spybot, adaware and hijackthis. The first two files on the log can't get fixed. the next five get fixed but keep coming back at every scan. please advice.

    Here is the spybot log
    Huntbar.Stoolbar: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-18\Software\Search Toolbar

    Huntbar.Stoolbar: User settings (Registry key, fixing failed)
    HKEY_USERS\.DEFAULT\Software\Search Toolbar

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-21-927890586-3057704224-645757453-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
     
    mbini, Oct 3, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As long as you have all of your Windows Updates you can ignore Spybot's messages about DSO Exploit. It is a well know bug. You can all configure it to Ignore them so you no longer get the message. Let's fix that and another Spybot bug which disables looking for a few malware products.

    Run SpyBot and get into the Advanced mode by selecting Mode and then Advanced mode. Then select Settings and the in the left column select Ignore Products. Select the All products tab is selected. Then in the right window, right click your mouse and choose "Deselect all". Now in the right window pane select the Security tab and put a check on DSO Exploit. You should now do the following to make sure you are updated and scan for the items just enabled. In the left pane click at the top on SpyBot S&D and then choose Search for Updates. Download any updates required. Now click Check for Problems. Fix any that are found.

    And now to continue cleaning: please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    If this does not resolve your remaining issues, come back and let us know.
     
    chaslang, Oct 3, 2004
    #2
  3. mbini

    mbini Private E-2

    Thanks for the advice.
    Followed all the steps. I found trojanproxy.win32.agent.dam#2 this virus in windows/system32/vftqmpvn.exe in online scan with RAV. Nothing else on any other scans.
    How to get rid of this virus?
    How do I get rid of that Huntbar?
     
    mbini, Oct 4, 2004
    #3
  4. Kodo

    Kodo SNATCHSQUATCH

    Kodo, Oct 4, 2004
    #4
  5. mbini

    mbini Private E-2

    Thanks Kodo. Have already done scan with a-squared. No malware detected on that.
     
    mbini, Oct 4, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Didn't RAV fix it?

    The Huntbar.Stoolbar registry entries may require manual removal in safe mode but first post a HijackThis log as a .txt file attachment.
     
    chaslang, Oct 4, 2004
    #6
  7. mbini

    mbini Private E-2

    Unfortunately RAV did not fix it.
    Attaching HijackLog file with this message.
    Please let me know how to fix it.
     

    Attached Files:

    mbini, Oct 4, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure viewing of hidden files is enabled and system restore is disabled.

    Boot in safe mode and use Windows Explorer to delete:
    c:\windows\system32\vftqmpvn.exe
     
    chaslang, Oct 4, 2004
    #8
  9. mbini

    mbini Private E-2

    I will delete the file as you mentioned. Is HJT log okay otherwise?
     
    mbini, Oct 4, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes, your log is okay. What about the registry entries for Huntbar?
     
    chaslang, Oct 4, 2004
    #10
  11. mbini

    mbini Private E-2

    Do you want me to manually remove them from registry?
     
    mbini, Oct 4, 2004
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you still have a problem with them showing up, yes.
     
    chaslang, Oct 4, 2004
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds