DSO Exploit and FUN Webs, keep coming back!

why do these two programs continue to come back again and again.

I have done EVERYTHING in the Major Attitude posting to prepare my computer, then installed all of the programs he recommended, and to no avail..TODAY, DSO Exploit and FunWeb is back.\

Does anyone know how these sneak back onto my computer?

 

Download & Install theSpybot - Search and Destroy DSO Exploit Fix 1.3.1 TX

After doing this procede to the next steps!

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

• Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Hijack This

here ya go

and keep in mind I have ran the spybot program you suggested many times and it makes DSO EXPLOIT go away, but it still........comes back.

Thanks very much.

and no more PMs.sorry.

 

Re: Hijack This

Read Closely, attach me a current HJT log.

 

Current Hjt Log

Logfile of HijackThis v1.99.1
Scan saved at 8:06:36 PM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Please follow forum guidelines, read my post AGAIN!!!! (Post #2)

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

Now, post another log as an ATTACHMENT to your next post as a .txt or .log file

 

Re:CURRENT LOG ATTACHMENT

here is my attachment.

 

Are you familiar with BayScribe? If so, ignore it throughout this fix!

Please look in Add or Remove Programs for the following and Uninstall them if found:

BayScribe

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

dlbtcoms.exe

NOW:
Click Start > Run > type services.msc and Click OK

Locate dlbt_device - Dell and Right Click on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply.

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavi lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yaho o.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: BayScribeObj Class - {5E028439-81C7-4B82-BC74-25156306F532} - C:\Program Files\BayScribe\\bayscribe.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - blank (file missing)
O3 - Toolbar: (no name) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - blank (file missing)

O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\BayScribe ←–– Delete this whole folder if it exist!

C:\WINDOWS\system32\dlbtcoms.exe

C:\WINDOWS\about.htm

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Heres the LATEST!

Did everything you said.

First here are the problems I ran into while doing what you said.

1. Cannot Remove FUNWEB, with any of the software you asked me to run,.

Second, here are the NEW issues after I did everything you said.

1. On reboot, I am getting this message: AOL Parenteral Controls are NOT set, do you want to set them?

2. On reboot, I am getting this message, and this is NEW. NORTON 2005 DOES NOT SUPPORT THE REPAIR FEATURE, PLEASE UNINSTALL AND REINSTALL. ( I bought this off line).

3. Bayscribe. I cannot remove this because it is hospital software whom I am employed for.

4. Whenever I install Spybot and CC cleaner, and HS REMOVE, and KILL 2 me and all the others, My Bayscribe software DOESNT WORK. So after I use them, I have to delete them ALL off of my computer.

5. I am only running NOrtin 2005 INternet Security and Antivirus currently. I do have AVG on my computer and SA-Adware which I can use.

Your new thoughts??

 

Re: OOPS i forget to attach the log, hERE ya go

Heres the LATEST!

Did everything you said.

First here are the problems I ran into while doing what you said.

1. Cannot Remove FUNWEB, with any of the software you asked me to run,.

Second, here are the NEW issues after I did everything you said.

1. On reboot, I am getting this message: AOL Parenteral Controls are NOT set, do you want to set them?

2. On reboot, I am getting this message, and this is NEW. NORTON 2005 DOES NOT SUPPORT THE REPAIR FEATURE, PLEASE UNINSTALL AND REINSTALL. ( I bought this off line).

3. Bayscribe. I cannot remove this because it is hospital software whom I am employed for.

4. Whenever I install Spybot and CC cleaner, and HS REMOVE, and KILL 2 me and all the others, My Bayscribe software DOESNT WORK. So after I use them, I have to delete them ALL off of my computer.

5. I am only running NOrtin 2005 INternet Security and Antivirus currently. I do have AVG on my computer and SA-Adware which I can use.

Your new thoughts??

 

OH OH

one more thing.

My Norton Internet Security is constantly alerting me that "A REMOTE SYSTEM IS TRYING TO ACCESS YOUR COMJPUTER"

can this be related to just popups?? or does it actually mean an attack?


Sometimes my Norton Logs tell me that "A RECENT ATTACK WAS BLOCKED"

 

Re: OOPS i forget to attach the log, hERE ya go

I know nothing about AOL, sorry! If they are not set, I guess you should set them?

Did you rename or delete the Start > All Programs > Norton AntiVirus 2005 folder?

Thats why I asked if you knew the program or not and if you did to ignore it.

You shouldnt be using anything unless I request you to. Running these tools can cause problems if the infection(s) does not exist.

You must uninstall AVG or Norton, pick between them. Running both will cause conflicts on your computer.

This could be a WORM, this could be any type of attack. It could be anything. Just keep blocking them, my personal opinion I would do without Norton Firewall and go with ZoneAlarm, but thats up to you.

Allow me a moment to check you new log.

 

Your log is clean!

Now uninstall all of the programs I had you install. Also, be sure you uninstall one of your antivirus programs.

Are you having any furhter problems?

 

okay

i deleted Norton Internet Security and Norton AntiVirus because the entire program went crazy and Im sick of the alerts. It is constantly warning me about settings I know nothing about, which is more danger than good for me.

Now, which should I run? AVG or ZoneAlarm? Also if I run AVG, after it scans, is it working while it is minimized to the tray?

Next Problem: I cannot get my printer to work. It keeps looking for a file DLBTDR5C.DLL and i cannot locate the disk. It is a DELL AIO 922. Any suggestions?

Also, I really think I should run one more Hijack Lock for you , because some strange things happened this morning I am worried about open ports being accessed. I am constantly get alerts and if I disable a port, I lose internet connection, etc. If I dont disable another port, I get hacked. How can I get educated on this? It says I have 10 open network connections/ports??

 

AVG is antivirus software and ZoneAlarm is a firewall, you can run both but remember to only run one antivirus and one firewall.

Post this printer problem in the Software Forum, I would assist you with it but I am tied up in this forum.

Go ahead and attach one last HJT log to confirm your clean as per your request.

 

I think I see the problem Im not 100%, If im wrong I apologize. I have too much going on here at and work. lol

The confusion I think is with these 2 files.

dlbtbmon.exe & dlbtcoms.exe

And this service:

dlbt_device - Dell

 

yes i deleted the wrong one and cant get back. the file on line at dell isnt working either.