Chaslang, need some suggestions

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by BluesMan, Aug 17, 2004.

  1. BluesMan

    BluesMan Sgt. Snot Bubble

    First off what Ive tried so far:
    Running 1.3 8-11-2004 Spybot S&D - Spybot keeps finding these items
    VXZ/f
    downloadware
    DSO
    AMO (american medical online)
    *says it will fix them on reboot...never can for some reason*

    Running adawareSE SE1R4 8-16-2004 - finds the same things, says it deletes them, they come right back. It also detects CoolWebSearch even though I have run latest version of CWShredder and gone thru the steps for deleting the registry entries manually.....

    HJT 1.98.2
    Got it down to only 3 items and they are mostly for Mcafee virusscan so they should be ok, although virus scan seems to disable itself out of the blue for no reason (7.1 , engine 4.3.20, defs 4385)

    ---- I have tried manually deleting the registry entries for the DSO exploit located inthe ZONES folders (1004 entries) but they still come right back. I have also downloaded and run the DSO removal tool, no luck. I guess I'm not exactly sure what I should look at next to get rid of the exploit and other issues. Any pointers are greatly appreciated. I am actually hoping you can point me in the right direction rather than just giving me the fix, if there is one, as i'm trying to learn this stuff myself :D.
     
    BluesMan, Aug 17, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Hi Bluesman,

    Read both 1 & 2 before continuing (since you did say you would like to learn):

    1) As for the DSO Exploit issues with SpyBot, it is a bug with SpyBot. If your PC is up to date with Microsoft's Critical Updates, you can ignore them and also configure SpyBot to ignore them too. In Advance Mode, Settings, under Ignore Products put a check on DSO Exploit. By the way before doing that, make sure everything else is unchecked. SpyBot has a bug and leaves 4 items checked (to disable them) that you do not want disabled. Just right click in the window and deselect all. Then check the DSO Exploit.

    2) Or you could see about a Beta Main 1.3.1 fix for SpyBot. I cannot verify it, because I do not have the problem and I have not located this Beta file anywhere yet. Check out this thread and let me know what you learn:
    http://forums.net-integration.net/index.php?showtopic=17159&st=0


    For some of the other problems, try running both SpyBot and Ad-aware after booting in safe mode with no internet connection available (unplugging cable is the best way to guarantee that).

    See these for downloadware problems:
    http://www.spy-bot.net/DownloadWare.asp
    http://www.doxdesk.com/parasite/DownloadWare.html
    http://www.pestpatrol.com/PestInfo/d/downloadware.asp


    If McAfee virus scan is "disabling itself out of the blue for no reason" , I would worry about that. You may want to run some of the available online scans:
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    http://www.ravantivirus.com/scan/

    Let's see where all that gets you. If still have a problem, tell me what is still wrong and post your HJT log attachment.
     
    Last edited: Aug 17, 2004
    chaslang, Aug 17, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds