"DSO Exploit" and "Ad Destroyer"

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by katy_bug, Sep 6, 2004.

  1. katy_bug

    katy_bug Private E-2

    Hello,
    I had an unfourtunate mishap with my computer this weekend and the next thing I knew there was spyware galore! I have done everything in the READ ME FIRST: Basic Spyware, Trojan And Virus Removal.

    While I do belive that I have removed most of the bad stuff on my computer, two things remain. When I run Spybot, "DSO Exploit" shows up. I tell it to delete it and it still shows up the next time I scan. I also have "Ad Destroyer" showing up in the program menu. When I click on it, it says "empty." I have tried deleting it and it still shows up after I reboot. Let me know if you want me to post a HJT log.
    Thanks in advance everyone! :)
     
    katy_bug, Sep 6, 2004
    #1
  2. Just Playin

    Just Playin MajorGeek

    DSO exploit is a Spybot bug. If you are up to date with all your patches, it isn't a problem. Just go into your settings menu and select ignore products option and put a check in the box beside DSO exploit. I'll leave the "Ad Destroyer" problem to an expert.
     
    Just Playin, Sep 6, 2004
    #2
  3. pegg

    pegg MajorGeek

    At this point in time, you can safely IGNORE the findings of DSO Exploit in SpyBot S&D...or you can tell SpyBot to ignore them (open SpyBot, at the top where it says FILE MODE LANGUAGE HELP -- click on MODE and chose Advanced. Then go to "settings" tab on left, choose "ignore Products" and scroll down to the DSO Exploit box and check it. Then SpyBot will ignore it in a scan.

    If you're uncomfortable doing this, don't --- and in some new SpyBot update they say they will fix this issue, so just ignore that it finds it for now, and later it will either not find it or when it does find it, there will be a problem (does that make sense?)

    I don't know anything about Ad Destroyer, sorry.
     
    pegg, Sep 6, 2004
    #3
  4. pegg

    pegg MajorGeek

    Just Playin typed a little less and typed faster -- sorry for the repitition. :cool:
     
    pegg, Sep 6, 2004
    #4
  5. pegg

    pegg MajorGeek

    pegg, Sep 6, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying there is an entry in your Program Files directory for Ad Destroyer?
    Did you have this installed and then you uninstalled it?

    If it is in Add/Remove programs, try uninstalling it. If it is already uninstalled, and the deleted directory just keeps coming back, you must have something on your system bring it back.

    By the way Ad Destroyer is a rogue/fake spy/ad ware removal tool.
     
    chaslang, Sep 6, 2004
    #6
  7. katy_bug

    katy_bug Private E-2

    About Ad Destroyer, when I go to start > all programs, it is listed as a program. When I click it, it just says "empty." I never installed it, it does not show up on ad/remove programs, and I cannot find a Program File associated with it. When I click it, it just says "empty." When I delete it from the all programs menu, it just reappears when I reboot.

    About DSO Exploit, are you saying I should just ignore?

    Thanks for the responses. I really appreciated it.
     
    katy_bug, Sep 6, 2004
    #7
  8. pegg

    pegg MajorGeek

    YEP! As long as you are up-to-date on Microsoft updates (as Chaslang mentions in that other thread I referred you to)
     
    pegg, Sep 6, 2004
    #8
  9. PhilliePhan

    PhilliePhan Guest

    Hi all,

    Don't know if this will help, but if my memory serves me well, Ad Destroyer runs on startup and must be disabled via Task Manager before it can be deleted. But, like I said, I'm not sure. . . ;)

    PP
     
    PhilliePhan, Sep 6, 2004
    #9
  10. pegg

    pegg MajorGeek

    "Ad Destroyer"

    That sounds like a good place to start ---

    What is your operating system?

    If you have Windows XP you probably have your "system restore" ON and you'll have to turn this off, probably start in safe mode and then try to find this program to delete it or use spyware programs to delete it, then reboot and your computer won't (hopefully) "restore" the files. That could be one of your problems.


    I did a search and found another forum dealing with this and they link it with "Virtual Bouncer" -- you may want to hunt for that too. One of these links mentioned where they "found" it in their computer...
    http://www.newbie.org/help/messages/29080.html
    http://www.newbie.org/help/messages/31435.html
    I don't think those sites add any extra info than what you'll find here:
    http://forums.majorgeeks.com/showthread.php?t=35407

    Is there anything there (that you told us you read) that you should re-do? If they said to do it in safe mode and/or with system restore off, did you?
    These things are very important.

    If you have done all of that...hmmmm .... well, come on back and let us know.
     
    pegg, Sep 6, 2004
    #10
  11. katy_bug

    katy_bug Private E-2

    Yes, I am running XP.
    Yes, I did everything exactly as the READ ME FIRST suggested including turning off the system restore and scanning in safe mode.
    I can try again.
     
    katy_bug, Sep 7, 2004
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Post a HijackThis log as a .txt file attachment. Make sure you use HijackThis 1.98.2 and that you attach the log. Do not post it inline. You will need to name the log with an extension of .txt (the default from HijackThis is .log)
     
    chaslang, Sep 7, 2004
    #12
  13. katy_bug

    katy_bug Private E-2

    Here is my log. I think I might have things cleaned up because everything seems to be running pretty good. Thanks again for your help.
    Kate
     

    Attached Files:

    katy_bug, Sep 8, 2004
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying Ad Destroyer is gone? You have some other items I would have HijackThis fix but first you need to get HijackThis out of the ZIP file and into its own directory as stated in the tutorial. Otherwise you will not get backups.

    After doing that run HJT and fix:
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    You should look into getting rid of this BroadJump foundation crap that your ISP probably put on your PC. I'm not sure whether any of this stuff is really needed but search the below links for those running processes.

    CFD.exe -- see http://www.answersthatwork.com/Tasklist_pages/tasklist_c.htm
    and BJCFD.exe here http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm
    CCD.exe -- see http://www.answersthatwork.com/Tasklist_pages/tasklist_c.htm
    tgcmd.exe -- see http://www.answersthatwork.com/Tasklist_pages/tasklist_t.htm
     
    chaslang, Sep 8, 2004
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds