 |  |  |  |  |  |  |  |
DSO exploit and Download Accelerator
 |
Hi,
I scaned with spybot SD this win 98 and found 2 threats:
DSO exploit and Download Accelerator.
Tried to fix, said DSO was fixed and Download Acc in next scan
on reboot. After rebooting both appear...
(not so fixed seems)
Hijack this log is:
Logfile of HijackThis v1.97.7
Scan saved at 08:48:40 p.m., on 20/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\ARCHIVOS DE PROGRAMA\AGATE TIOMAN\TIOMAN.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\ARCHIVOS DE PROGRAMA\IHATESPAM OUTLOOK EXPRESS EDITION\PIISERVICEOE.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCAPP.EXE
C:\ARCHIVOS DE PROGRAMA\BABYLON\BABYLON.EXE
C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\ARCHIVOS DE PROGRAMA\PROGRAMA DE UTILIDAD CONFIGURACIóN\TASKBAR.EXE
C:\ARCHIVOS DE PROGRAMA\BABYLON\utils\shlhook.exe
D:\HIJACKTHIS.EXE
D:\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃ*nculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [TiomanExe] C:\Archivos de programa\Agate Tioman\Tioman.Exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [piiserviceOE] "C:\ARCHIVOS DE PROGRAMA\IHATESPAM OUTLOOK EXPRESS EDITION\piiserviceOE.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\ARCHIV~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\ARCHIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Babylon Client] C:\Archivos de programa\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\ARCHIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Configuración de ThinkPad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://c:\ARCHIV~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?38145.7209375
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
Can you help me please?
Thank you!
I scaned with spybot SD this win 98 and found 2 threats:
DSO exploit and Download Accelerator.
Tried to fix, said DSO was fixed and Download Acc in next scan
on reboot. After rebooting both appear...
(not so fixed seems)
Hijack this log is:
Logfile of HijackThis v1.97.7
Scan saved at 08:48:40 p.m., on 20/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\ARCHIVOS DE PROGRAMA\AGATE TIOMAN\TIOMAN.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\ARCHIVOS DE PROGRAMA\IHATESPAM OUTLOOK EXPRESS EDITION\PIISERVICEOE.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCAPP.EXE
C:\ARCHIVOS DE PROGRAMA\BABYLON\BABYLON.EXE
C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\ARCHIVOS DE PROGRAMA\PROGRAMA DE UTILIDAD CONFIGURACIóN\TASKBAR.EXE
C:\ARCHIVOS DE PROGRAMA\BABYLON\utils\shlhook.exe
D:\HIJACKTHIS.EXE
D:\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃ*nculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [TiomanExe] C:\Archivos de programa\Agate Tioman\Tioman.Exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [piiserviceOE] "C:\ARCHIVOS DE PROGRAMA\IHATESPAM OUTLOOK EXPRESS EDITION\piiserviceOE.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\ARCHIV~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\ARCHIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Babylon Client] C:\Archivos de programa\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\ARCHIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Configuración de ThinkPad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://c:\ARCHIV~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?38145.7209375
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
Can you help me please?
Thank you!
•
•
Join Date: Feb 2004
Posts: 10,034
Reputation: 
Solved Threads: 761
Have HJT fix this entry:
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
Please go here & install ALL critical updates required for your system.
Check for updates with spybot. Do you have the latest version? 1.3 is the latest. If you still have the warning come up (DSO), try the spybot forums as this has been a recent problem with spybot.
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
Please go here & install ALL critical updates required for your system.
Check for updates with spybot. Do you have the latest version? 1.3 is the latest. If you still have the warning come up (DSO), try the spybot forums as this has been a recent problem with spybot.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
i just found out how to get rid of the DSO EXPLOIT:
run regedit and find all those values that spybot reported to have a problem, one by one. Spybot also gives you their full paths, so it's easy to find them. if they are "DWORD" values, just right-click on them, choose to modify them, and set them to 3. if they are not "DWORD" values, but "SZ" values, delete them first, then right-click (anywhwre in that window) and chose "new" and "dword value" -> now you have a new dword, set it's name to the name of the value you deleted, and set it's value to 3.
run regedit and find all those values that spybot reported to have a problem, one by one. Spybot also gives you their full paths, so it's easy to find them. if they are "DWORD" values, just right-click on them, choose to modify them, and set them to 3. if they are not "DWORD" values, but "SZ" values, delete them first, then right-click (anywhwre in that window) and chose "new" and "dword value" -> now you have a new dword, set it's name to the name of the value you deleted, and set it's value to 3.
I did changed to 3 the value of DSO in the entry, but spybot stills find it.
cant you just delete it?
what about Download Accelerator?
Thanks!
cant you just delete it?
what about Download Accelerator?
Thanks!
•
•
Join Date: Aug 2003
Posts: 9,699
Reputation:
Solved Threads: 508
set spybot to ignore them ,as long as you have all your windows updates it will be ok .In spybot go to mode /check advanced ,then go to settings ,click on ignore programs and scroll down to DSO expoits and check to ignore .
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Thanks!
Can some one tell me a manual removal or product to get rid of it please?
Still having in my system that pest...
Can some one tell me a manual removal or product to get rid of it please?
Still having in my system that pest...
•
•
Join Date: Aug 2003
Posts: 9,699
Reputation:
Solved Threads: 508
•
•
•
•
Originally Posted by z3r0
Thanks!
Can some one tell me a manual removal or product to get rid of it please?
Still having in my system that pest...
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
•
•
•
•
Originally Posted by caperjack
Finding it is a bug in spybot ,so you should just set it to ignore it .
•
•
Join Date: Aug 2003
Posts: 9,699
Reputation:
Solved Threads: 508
No it is not evil!1I only know that because the people in the know ,who created spybot and run the board where i Learned to read hijackthis logs ,Tell me its ok to just let spy-bot ignore it !
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
Wubi is an officially supported Ubuntu Linux installer for Windows .
http://wubi-installer.org/
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Daraven Dreaga's UPDATED HJT log
- Next Thread: Serious Problem w/ spyware
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
