943,929 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > DSO exploit and Download Accelerator
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jun 20th, 2004
0

DSO exploit and Download Accelerator

Expand Post »
Hi,
I scaned with spybot SD this win 98 and found 2 threats:
DSO exploit and Download Accelerator.
Tried to fix, said DSO was fixed and Download Acc in next scan
on reboot. After rebooting both appear...
(not so fixed seems)

Hijack this log is:

Logfile of HijackThis v1.97.7
Scan saved at 08:48:40 p.m., on 20/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\ARCHIVOS DE PROGRAMA\AGATE TIOMAN\TIOMAN.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\ARCHIVOS DE PROGRAMA\IHATESPAM OUTLOOK EXPRESS EDITION\PIISERVICEOE.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCAPP.EXE
C:\ARCHIVOS DE PROGRAMA\BABYLON\BABYLON.EXE
C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\ARCHIVOS DE PROGRAMA\PROGRAMA DE UTILIDAD CONFIGURACIóN\TASKBAR.EXE
C:\ARCHIVOS DE PROGRAMA\BABYLON\utils\shlhook.exe
D:\HIJACKTHIS.EXE
D:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃ*nculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Archivos de programa\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [TiomanExe] C:\Archivos de programa\Agate Tioman\Tioman.Exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [piiserviceOE] "C:\ARCHIVOS DE PROGRAMA\IHATESPAM OUTLOOK EXPRESS EDITION\piiserviceOE.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\ARCHIV~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\ARCHIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Babylon Client] C:\Archivos de programa\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\ARCHIV~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Archivos de programa\Archivos comunes\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\ARCHIVOS DE PROGRAMA\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Configuración de ThinkPad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm
O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm
O8 - Extra context menu item: &Google Search - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &Download with &DAP - C:\ARCHIV~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\ARCHIV~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://c:\ARCHIV~1\MICROS~2\OFFICE10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?38145.7209375
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab


Can you help me please?
Thank you!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
z3r0 is offline Offline
19 posts
since Jun 2004
Permalink
Jun 21st, 2004
0

Re: DSO exploit and Download Accelerator

Have HJT fix this entry:

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

Please go here & install ALL critical updates required for your system.

Check for updates with spybot. Do you have the latest version? 1.3 is the latest. If you still have the warning come up (DSO), try the spybot forums as this has been a recent problem with spybot.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
Jun 22nd, 2004
0

Re: DSO exploit and Download Accelerator

i just found out how to get rid of the DSO EXPLOIT:
run regedit and find all those values that spybot reported to have a problem, one by one. Spybot also gives you their full paths, so it's easy to find them. if they are "DWORD" values, just right-click on them, choose to modify them, and set them to 3. if they are not "DWORD" values, but "SZ" values, delete them first, then right-click (anywhwre in that window) and chose "new" and "dword value" -> now you have a new dword, set it's name to the name of the value you deleted, and set it's value to 3.
Reputation Points: 11
Solved Threads: 0
Light Poster
marijana is offline Offline
40 posts
since Jun 2004
Permalink
Jun 22nd, 2004
0

Re: DSO exploit and Download Accelerator

I did changed to 3 the value of DSO in the entry, but spybot stills find it.
cant you just delete it?
what about Download Accelerator?

Thanks!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
z3r0 is offline Offline
19 posts
since Jun 2004
Permalink
Jun 22nd, 2004
0

Re: DSO exploit and Download Accelerator

set spybot to ignore them ,as long as you have all your windows updates it will be ok .In spybot go to mode /check advanced ,then go to settings ,click on ignore programs and scroll down to DSO expoits and check to ignore .
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is offline Offline
12,725 posts
since Aug 2003
Permalink
Jun 23rd, 2004
0

Re: DSO exploit and Download Accelerator

sorry , it worked for me..... after setting them to 3 , spybot doesn't complain about them anymore.
Reputation Points: 11
Solved Threads: 0
Light Poster
marijana is offline Offline
40 posts
since Jun 2004
Permalink
Jun 24th, 2004
0

Re: DSO exploit and Download Accelerator

Thanks!

Can some one tell me a manual removal or product to get rid of it please?
Still having in my system that pest...
Reputation Points: 10
Solved Threads: 0
Newbie Poster
z3r0 is offline Offline
19 posts
since Jun 2004
Permalink
Jun 24th, 2004
0

Re: DSO exploit and Download Accelerator

Quote originally posted by z3r0 ...
Thanks!

Can some one tell me a manual removal or product to get rid of it please?
Still having in my system that pest...
Finding it is a bug in spybot ,so you should just set it to ignore it .
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is offline Offline
12,725 posts
since Aug 2003
Permalink
Jun 29th, 2004
0

Re: DSO exploit and Download Accelerator

Quote originally posted by caperjack ...
Finding it is a bug in spybot ,so you should just set it to ignore it .
Do you mean is not evil? How do you know that?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
z3r0 is offline Offline
19 posts
since Jun 2004
Permalink
Jun 29th, 2004
0

Re: DSO exploit and Download Accelerator

No it is not evil!1I only know that because the people in the know ,who created spybot and run the board where i Learned to read hijackthis logs ,Tell me its ok to just let spy-bot ignore it !
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is offline Offline
12,725 posts
since Aug 2003

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Daraven Dreaga's UPDATED HJT log
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Serious Problem w/ spyware





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC