3
Contributors
18
Replies
19
Views
13 Years
Discussion Span
Last Post by JaY_2
0

I got rid of the mslagent in safe mode, but now I get a tracking cookie callet @cgi-bin still comming in the map called cookies...

Need to get rid of that one, it keeps collecting some other spyware as mslagant..
Someone who knows what to do, need some help on that one. Please

0

Try Going into tools /internet options /privacy and click ,advanced and override auto cookie handling and check off block 3rd party cookies

0

Seems to be OK now... Thnx,
but can you tell me what DSO Exploit is, when I´m running spyboot search and destroy it always find something called DXO Exploit and when I remove it, and restart and run SD again it´s back again...

What is DXO Exploit?

0

Its back again... The tracking cookie...
Sorry, but it did´t work.

Anything else I can do to get rid of the cookie?
Pleease help me further :)

0

Seems to be OK now... Thnx,
but can you tell me what DSO Exploit is, when I´m running spyboot search and destroy it always find something called DXO Exploit and when I remove it, and restart and run SD again it´s back again...

What is DXO Exploit?

Its is a bug in the new spybot ,nothing to worry about .You can set spybot to ignore it so that it doesn't report it all the time .
Run spybot in advanced mode ,go to settings /ignore products/security ,and check off dso exploit.

0

Hi Crunchie...

Nice site, but I have a problem downloading from it.. Is there anything else I can do to remove the tracking cookie.. and what about DSO Exploit? Know what that is?

JaY2

0

Thnx caperjack...

I didn´t get rid of the cookie anyway... Maybe you or crunchie have som other ideas to help me out with the tracking cookie.... (im really tired of that cookie)

0

Heres my log from HJT:

Logfile of HijackThis v1.98.0
Scan saved at 14:37:34, on 12.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
C:\Programfiler\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Eier\Mine dokumenter\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Open Image in New Window - res://C:\Programfiler\PopUpCop\popupcop.dll/imagenew
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

0

Try this. Follow this path & delete the contents of the folder.

C:\Documents and Settings\Administrator\Cookies

0

Deleted only one file (index) in the path.

Still got the tracking cookie cgi-bin

0

Make sure all browser windows are close and fix these .
O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE

Also if it were my computer i would uninstall the Incredimail program pronto.

If you know what site you are geting the cookie from you can block it in your security settings .

And if you haven't all ready install these programs .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .


Spywareblaster


SpywareGuard

IE-SPYAD


Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

0

Hi Crunchie...

Nice site, but I have a problem downloading from it.. Is there anything else I can do to remove the tracking cookie.. and what about DSO Exploit? Know what that is?

JaY2

I just went to that site and clicked on the download link and in a bout 8 seconds i had that program ,what problems were you having !

0

Removed the files you pointed and will post my new log...

About that site, i got it now... earlier I had the message: cannot display this page

The HJT log:
Logfile of HijackThis v1.98.0
Scan saved at 20:36:17, on 12.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\updatev01.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Eier\Mine dokumenter\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftenbladet.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe
O4 - HKLM\..\Run: [UVDesktop] C:\Programfiler\Ultra Networks Software\Ultra Virtual Desktop\UVDesktop.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Open Image in New Window - res://C:\Programfiler\PopUpCop\popupcop.dll/imagenew
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

But when i´m running adaware I still get a tracking cookie (data miner), get headace of this problem... It is not a problem in first plase but, after som hours or a day, the tracking cookie leave som spywares (last time mslagent) Seems like this is a hard one to get rid of.

0

Right click on Internet Explorer then left click on properties. Go to Privacy & under settings click on advanced. Select over-ride automatic cookie handling & select prompt for both. You then get to select what cookies you want & what cookies you do not want.

0

This is working now.. Thnx a lot to you both... owe you guys big time!

(something that is still bugging my mind, when I turn off the settings the cookie returns.. It comes right back when I turn on or go searching IE) So I guess I can´t put the settings back. Have you heard about this tracking cookie before? Is it a big Issue?

from a very grateful JaY_2

Thank you, Thank you, Thank you, Thank you....

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.