Help
Hello,
I am fixing a friend's computer. I ran multiple scans- ad-aware, spybot, bitdefender, etc... and after running spybot, it finds a DSO exploit bug. It returns, even after deleting it and rebooting the machine. Here is my hijackThis log. Please advise:
Logfile of HijackThis v1.98.2
Scan saved at 11:56:07 PM, on 11/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesMicrosoft IntelliType Pro ype32.exe
C:Program FilesLogitechVideoLogiTray.exe
C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
C:Program FilesYahoo!Messengerypager.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesSony CorporationImage TransferSonyTray.exe
C:Program FilesCommon FilesMicrosoft SharedWorks Sharedwkcalrem.exe
C:WINDOWSSystem32LVComS.exe
C:Program FilesLogitechVideoLowLight.exe
C:HJTHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_3_12_0.dll
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [DXM6Patch_981116] C:WINDOWSp_981116.exe /Q:A
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Bart Station] C:Program FilesISP50htastation.sbrt
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [WorksFUD] C:Program FilesMicrosoft Workswkfud.exe
O4 - HKLM..Run: [Microsoft Works Portfolio] C:Program FilesMicrosoft WorksWksSb.exe /AllUsers
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [type32] "C:Program FilesMicrosoft IntelliType Pro ype32.exe"
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 - HKLM..Run: [SSWPlauncher] C:PROGRA~1COMETS~1PlatformBincomet.exe /app:SSWPlauncher
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:Program FilesAmerica Online 8.0aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
DSO exploit? What should I fix?
Back to top
#2
- Learning Daily
-
- Group: Members
- Posts: 4,543
- Joined: 09-July 04
- Location:Washington State, USA
Posted 08 November 2004 - 04:56 AM
Hi, RubyTuesday,
You have done nothing wrong. Spybot will report that, and continue to because its a glitch in the program. In the advanced mode, find this and check-box it to have it ignored
I don't see anything wrong with your log, regarding files. It's missing every backslash throughout the entire report though... something I have never seen before. Is it working properly besides the DSO Exploit?
Quote
I am fixing a friend's computer. I ran multiple scans- ad-aware, spybot, bitdefender, etc... and after running spybot, it finds a DSO exploit bug. It returns, even after deleting it and rebooting the machine. Here is my hijackThis log. Please advise:
You have done nothing wrong. Spybot will report that, and continue to because its a glitch in the program. In the advanced mode, find this and check-box it to have it ignored
I don't see anything wrong with your log, regarding files. It's missing every backslash throughout the entire report though... something I have never seen before. Is it working properly besides the DSO Exploit?
patiently patrolling, plenty of persisant pests n' problems ...
#3
- New Member
-
- Group: Members
- Posts: 12
- Joined: 02-November 04
Posted 08 November 2004 - 02:51 PM
Hi Phawgg,
I think the SpelChek function removed my backslahes...weird. Nope, that seems to be the only problem that have with this machine. On my computer, however, after my encounter with easysearch.biz, and with all the cleaning that went on, DSO exploit did not return....
RubyTuesday
I think the SpelChek function removed my backslahes...weird. Nope, that seems to be the only problem that have with this machine. On my computer, however, after my encounter with easysearch.biz, and with all the cleaning that went on, DSO exploit did not return....
RubyTuesday
#4
- Learning Daily
-
- Group: Members
- Posts: 4,543
- Joined: 09-July 04
- Location:Washington State, USA
Posted 08 November 2004 - 03:00 PM
It sounds like you've got a handle on the things that need to be done, Ruby Tuesday (if I remember the lyrics correctly, the song goes "Who could hang a name on you?... when you change with every new day, still I'm goin' ..... you") Your friend is fortunate to have your attention to details at work.
I haven't lost that DSO Exploit myself, other than excluding it so I don't see it. It's funny how these things go sometimes. Keep up the good work, and post anytime. Computing & the internet is definately a work in progress.
I haven't lost that DSO Exploit myself, other than excluding it so I don't see it. It's funny how these things go sometimes. Keep up the good work, and post anytime. Computing & the internet is definately a work in progress.
patiently patrolling, plenty of persisant pests n' problems ...
#5
- New Member
-
- Group: Members
- Posts: 12
- Joined: 02-November 04
Posted 08 November 2004 - 03:15 PM
Hi Phawgg,
I am happy to hear that it's not a virus! Thanks for your help, and actually...I'm not too familiar with the song. People just call me that....
You guys have been so nice on this website, and I am fortunate to have found it! Thanks again!
RubyTuesday
I am happy to hear that it's not a virus! Thanks for your help, and actually...I'm not too familiar with the song.
People just call me that....You guys have been so nice on this website, and I am fortunate to have found it! Thanks again!
RubyTuesday
#6
- Learning Daily
-
- Group: Members
- Posts: 4,543
- Joined: 09-July 04
- Location:Washington State, USA
Posted 08 November 2004 - 03:37 PM
I think you'd have to be 50+ like me to remember it playin' on the radio. It was a big hit for the Rolling Stones in *yikes* 1966....
patiently patrolling, plenty of persisant pests n' problems ...
Share this topic:
Page 1 of 1