Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DSO exploit?


  • Please log in to reply
5 replies to this topic

#1 RubyTuesday

RubyTuesday

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 08 November 2004 - 02:05 AM

Hello,

I am fixing a friend's computer. I ran multiple scans- ad-aware, spybot, bitdefender, etc... and after running spybot, it finds a DSO exploit bug. It returns, even after deleting it and rebooting the machine. Here is my hijackThis log. Please advise:

Logfile of HijackThis v1.98.2
Scan saved at 11:56:07 PM, on 11/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSwanmpsvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesMicrosoft IntelliType Pro ype32.exe
C:Program FilesLogitechVideoLogiTray.exe
C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
C:Program FilesYahoo!Messengerypager.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesSony CorporationImage TransferSonyTray.exe
C:Program FilesCommon FilesMicrosoft SharedWorks Sharedwkcalrem.exe
C:WINDOWSSystem32LVComS.exe
C:Program FilesLogitechVideoLowLight.exe
C:HJTHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_3_12_0.dll
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKLM..Run: [DXM6Patch_981116] C:WINDOWSp_981116.exe /Q:A
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Bart Station] C:Program FilesISP50htastation.sbrt
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [WorksFUD] C:Program FilesMicrosoft Workswkfud.exe
O4 - HKLM..Run: [Microsoft Works Portfolio] C:Program FilesMicrosoft WorksWksSb.exe /AllUsers
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [type32] "C:Program FilesMicrosoft IntelliType Pro ype32.exe"
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 - HKLM..Run: [SSWPlauncher] C:PROGRA~1COMETS~1PlatformBincomet.exe /app:SSWPlauncher
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:Program FilesAmerica Online 8.0aoltray.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:41 PM

Posted 08 November 2004 - 04:56 AM

Hi, RubyTuesday,

I am fixing a friend's computer. I ran multiple scans- ad-aware, spybot, bitdefender, etc... and after running spybot, it finds a DSO exploit bug. It returns, even after deleting it and rebooting the machine. Here is my hijackThis log. Please advise:


You have done nothing wrong. Spybot will report that, and continue to because its a glitch in the program. In the advanced mode, find this and check-box it to have it ignored
I don't see anything wrong with your log, regarding files. It's missing every backslash throughout the entire report though... something I have never seen before. Is it working properly besides the DSO Exploit?
patiently patrolling, plenty of persisant pests n' problems ...

#3 RubyTuesday

RubyTuesday
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 08 November 2004 - 02:51 PM

Hi Phawgg,

I think the SpelChek function removed my backslahes...weird. Nope, that seems to be the only problem that have with this machine. On my computer, however, after my encounter with easysearch.biz, and with all the cleaning that went on, DSO exploit did not return....


RubyTuesday

#4 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:41 PM

Posted 08 November 2004 - 03:00 PM

It sounds like you've got a handle on the things that need to be done, Ruby Tuesday (if I remember the lyrics correctly, the song goes "Who could hang a name on you?... when you change with every new day, still I'm goin' ..... you") Your friend is fortunate to have your attention to details at work.

I haven't lost that DSO Exploit myself, other than excluding it so I don't see it. It's funny how these things go sometimes. Keep up the good work, and post anytime. Computing & the internet is definately a work in progress. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#5 RubyTuesday

RubyTuesday
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 08 November 2004 - 03:15 PM

Hi Phawgg,

I am happy to hear that it's not a virus! Thanks for your help, and actually...I'm not too familiar with the song. :flowers: People just call me that....

You guys have been so nice on this website, and I am fortunate to have found it! Thanks again! :thumbsup:

RubyTuesday

#6 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:41 PM

Posted 08 November 2004 - 03:37 PM

:thumbsup: I think you'd have to be 50+ like me to remember it playin' on the radio. It was a big hit for the Rolling Stones in *yikes* 1966.... :flowers:
patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users