Re: CWS/DSO Exploit
From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 10/01/04
- Next message: chris: "hardlog.exe"
- Previous message: Bruce Chambers: "Re: Norton Anti-Virus Not recognised by windows security"
- In reply to: Mark: "CWS/DSO Exploit"
- Next in thread: Kent W. England [MVP]: "Re: CWS/DSO Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 20:45:25 -0600
Mark wrote:
> Sorry if this goes through twice but I don't think it did
> the first time I tried to send it. Does anyone know how
> to get rid of this CSW thing???? I had it on my desk top
> PC about a year ago and eradicated it with a malware
> program called CWS Shredder, in conjunction with SpyBot
> and Adaware (can't even install Adaware at this time).
> SpyBot finds it and deletes it (always finds 5 incidents
> of DSO Exploit and 2 of CoolWWWSearch, and yes I am
> immunizing), but it's back within like five minutes.
> This is no only a home page hijacker but it also does not
> allow certain pages to load (can't check my Hotmail, for
> example). I did a search for CWS Shredder and it seems
> the author has given up on defeating this thing and no
> longer offers updates. Does anyone know of another
> program I might want to try to get rid of this thing? TIA
>
> Mark
The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or IE Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.
MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182
If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/
The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs
In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.
Some people have reported that the Spybot Detection rules dated 30
Aug 04, when used with SpyBot S&D 1.3, will fix this problem.
However, I've had inconsistent results with that particular detection
update; sometimes it reads clean, then later it will once again find
the DSO problem, and then it will read clean again, all on the same
machine, with no other changes made.
-- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH
- Next message: chris: "hardlog.exe"
- Previous message: Bruce Chambers: "Re: Norton Anti-Virus Not recognised by windows security"
- In reply to: Mark: "CWS/DSO Exploit"
- Next in thread: Kent W. England [MVP]: "Re: CWS/DSO Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
