RE: TIBS dialer and DSO exploit
From: Russell (newsgroup_at_paperdragon.ca)
Date: Wed, 6 Oct 2004 13:42:15 -0700
Here is a list of things to try.(Copied from another
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Create a separate folder for HijackThis, such as
C:\HijackThis - copy the
downloaded file there. AdAware has an install routine -
run it. The other
downloaded programs can be copied into, and run from, any
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and
run CWShredder. Have
it fix all problems found.
Next, run AdAware. First update it ("Check for updates
now"), configure for
full scan (<http://forum.aumha.org/viewtopic.php?t=5877>),
then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D again. First update it ("Search for
updates"), then run a
scan ("Check for problems"). Trust Spybot, and delete
Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes
immediately. Save the
Finally, have your HJT log interpreted by experts at one
or more of the
following security forums (and please post a link to your
forum posts, here):
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access
the internet (some
spyware builds itself into the network software, and its
removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which
will check for
vulnerabilities, here are three which I use.
Block Internet Explorer ActiveX scripting from hostile
Block known dangerous scripts from installing.
Block known spyware from installing.
Make sure that the spyware detection / protection products
that you use are
Harden your operating system. Check at least monthly for
Block possibly dangerous websites with a Hosts file.
Three Hosts file sources I
(The third is included, and updated, with Spybot (see
Secure your operating system, and applications. Don't
use, or leave activated,
any accounts with names or passwords with trivial
(guessable) values. Don't use
an account with administrative authority, except when
you're intentionally doing
Use common sense. Yours. Don't install software based
upon advice from unknown
sources. Don't install free software, without researching
it carefully. Don't
open email unless you know who it's from, and how and why
it was sent.
Educate yourself. Know what the risks are. Stay
informed. Read Usenet, and
various web pages that discuss security problems. Check
the logs from the
security products that you use regularly, look for things
that don't belong, and
take action when necessary.
> Thanks for the quick reply. The problem is that I have
>Norton auto-protect on with the updates I got just 3 days
>ago but the program continues to re-install. I get a po-
>up that that states its downloading a plug in and then is
>back. Its updates my registry and all. If you have any
>other ideas that would be great otherwise thanks for the