RE: TIBS dialer and DSO exploit

From: Russell (newsgroup_at_paperdragon.ca)
Date: 10/06/04


Date: Wed, 6 Oct 2004 13:42:15 -0700

Here is a list of things to try.(Copied from another
theard)

AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?
det=3155>
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Stinger <http://us.mcafee.com/virusInfo/default.asp?
id=stinger>

Create a separate folder for HijackThis, such as
C:\HijackThis - copy the
downloaded file there. AdAware has an install routine -
run it. The other
downloaded programs can be copied into, and run from, any
convenient folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and
run CWShredder. Have
it fix all problems found.

Next, run AdAware. First update it ("Check for updates
now"), configure for
full scan (<http://forum.aumha.org/viewtopic.php?t=5877>),
then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D again. First update it ("Search for
updates"), then run a
scan ("Check for problems"). Trust Spybot, and delete
everything ("Fix
Problems") that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes
immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://www1.spywareinfo.com/articles/hijacked/prevent.php>

Finally, have your HJT log interpreted by experts at one
or more of the
following security forums (and please post a link to your
forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access
the internet (some
spyware builds itself into the network software, and its
removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which
will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile
websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products
that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for
security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file.
Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see
above)).

Maintain your Hosts file (merge / eliminate duplicate
entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't
use, or leave activated,
any accounts with names or passwords with trivial
(guessable) values. Don't use
an account with administrative authority, except when
you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based
upon advice from unknown
sources. Don't install free software, without researching
it carefully. Don't
open email unless you know who it's from, and how and why
it was sent.

Educate yourself. Know what the risks are. Stay
informed. Read Usenet, and
various web pages that discuss security problems. Check
the logs from the
security products that you use regularly, look for things
that don't belong, and
take action when necessary.

>-----Original Message-----
>Dave,
> Thanks for the quick reply. The problem is that I have
>Norton auto-protect on with the updates I got just 3 days
>ago but the program continues to re-install. I get a po-
>up that that states its downloading a plug in and then is
>back. Its updates my registry and all. If you have any
>other ideas that would be great otherwise thanks for the
>help.



Relevant Pages

  • Re: my dail up connestion
    ... Create a separate folder for HijackThis, such as C:\HijackThis - copy the ... First update it ("Search for updates"), ... Spyware Warrior: ... Don't install software based upon advice from unknown ...
    (microsoft.public.windowsxp.network_web)
  • RE: IEXPLORE.EXE Really sorry - need help with an old problem
    ... the download links provided below. ... Install Spybot and the DSO Exploit Fix. ... and then the Immunize button to block common Spyware programs from installing. ... HijackThis log. ...
    (microsoft.public.windowsxp.general)
  • Re: Web Page Colors
    ... Now that you've done the repair, you must access windows updates and install ... Make sure you disable any AV when installing Updates. ... Parasites, spyware malware basics: ... Virus Cleaner - free virus & worm removal tool ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: casino palazzo, web dialer, unauthorized shortcut
    ... You needn't install nor run everything at this time, ... Check for Spyware - How-to ... as does HijackThis (Only more so. ... Virus Cleaner - free virus & worm removal tool ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: trojansssssss
    ... Spybot S&D has an install routine - run ... First update it ("Search for updates"), ... Spyware Warrior: ... Don't install software based upon advice ...
    (microsoft.public.windowsxp.perform_maintain)