Re: TIBS dialer and DSO exploit

anonymous_at_discussions.microsoft.com
Date: 10/07/04 

Date: Wed, 6 Oct 2004 21:25:16 -0700

Dave
   Again thanks for your response. Yes I have tried
sysclean, and adwarese in safe mode per the directions
given prior to this post and again after it. They remove
the problem but it comes back. I'm not sure what is re-
installing this but I can't seem to find out. I was
hoping there was a way to track what program is updating
my registry or at least find out a way to get prompts for
all registry changes but i have limited knowledge in that
area. I guess i just keep lookin. thanx
>-----Original Message-----
>You tried Sysclean in Safe mode and you updated Adaware
SE then ran it also in Safe Mode ?
>
>Have you checked other media to see if it is re-
infecting the platform ?
>
>Dave
>
>
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:11d801c4abfd$cde48e40$a401280a@phx.gbl...
>| dave
>| I tried this already and then I scanned again after
a
>| normal startup. It then reinstalled itself. It then
>| tries to run a program called 124842.dlr which wont
run.
>| it then installs a shortcut on my desktop and startup
>| menu and modifies my registry. i am at a complete loss
>| >-----Original Message-----
>| >1) Download the following three items...
>| >
>| > Trend Sysclean Package
>| > http://www.trendmicro.com/download/dcs.asp
>| >
>| > Latest Trend signature files.
>| >
http://www.trendmicro.com/download/pattern.asp
>| >
>| > Adaware SE
>| > http://www.lavasoftusa.com/
>| >
>| >Create a directory.
>| >On drive "C:\"
>| >(e.g., "c:\New Folder")
>| >or the desktop
>| >(e.g., "C:\Documents and Settings\lipman\Desktop\New
>| Folder")
>| >
>| >Download sysclean.com and place it in that directory.
>| >Dowload the signature files (pattern files) by
obtaining
>| the ZIP file.
>| >For example; lpt186.zip
>| >
>| >Extract the contents of the ZIP file and place the
>| contents in the same directory as
>| >sysclean.com.
>| >
>| >2) If you are using WinME or WinXP, disable System
>| Restore
>| >
>|
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.ht
>| m
>| >3) Reboot your PC into Safe Mode
>| >4) Using both the Trend Sysclean utility and
>| Adaware, perform a Full Scan of your
>| > platform and clean/delete any
>| infectors/parasites found.
>| >5) Restart your PC and perform a "final" Full Scan
>| of your platform using both the
>| > Trend Sysclean utility and Adaware
>| >6) If you are using WinME or WinXP,Re-enable
System
>| Restore and re-apply any
>| > System Restore preferences, (e.g. HD space
>| to use suggested 400 ~ 600MB),
>| >7) Reboot your PC.
>| >8) If you are using WinME or WinXP, create a new
>| Restore point
>| >9) Please report back your results
>| >
>| >Dave
>| >
>| >
>| >
>| >
>| >
>| >
>| >
>| >"mike" <anonymous@discussions.microsoft.com> wrote in
>| message
>| >news:0d0201c4abc1$aa1f1ca0$a401280a@phx.gbl...
>| >| Dave,
>| >| Thanks for the quick reply. The problem is that I
>| have
>| >| Norton auto-protect on with the updates I got just 3
>| days
>| >| ago but the program continues to re-install. I get
a
>| po-
>| >| up that that states its downloading a plug in and
then
>| is
>| >| back. Its updates my registry and all. If you have
>| any
>| >| other ideas that would be great otherwise thanks for
>| the
>| >| help.
>| >| >-----Original Message-----
>| >| >DSO Exploits are a False Positive declaration by
>| Spybot.
>| >| >
>| >| >As for getting reinfected, you need to Norton AV
>| running
>| >| and up to date,
>| >| >including LiveUpdate to make sure NAV has
the "latest"
>| >| virus defginitions.
>| >| >If Sysclean is cleaning infectors, and it accesses
all
>| >| you hard disks, then
>| >| >you need to make sure you are properly protected
and
>| >| prevent re-infection.
>| >| >
>| >| >Dave
>| >| >
>| >| >
>| >| >
>| >| >
>| >| >
>| >| >"mike" wrote:
>| >| >
>| >| >> I have 2 viruses on my computer. The first is a
>| >| dialer.
>| >| >> I have rund Tren sysclean, spybot search and
>| destroy,
>| >| spy
>| >| >> sweeper, norton, and adwareSE all with the most
>| recent
>| >| >> definitions. All of these programs find the 2
and
>| >| delete
>| >| >> them, but they keep coming back. I have followed
>| >| >> direction for the Kotu dialer trojan and the
>| >| Trojanporn
>| >| >> dialer but they keep coming back. I have also
run
>| all
>| >| >> the programs in safe mode and then immediatly
upon
>| >| reboot.
>| >| >>
>| >| >> The DSO exploit I havent found any information
on.
>| >| >> Please help thanx
>| >| >>
>| >| >.
>| >| >
>| >
>| >
>| >.
>| >
>
>
>.
>

Relevant Pages

  • Re: windows wont boot / safemode wont boot
    ... SFC isn't the diagnostic procedure it's made out to be. ... load the original XP Registry Hive and manually disable the services ... to Safe Mode and choose the optional mode "Last Known..." ... mouse pointer then once again defaults into reboot. ...
    (microsoft.public.windowsxp.general)
  • Re: windows wont boot / safemode wont boot
    ... suggested by someone I know to remove the Norton installation folder but I ... Interested in what you said about reloading the original registry hive, ... to Safe Mode and choose the optional mode "Last Known..." ... mouse pointer then once again defaults into reboot. ...
    (microsoft.public.windowsxp.general)
  • RE: Restart
    ... Since you have modified the registry that mean some files needed for start up has been lost and hence Windows is unable to process the start up. ... So you have to boot into safe mode by pressing F8 and this will start the computer in safe mode. ... It will reboot if I press the front panel reset ...
    (microsoft.public.windowsxp.general)
  • Re: TIBS dialer and DSO exploit
    ... >You tried Sysclean in Safe mode and you updated Adaware ... SE then ran it also in Safe Mode? ... >|>3) Reboot your PC into Safe Mode ...
    (microsoft.public.security.virus)
  • Re: Virus?
    ... >Remove the hard disk from the affected platform. ... If Sysclean cleans files and you can put ... >|>3) Reboot your PC into Safe Mode ...
    (microsoft.public.security.virus)