Re: After reading the posts about 'about:blank' I am so confused.

From: Dave (david.frickNOtoSPAM_at_homestore.com)
Date: 07/02/04

• Next message: Jan Il: "Re: Selective connection drops..."
• Previous message: Jan Il: "Re: will this work on a network?"
• In reply to: LuckyStrike: "Re: After reading the posts about 'about:blank' I am so confused."
• Next in thread: LuckyStrike: "Re: After reading the posts about 'about:blank' I am so confused."
• Reply: LuckyStrike: "Re: After reading the posts about 'about:blank' I am so confused."
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 1 Jul 2004 20:46:17 -0700

Thanks LuckyStrike

I got rid of the DSO Exploit by going into safemode and then Spybot gave me
an "all clear."

However, when I reboot and launch ie6, it loads to "about blank" and I get
the same master search page with links to sleasy sites as before. And I
cannot set a new homepage.

Here is the message I get now when I run Spybot S&D:

Error during check!: Common hijacker (Datei
C:\WINNT\system32\drivers\etc\hosts kann nicht geöffnet werden. The process
cannot access the file because it is being used by another process) ()

Congratulations!: No immediate threats were found. ()

--- Spybot - Search && Destroy version: 1.3 ---
2004-06-16 Includes\Cookies.sbi
2004-06-16 Includes\Dialer.sbi
2004-06-17 Includes\Hijackers.sbi
2004-06-16 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-06-16 Includes\Malware.sbi
2004-06-16 Includes\Revision.sbi
2004-06-16 Includes\Security.sbi
2004-06-16 Includes\Spybots.sbi
2004-06-16 Includes\Tracks.uti
2004-06-16 Includes\Trojans.sbi

There is no file at the referenced path,

Hhs anyone seen this before?

Dave

"LuckyStrike" <LS@smokedamagedfurniture.youcandriveitawaytoday.com> wrote in
message news:uEQduBzXEHA.3716@TK2MSFTNGP10.phx.gbl...
> NAV fix a DSO exploit? Not likely as that isn't it's province, BUT, I
don't
> use NAV so cannot say for sure. I've seen that DSO exploit before in
Spybot
> and it normally was able to fix it. If for some reason it cannot, try
this:
>
> Have "Search & Destroy" look for problems the usual way, then:
> (1) highlight (by single left click) one of the "Data source object
exploit"
> items,
> (2) Right click the highlighted item to bring up the menu list and select
> "More details"
> (3) Click "Jump to location"
> (4) You should now be viewing the Registry and can use the path shown in
the
> Search & Destroy window to get to the key shown.
>
> Export the Keys, and then Delete them in the registry. That should do the
> trick.
>
> If all else fails, try Spybot scan in Safe-Mode. Note: your Desktop icons
> will probably change positions, so take a screenshot (if you don't have a
> program which restores their locations) of where they are so you can
> relocate them after you are finished.
> --
>
> LuckyStrike
> LS@smokedamagedfurniture.youcandriveitawaytoday.com
>
> How to make a good newsgroup post:
> http://www.dts-l.org/goodpost.htm
> http://home.satx.rr.com/badour/html/post.html
> --------------------------------------------------------------------
>
> "Dave" <david.frickNOtoSPAM@homestore.com> wrote in message
> news:upsTYrxXEHA.2388@TK2MSFTNGP11.phx.gbl...
> > Thanks guys.
> >
> > I followed the instructions at
> > http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch and basically did
> the
> > following to remove the about:"blank virus:"
> >
> > Ran CWShredder
> > Ran HijackThis
> > Ran Spybot 1.3
> >
> > "about:blank" is now gone. However, subsequently when I run a scan under
> > Spybot, I get a report of malicious files:
> >
> > DSO Exploit: Data source object exploit (Registry change, nothing
> done)
> >
> > I run the fix under Spybot but when I scan again the files are still
> there.
> >
> > Does anyone know what these files are?
> >
> >
> <snipped...>
>
>

---

• Next message: Jan Il: "Re: Selective connection drops..."
• Previous message: Jan Il: "Re: will this work on a network?"
• In reply to: LuckyStrike: "Re: After reading the posts about 'about:blank' I am so confused."
• Next in thread: LuckyStrike: "Re: After reading the posts about 'about:blank' I am so confused."
• Reply: LuckyStrike: "Re: After reading the posts about 'about:blank' I am so confused."
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: After reading the posts about about:blank I am so confused. ... NAV fix a DSO exploit? ... I've seen that DSO exploit before in Spybot ... try Spybot scan in Safe-Mode. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: CD-TRAY ... | The DSO exploit was patched long ago by IE Cumulative Update ... the makers of Spybot will soon fix this bug. ... | Ignore Products> Security> DSO Exploit, to turn off the false alarm. ... (microsoft.public.security.virus) Re: Spybot DSO Exploit ... > Once you've done all the registry entries showing in SPYBot's DSO ... It would appear that the latest version of Spybot S&D is only ... checking for Internet zone settings in the registry that could be used ... the makers of Spybot will soon fix this bug. ... (microsoft.public.windowsxp.basics) Re: How to remove DSO Exploit spyware from the registry? ... but I can't seem to get rid of DSO Exploit. ... When I try to remove it after running a scan, Spybot says the ... the makers of SpyBot will soon fix ... Ignore Products> Security> DSO Exploit, to turn off the false alarm. ... (microsoft.public.windowsxp.general) Re: IEXPLORE.exe has generated errors and will be closed by Windows ... If you have been installing updates for Windows and IE, you can have Spybot ... Do a google search for +spybot +dso +exploit. ... > My operating software is Windows 2000 Professional ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.inetexplorer.ie6.browser  > 2004-07