T Nation

Spyware Question


#1

Here's hoping someone can help me out...

I have Ad-aware and Spybot on my computer and both are detecting a "DSO Exploit" (Something to do with Coolware Search). After attempting to delete/fix this it keeps returning to my computer.

My windows and antivirus are both up to date and from what I can gather on the web there is a way to get rid of this bot. I tried CWS Shredder but that didn't work either.

I guess my problem is that much of the advice posted on tech forums is a little over my head. Could someone guide me through this procedure???

Any help would be appreciated.


#2

Go to Microsoft website and download the update and patches for your OS. Also try and do a search on DSO Exploit. If the system finds it delete it.


#3

You'll probably have to manually find the files on your PC and delete ALL of them. Pain in the ass forsure.


#4

Download the latest Hijack This, it should fix the problem in the registry, and remove all of the files for you.


#5

I had a similar problem that Spyware would not fix and I had to do manually. You will have to go look at some of the registry files and delete the offending instruction lines. I found the directions to do this on the Norton anti virus website.


#6

Try running SWShredder. You can find it at:
http://www.majorgeeks.com/download4086.html


#7

Use Linux! No Spyware there! :wink:
http://www.linux.net/intro/linuxboot.php


#8

Hot damn, finally a question on these boards I'm qualified to answer!

"Install Linux, problem solved" is a good, but for most people, intractable answer.

I've cleaned many of these things and their relatives out of various computers over the years, and chances are that downloading and running all of the spyware tools in the world won't get rid of them entirely. But they're a good start, they can trim the fat considerably.

Are you confident in your computer skills? If not, find someone to do this for you, because mucking around in your registry can quickly render your computer unusable. Either way, back up your important data, backup the backups, put one copy in a safe-deposit box and email the other to your aunt in Duluth for safekeeping. Okay, my ass is covered. You've been warned.

Open "Start Menu" -> "Run". Type in "regedit" (no quotes) and press enter. Welcome to your system registry. Feel free to explore it (it's BIG), but don't change any settings yet. Open "Edit" -> "Search" and type in whatever strings you think might get you a match. "DSO" is one possibility, but be careful-- I get lots of matches for DSO from the string "LastUsedSource" (see the dSo in there?) which is a legitimate setting. "Coolware" is another possibility. The "Match Whole Strings Only" checkbox might be helpful there-- but it might cause you to miss some stuff, too. Be patient.

What you're looking for is anything that looks blatantly wrong. Last time I did this for a family member, there was a field in an Internet Explorer folder that said "homepagePrefix" and was set to "http://vraped.hardloved.net" so that no matter what you set the homepage to, it would go THERE first. That's the kind of thing you're looking for. Expect to spend a few hours on this... it sucks, I know. Double-click the values to open a window that will let you change them.

Hope that helps, and have fun. If you're interested, I can follow up here with how to help prevent this in the first place (stopping short of "install Linux, problem solved").


#9


Hey Linux is the real answer! No mucking around in the registry :wink:
Go get yourself a copy of Fedora Linux and then be happy!


#10

if it keeps returning it meanss u have some open/unprotected ports. Get a firewall. zonealarm being the easiest/free one. www.download.com