How to add custom CLSID's to block with SpywareBlaster

Everytime I checkmark the item that is in red, and tell it to block--it unchecks it and does not let me block it!

[SD8500]

Does anyone know the CLSID for the addresses autosearch.cc & bestsearch

[chrissanjay]

How do I find out the CLSID? All I know is the name 'Data Miner' which was detected by Adaware but not by Spyblaster. Please help.

Quote:

Originally Posted by Pieter_Arntz

Start SpywareBlaster, click "Tools" and select the "Custom Blocking" tab.
Click "Add Item" and fill out the name you want it to have.

Then fill out the CLSID (don't forget the accolades):



and click OK.

Then the item will show up in the custom block list:



Then put a checkmark in the box and click "Protect Against Checked Items" and you are done.

And low and behold, if you have added something that Javacool decides to add as well, it will show when you get that update.
As you can see, Javacool decided to give it a different name, but the Xupiter / SearchSquire Variant is already checked, thus showing the kill-bit was already set:



If that happens you can select the item in the Custom Blocklist and click "Remove Selected Item" (Don't remove the protection though)

HTH,

Pieter

Edited to replace screenshots with the latest version of SpywareBlaster

hi i recently added some custom blocking and seeing it is not in the defaults i wud like to share it with u. i found the infection with Spybot , it was called 'Ad Roar Plugin' , and spybot also gave me the CLSID keys , so i done a custom block.

{48E59290-9880-11CF-9754-00AA00C00908}
{48E59291-9880-11CF-9754-00AA00C00908}
{48E59292-9880-11CF-9754-00AA00C00908}
{48E59293-9880-11CF-9754-00AA00C00908}
{48E59294-9880-11CF-9754-00AA00C00908}
{48E59295-9880-11CF-9754-00AA00C00908}

hope that helps

[Deke]

Excuse me if this has already been posted.

A great tutorial and some good explanations of how SpywareBlaster works.

http://www.bleepingcomputer.com/foru...howtutorial=49

[pervin2]

Hi guys, I'm not even going thedre w/clsid's! Over my head!
I have been inundated with spyware and fortunately found you all! Its helped alot! But I seem to have some of those little critters changing my settings still....Every time I start SWG, the settings that I "saved" have been UNchecked! I added a password tohelp, but it didn't....Another program is the same way, the one where you can Disable spyware in IE...? It seems to uncheck itself!

Does this sound like malicious behavior? Or possibly a programming problem? thanks, paul

[SweetNSaucee]

Quote:

Originally Posted by javacool

But a word of warning: I would highly recommend that you first send the webpage on which you are receiving the ActiveX prompt to me. I can look it over and, potentially, find an item or two to add to the SpywareBlaster database so everyone can benefit from the protection. Doing so will also help prevent blocking something that is good or wanted by mistake.
-Javacool

.. hello ALL .. NEW to this site .. LUV it!
.. thanx so much, Javacool
.. for explaining HOW to locate CLSID[s]
.. I have one for you: hxxp://www.intermix.com
.. once known as E-Universe.com --now-- intermix.com
.. REAL NASTY BUGGERS!
.. if you could please check on the CLSID, for me
.. I'd like to see if I 'got it right'
.. thanking-U !

Does anyone know how to custom block and what the CSID type is for DSO Exploit?

[grimfarvity]

Quote:

Originally Posted by Singh400

hi i recently added some custom blocking and seeing it is not in the defaults i wud like to share it with u. i found the infection with Spybot , it was called 'Ad Roar Plugin' , and spybot also gave me the CLSID keys , so i done a custom block.

{48E59290-9880-11CF-9754-00AA00C00908}
{48E59291-9880-11CF-9754-00AA00C00908}
{48E59292-9880-11CF-9754-00AA00C00908}
{48E59293-9880-11CF-9754-00AA00C00908}
{48E59294-9880-11CF-9754-00AA00C00908}
{48E59295-9880-11CF-9754-00AA00C00908}

hope that helps

do NOT block these. they have been shown to be false positives on other spyware.

see fp report:

http://forums.net-integration.net/in...8062&hl=adroar

the clsids for adroar are:

{FAC6E0E1-5D45-4907-BC00-302D702DCC73}
{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}

Mod note: This thread is about how to use the Custom Blocking feature of SpywareBlaster not about other people's custom blocking lists. In the future....feel free to post these Custom Blocking lists to our Update Alerts forum.

Thanks

Quote:

Originally Posted by Gizmo151
~~snipped out Custom Blocking List~~

[Rita]

Hi Pieter
do you happen to know the CLSID for Gator/Claria?i downloaded the list in the above post but it didnt have it--or is this considered a cookie?I have to constantly delete this so i wanted to add it to spyware blasters block list.thank you
rita

[snowbound]

Hi Rita.

If u look here,

http://www.pestpatrol.com/PestInfo/c/claria.asp

it looks like the CLSID is in this line,

HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Hope this helps.


snowbound

[Rita]

Hi Snowbound
good morning,and thank you so much for the clsid
rita

[snowbound]

Your Welcome and good morning to u too.



snowbound

[Bubba]

Post by lhite31, moved to it's own thread here---> http://www.wilderssecurity.com/showthread.php?p=251363

[Bubba]

RobertL, I've split your post off of the "How to add custom CLSID's to block with SpywareBlaster " announcement thread....since it might take more than a couple posts to discuss your 5 questions and other concerns. It is now in its own thread located in the below link:

This link---> http://www.wilderssecurity.com/showthread.php?t=47311

[snapdragin]

Amibit, I have split your post off this thread as your problem seems more related to spyware/hijacking that isn't being removed completely. You can find your post along with my reply, in the link below:

http://www.wilderssecurity.com/showthread.php?t=47617

snap

[rikkitikkitavi]

I have Just downloaded SpyBot & SpyBlaster, & neither has been able to block a site titled Dotzup. I tried to block it, but I have no idea what a CLSID is. Can anyone help?? If nothing else, how can I get rid of this site?

[snowbound]

There's a huge CLSID - BHO List - Toolbar List over here,

http://computercops.biz/CLSID.html

in case anyone is interested.

EDIT- Warning, The list is useful for research purposes - it also lists good items, so be careful if you use it for anything else.



snowbound

[Anthony Rodriguez]

Hi Pieter, I'm having a boat load of trouble with ** about:blank **. Any idea's where I might find there CLSID's number . Any help work be great. Thanks, Anthony

[snowbound]

Hi Anthony Rodriguez

Welcome to Wilders.

I'm sorry to say, if u are already infected with the about:blank hijacker,clsid isn't going to help.....

Wilders doesn't do hijack cleaning anymore but u could go to this link,

http://www.wilderssecurity.com/showthread.php?t=42148

pick one of the forums there that does this service and post your hijackthis log there. Make sure u read the rules of the forum u pick first.

Hope this helps.



snowbound

[nvnvd2k]

U can also know CLSID's at this site http://www.sysinfo.org/bholist.txt

[chris dance]

I am a newbie. I am trying to block the following spyware but I do not have a clue what CLSIDs to enter or where to find them. Notice my name on these bugs. They were found by Lavasoft Ad-aware.
chris dance@bravenet.com/
chris dance@apmebf.com
chris dance@serving-system.com
chris dance@server.iadliveperson.net
I have blocked them but have no CLSIDs. Any help appreciated.

[Pieter_Arntz]

Quote:

Originally Posted by nvnvd2k

U can also know CLSID's at this site http://www.sysinfo.org/bholist.txt

That list is no longer being updated. You would be better off using http://castlecops.com/CLSID.html

Quote:

Originally Posted by chris dance

I am a newbie. I am trying to block the following spyware but I do not have a clue what CLSIDs to enter or where to find them. Notice my name on these bugs. They were found by Lavasoft Ad-aware.
chris dance@bravenet.com/
chris dance@apmebf.com
chris dance@serving-system.com
chris dance@server.iadliveperson.net
I have blocked them but have no CLSIDs. Any help appreciated.

Those are tracking cookies from what I can tell. Those can not be blocked by using a CLSID.
Please read:
http://privacy.getnetwise.org/browsing/tools/ie6/ to get more control over what cookies get allowed in on your computer.

Regards,

Pieter

[chris dance]

Thanks Pieter, I have selected tools then options and set the slider higher to block third party cookies. I hope it works. I will delete the bug trackers from the block list.