DSOstop2 replaces original version

Discussion in 'privacy problems' started by Nancy_McAleavey, Mar 23, 2002.

Thread Status:
Not open for further replies.
  1. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    We built a new "DSOStop2" program. It's available to download from:

    http://www.nsclean.com/dsostop.html

    The original DSOSTOP has been withdrawn and it will be a few days before other mirror sites catch up with the change. This new version "2" will perform the test on both "signed" and "unsigned" ActiveX controls before indicating safety and will warn if either or both have been set to "allow." The original protected both, but only reported the status concerning the Greymagic vulnerability.


    This new build was created to address a number of concerns raised by some individuals who were concerned about people who have "customized" either their registry zone settings or their "security settings" into potentially conflicting modes. Other objections were raised that DSOSTOP also changed the settings for the Internet Zone as well in order to prevent other similar exploits from occuring across the internet. We included the internet zone in the original DSOStop since "object tags" are frequently used to place trojan horses on people's machines from a web page and thought it was a good idea to include protection from that as well. We still believe that including the internet zone in DSOSTOP was a good idea but we've decided to provide a choice instead.  :)
     
  2. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    hello nancy can you do  me a fave oh and thx for the col utlity i will be sure to upgrade.

    i wrote you guys an e-mail but i hadnt recive anything back here was my e-mail and i actualy used spell check this time lol.

    my name is Blaze I love the small freebie utilities you make like HTA STOP & DSO STOP it is a great service to the public and so easy to use many of us Newbies don't know much about security but with utilities like that its easy as 1,2,3 thank you so much.

    How ever IM concerned about something I read about MPR.DLL that's on Windows95/98/ME WNetEnumCachedPasswords. It is officially undocumented, but enough unofficial documentation has been created so that Trojan authors can easily call this DLL from their own Trojan - indeed, many popular Trojans such as Sub 7 have taken advantage of this API for a long time,
    A google.com search at March 12 2002 for "WNetEnumCachedPaswords" found 316 results.

    This is very scary as it can easily single API call by displaying all cached passwords. Passwords include modem/dialup passwords, URL passwords, share passwords and more

    I ask you make a simple utility that temperorarely fix this problem like you did with hta a stop turn it off and on with a click protect or unprotect simplicity.

    Even tds company made a patch for this called pass lock but its to complicated and not newbie friendly.

    That's why I ask you if you can make a patch for it like you did hta stop so that it encrptys the MPR.DLL entrypoint to the WNetEnumCachedPasswords function, and patches the first 3 bytes randomly so hackers cant simply guess the code.

    A version from you would be better then from tds more info can be found here http://www.diamondcs.com.au/web/patches/enhancer.php3?patch=passlock but there version sucks lol for newbies lol.
     
  3. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Hi Blaze,

    The problem here is that there are so many different versions of MPR.DLL that it would be extremely difficult to do, much less make it simple.  That DLL is different from Windows build to Windows build, and then across all the versions again as well. What Wayne did was about the best that can be hoped for, sorry.  :-/
     
  4. FanJ

    FanJ Guest

    Hi MrBlaze,

    If you have problems with installing that patch from DiamondCS, please feel free to ask questions in a new thread. I'm sure we will try to help you with it if you got problems with it.

    Cheers, Jan.
     
  5. FanJ

    FanJ Guest

    Hi Nancy,

    Thanks so much to you and Kevin for giving us all the new version and your thoughts about it !  :)

    Cheers, Jan.
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    ok ill try my best to install it gulp blaze sweats  with paronoyle
     
  7. FanJ

    FanJ Guest

    OK, keep us posted how it goes!

    Please start a new thread if you have problems with it or questions.
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :-/i hadnt try yet hold me
     
Thread Status:
Not open for further replies.