How to add custom CLSID's to block with SpywareBlaster

Discussion in 'SpywareBlaster & Other Forum' started by Pieter_Arntz, Sep 12, 2003.

  1. SloppyGoat
    Online

    SloppyGoat Guest

  2. SloppyGoat
    Online

    SloppyGoat Guest

    Here's where I found it.

    hxxp://www.nfscheats.com/include/advert.html

    [sub]Disabled link - Javacool.[/sub]
  3. SloppyGoat
    Online

    SloppyGoat Guest

    Well, I ended up just putting it in my host file. That works too.

    127.0.0.1 nfscheats.com/include/advert.html

    I'd still like to know how to find out CLSID's, though.
  4. SloppyGoat
    Online

    SloppyGoat Guest

    No answers? :p
  5. fordvette
    Offline

    fordvette Registered Member

    Hi Gang

    I am new to this forum, but not to using spyware. I have spybot, spyguard, and spyware blaster. A couple of questions, is the theory of having more is better, or not? I am having trouble with these spyware doers getting rid or even recognizing a couple, I am having trouble with, such as zesty find, and about:blank.

    In spyware blaster if you use the custon blocking, if you just enter the name of the offender, and not the clsid, will it stiil block them? Also can some one tell me where I can find this clsid, and what does the letters mean, in simple terms?..... o_O

    Take care.........Gunny........... :D
  6. Pieter_Arntz
    Offline

    Pieter_Arntz Spyware Veteran

    Hi fordvette,

    Welcome at Wilders. :)
    More is not always better, but I see no superfluous combination there.

    Please follow the instructions posted here: http://www.wilderssecurity.com/showthread.php?t=15913
    so we can assist you in getting rid of zestyfind.
    about:blank confuses me in this context, but I think we can clear that up to. :)

    No. I'm afraid that won't work. It's just the other way around. It will work fine with just a CLSID.

    I don't think there is a simple way of explaining it. Would you understand it better if I said it was like a social security number? Unique to a process (in this case) but open for fraude.

    Regards,

    Pieter
  7. Gunny
    Online

    Gunny Guest

    Hi Pieter

    Hey thanks for the information. I guess you are saying if you just put the name in with out the # it will not work, or be affective. You did not mention how you got this #. I appreciate you getting it for me, but if you tell me how to get it, might save you some work.
    Or is it too complicated to even mention?

    Take care............Gunny
  8. Pieter_Arntz
    Offline

    Pieter_Arntz Spyware Veteran

    Hi Gunny,

    It's not always easy to find the correct one and it could give you a false sense of security if you thought you had it.
    Sometimes Google will do the trick and sometimes you have to install the "baddies" to find out.

    Plus there is the fraud factor I mentioned. Programs that don't stick to one number and just make up a random one.

    Regards,

    Pieter
  9. jofran
    Online

    jofran Guest

    Hi
    I keep getting a cascade of porn pop-ups on my computer. Spyware seems to have got rid of some of them but not all. I do not know how to find their CLSID's.
    The sites are:
    xxx-Microsoft Internet Explorer provided by Freeserve
    CLICK YES-Microsoft Internet Explorer provided by Freeserve
    hxxp://www.premiumratedcontent.com/
    Of course deleting one only causes more to appear.
    As I have young children I really am unhappy with these pop-ups. I don't know why they started appearing but I would love any help in stopping them. They first used to appear with a download frame from Proclaim Telecom if that means anything to anyone.
    Thanks
    Jo
  10. snowbound
    Offline

    snowbound Retired Moderator

    Hi jofran :)

    Welcome to Wilders.

    Please follow the instuctions at this link,

    http://www.wilderssecurity.com/showthread.php?t=15913

    then one of the experts will be happy to assist u with your HijackThis log.



    snowbound
  11. 2dazed
    Offline

    2dazed Registered Member

    A few links that may help... http://www.spywareinfoforum.com/~merijn/htlogtutorial.html
    http://www.pacs-portal.co.uk/startup_content.php#HOW_CAN_I_IDENTIFY_THESE_PROGRAMS?
    http://sysinfo.org/bholist.php
    http://www.merijn.org/files/cwshredder.zip

    I hope these help. I may have forgotten a few more. If I'm not wrong, SpywareBlaster helps to protect against 016's ( downloaded programs ) in a HJT log. The 1rst link is to the tutorial for HJT. It's helped me understand what I'm looking at. For help on IE6 & cookies or sites, download this, for IE only, http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD . You may need to tweak your settings. For the CLSID in SpywareBlaster, you'll need to put the full CLSID in, ex. {#'s &/or letters go here}. It may be easier to copy & paste it in though. If you're not sure if a CLSID is safe or bad, SpywareBlaster has a nifty option I just found out about. You can right click on the database screen, left click the Find option, then paste your suspected CLSID in the space provided. If it doesn't show in the database, I've assumed it's alright, or at least possibly unknown to be a baddie.
    Here are 3 of Alexa I'm protected against. You can practice putting these in SpywareBlaster if you're not already protected now. Alexa.. The CLSID is {6AF9BC61-3CC5-42A7-82D1-FFC2562A7289}
    Alexa(2).. The CLSID is {D1F6ABEF-B889-11D2-8E3C-DCCA155F9A71}
    Alexa Variant.. The CLSID is {C95FE080-8F5D-11D2-A20B-00AA003C157A}
    Hope this info helps. :)
  12. Nemo
    Offline

    Nemo Registered Member

    Hello, All --

    The Help file for SpywareBlaster 3.0 says the following concerning adding a custom blocking file:

    You can even download Custom Blocking lists other people have created.

    But it gives no info on how to do this.

    I have a nice long list I would like to add. Can anyone explain how to do this w/o having to go through the tedious process of adding names and CLSIDs one at a time? Is there any way to add it all in one shot?

    All help will be much appreciated.

    Thank you.
  13. Nemo
    Offline

    Nemo Registered Member

    Hi, All --

    Okay, I figured out how to place a custom list of names and CLSIDs in there in one shot. For anyone else like me who wanted to know how to do this, I submit the following FYI:

    Create an ordinary txt file called "customblocking.txt," and place it in your SpywareBlaster directory, usually
    C:\Program Files\SpywareBlaster\

    Enter your info in the following format (this is a very short example):

    [Header]
    ListNumber=3

    [0]
    Name=AdLogix | PHELPER.DLL
    CLSID={024de5eb-3649-445e-8d57-c09a9a33d479}
    [1]
    Name=Backdoor.Autoupder (1)
    CLSID={024de5eb-3649-445e-8d57-c09a9a33d479}
    [2]
    Name=Backdoor.Autoupder (2)
    CLSID={C76BE992-2BC3-41A4-8B87-A8C01FE419A7}

    Important: Be sure the correct number of entries is entered after "ListNumber=" near the top. For this example, it is 3.

    Save the file. Open SpywareBlaster and go to Tools -> Custom Blocking. Be sure all items you entered into your customblocking.txt file are there, be sure they are all checked, and then click on the "Protect Against Ckecked Items" button to be sure that protection is fully enabled.

    This worked for me. If someone has a problem with this, please point it out so we can all be sure how to do it right.

    Hope this helps.
  14. melmcbee
    Offline

    melmcbee Registered Member

    Can I use Tony Kleins BHO and toolbar list to add to the custom blocking
    here

    or is this not the same thing?
  15. Peaches4U
    Offline

    Peaches4U Registered Member

    Users of SpywareBlaster need to get frequent updates to keep their protection current. It seems that evil ActiveX code crap rivals rabbits in their ability to multiply. There is a time lag between when evil code is identified and its kill instructions are entered into the next SpywareBlaster update.
    You can shorten this time lag if you become aware of evil code and enter it into your own database are using the program's "Custom Blocking" feature.


    Name and CSLID listed here ....
    http://www.mvps.org/winhelp2002/blaster.htm
  16. Chief ADFP
    Offline

    Chief ADFP Registered Member

    i use pop-up stopper Profeessional with it i can delete them cookies and a lot of adware cookies are gone and i can save cookies i like to keep to.
    www.panicware.com it is a sweet program not the greatest one but it dose a good job blocking them popups and like the options it has. sorry it not a freebie. Free to try; $$.$$ to buy
    Link: http://download.com.com/3000-2144-10078812.html?part=73920&subj=dlpage&tag=button
    cya later on
    Last edited: May 11, 2004
  17. LisaM
    Offline

    LisaM Registered Member

    I was attacked last night again by 2 pests which I believe are ActiveX controlled. Spywareblaster did not prevent either from installing. Spybot later removed both. How do I find the CLSID numbers so that I can go into Custom Blocking and block both?

    n-Case
    Blazefind.Bridge
  18. MCT
    Offline

    MCT Registered Member

    how can i find the clsid? theirs a site SB doesnt have protection for, and id like 2 enable it,

    ive posted b4 about this, and no one would reply about how 2 go about finding the clsid

    thanks :D
  19. javacool
    Offline

    javacool BrightFort Moderator

    Hi,

    Websites may go through various tricks to try and hide the CLSID, but the straightforward method is as follows:

    The following instructions are for experienced users only. If you aren't sure about any part, please just send the webpage to me and I'll take a look at it.

    1.) Right-click on the webpage.
    2.) Select "View Source" from the menu that appears.
    Notepad should open with the source code for the webpage.
    3.) In Notepad, press CTRL + F to open the "Find" box.
    4.) Enter "<OBJECT" and press OK to find the first instance. Keep using "Find Next..." until you've located all instances in the code.

    A sample embedded ActiveX control could use code like the following:
    <OBJECT ID="Example ActiveX Control"
    CLASSID="CLSID:00000000-0000-0000-0000-000000000000"
    CODEBASE="exampleactivex.CAB#version=1,0,0,0">
    </OBJECT>

    In the example above, the part you would be looking for is the CLSID - "00000000-0000-0000-0000-000000000000".

    When entering it into SpywareBlaster, make sure you add the brackets "{}" - {00000000-0000-0000-0000-000000000000} .

    But a word of warning: I would highly recommend that you first send the webpage on which you are receiving the ActiveX prompt to me. I can look it over and, potentially, find an item or two to add to the SpywareBlaster database so everyone can benefit from the protection. Doing so will also help prevent blocking something that is good or wanted by mistake.

    Best regards,

    -Javacool
  20. MCT
    Offline

    MCT Registered Member

    hey thanks 4 the reply javacool :D

    as u stated u wanted the link 2 the site..

    the site is <removed> sometimes it has an activex popup

    maybe u can add the clsid 2 spyware blaster :D

    Note: this activex doesnt seem 2 be present everytime i visit the site..
    Last edited by a moderator: May 23, 2004
  21. javacool
    Offline

    javacool BrightFort Moderator

    Thanks, I'll see what I can do. :)

    (Note: I removed the link because it pointed to a site that is against this board's TOS.)

    Best regards,

    -Javacool
  22. MCT
    Offline

    MCT Registered Member

    i didnt know if i should have PM'd u the link, or just posted it, so i chose the second one, sorry if it was the wrong choice.. ill know for nexttime :p

    thanks again javacool :D
  23. angelicrescue45
    Offline

    angelicrescue45 Registered Member

    CLSID for DSO Exploit

    Does anyone know the CLSID for a program called "DSO Exploit"? I pick it up from games.yahoo.com when I play a game. Spyblaster has blocked everything else yahoo tries to give me except for this program. Spybot says that the program is coming through a "hole" in IE. Is this Active X? If so, could it be added to the next update for Spyblaster?

    Thanks!
    Lari :rolleyes:
  24. Marc Carm
    Offline

    Marc Carm Registered Member

    Hello...

    I too am new to this forum. :)

    I've been having a problem with "WinEssential.Jraun.Kanhaiya".

    Would you happen to know their CLSID or how to find it?

    Thanks in advance,

    Marc
  25. MCT
    Offline

    MCT Registered Member

    scroll up about 4 posts, javacool responded 2 my question when i asked him how 2 block them

    hope this helps :D