please help with this DSO after reformat

Discussion in 'privacy problems' started by chercat, Jul 1, 2004.

Thread Status:
Not open for further replies.
  1. chercat

    chercat Registered Member

    May 20, 2004
    I need help before I make this worse .

    I had several issues with being hijacked. I finally managed to reformat my HD , installed drivers , etc.
    Installed ZA , then EZ Trust AV, went to Windows Update and applied what I thought were all critical patches , etc.I also went to this site to see how to reconfigure from my default security settings to have greater security , etc.
    THis was yesterday ! Figured I was fairly safe for the moment .

    Today I got around to installing Adaware and Spybot from links to this site .
    I did not set up a mail program because I am in the process of waiting for DSL .

    When I scanned with Spybot and Adaware was dumbfounded to see that I had 16 issues , one being a recurring DSO exploit every time I reboot that Spybot finds
    Spybot's more info brought me to this link

    Can someone PLEASE help me resolve this before I get in over my head again!

    I really thought I had installed all critical updates and my history shows I have since yesterday

    When I did the tests indicated on the greymagic site , EZ does confirm and when I did a scan with Ez , I got this message :

    number of files not cleaned /deleted / renamed : 2
    C: Windows |Temporary Internet files |Content IE5\E453JM9J|simplebind(1).htm ( JS CodeBase.exploit infection)

    C: Windows |Temporary Internet files \Content IE5\T7y1amt\advbind(1).htm ( same code base at end) .

    When I reboot , I scan with Spybot and get the same DSO problem registry change in HKEY-Current- User\software\Microsopft\Windows\CurrentVersion|In
    ternetSettings\Zone\0) that I just asked Spybot to fix and it supposedly did .

    I upgraded to IE Explorer 6 when I did the updates and patches .

    I am running 98SE .
    ANd now those settings for security which I customized as soon as I started up the computer were changed and I had to change them back again .
    Not sure if they are changing each time I reboot .

    Someone told me that the hijaker I had before could still be in my BIOS even if I reformatted as it had happened to someone he knew so now I am not sure if that is the case or if this is something new .

    I think this is a new issue and hopefully less invasive and easier to solve than reformatting !
    I did rebott at home and the security settings that I did change to higher security seem to be OK now .

    I am posting this at the library computer .

    Can someone please check the link I have posted , given by the spybot site ( sorry - dod not know how to hyperlink_) and give me directions on how to delete . I am thinking I have to go into regedit but need explicit directions so I do not screw it up and make things worse .

  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    Just so you'll know, it is not a sign of a problem if Spybot S&D v1.3 keeps showing the DSO Exploit findings on every scan. It is a bug in Spybot that it can not properly fix the setting that is leading to showing those items over and over. See this thread for more on this Spybot bug:

    So, factor out DSO Exploit entirely and then reassess the problems you believe you are having to see if you really have something worth worrying about. (Frankly, this bug and issue with Spybot has caused a lot of confusion and concern with people seeing those scan results. The sooner they fix it the better!)
  3. anstar

    anstar Registered Member

    Jul 7, 2004
    Ok I see that I have the same Spybot DSO exploit issue everyone else is having. I'll ignore that, but something is trying to change my homepage constantly. One of them is ctmet.dll/sp.html#12802 but I have to "deny change" seven times before it stops (for a few minutes.) Can someone please tell me how to get rid of whatever it is that's hijacking my homepage?
  4. dog

    dog Guest

    Hi anstar, ;)

    Welcome to Wilders' ;)

    Please follow these instructions by LWM Posting a Hijack This Log

    Then start a "new" thread in the Hijack forum - Here Please be patient as many of the experts live in different time zones, but someone will address your log shortly. ;)

    In the mean time you might be interested to read this - How did I get infected in the first place?

    dog - *puppy*
Thread Status:
Not open for further replies.