Custom Blocking Tool

Discussion in 'SpywareBlaster & Other Forum' started by Red Boy, Sep 12, 2003.

Thread Status:
Not open for further replies.
  1. Red Boy

    Red Boy Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    6
    Location:
    Louisiana
    I have downloaded the latest version of Spyware Blaster and it is working fine. However, I would appreciate particulars concerning the use of the Custom Blocking Tool. I note that it specifies that a CLSID is necessary, besides the name of the item to be blocked. Where and how does one get a CLSID? I would like to block a nasty that attacked my computer last evening. It is identified as: "Pass This on: IE Start Page".

    It took over my Start Page. I removed it with Spybot. And so far so good. However, I would like to prevent it from re-establishing itself on my computer. Is it possible to include in Spyware Blaster's data base or to interdict with the new Custom Blocking Tool?

    Thanks,
    Red Boy o_O
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Red Boy,

    AFAIK PassThisOn uses a Visual Basic script, which is stored as either a .vbs file or an .html file.
    Try blocking {F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} ;)
    The name you give it does not influence whether it will be blocked or not.

    You should however tighten your security settings:

    3) Go to Internet Options/Security/Internet, press 'default level', then OK.
    Now press "Custom Level."
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
    Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
    Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.
    So why is activex so dangerous that you have to increase the security for it?
    When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
    Would you run just any random file downloaded off a web site without knowing what it is and what it does?

    Copied from: http://boards.cexx.org/viewtopic.php?t=957

    I am preparing a post on how to use the Custom Blocking, so stay tuned to this forum. :D

    Regards,

    Pieter
     
  3. Red Boy

    Red Boy Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    6
    Location:
    Louisiana
    Thanks Pieter. I am tightening up my security settings as you have suggested. However, I continue to get a: Enter the new items CLSID, when attempting to block: F935DC22-1CF0-11D0-ADB9-00C04FD58A0B.

    I will stay tuned for your post relative to Custom Blocking.

    Thanks,
    Red Boy
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    OK. I will make sure it says that you should not forget the accolades. ;)

    Regards,

    Pieter
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    As promised: http://www.wilderssecurity.com/showthread.php?t=13684

    An explanation on the CLSID I mentioned before.
    Adding that will prevent IE form using the Script Host to write to your registry.

    It disables the hijacker that bothered you, but it might be handy to know that you have that blocked, in case something else does not work.

    Regards,

    Pieter
     
  6. Red Boy

    Red Boy Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    6
    Location:
    Louisiana
    Thanks, Pieter, I really appreciate your quick and detailed help.

    I have followed your instructions and believe that this nasty is now blocked. (I didn't forget to use the accolades. :D) However, I have another question, if I may? Should I need to block another nasty, where do I get the CLSID? You provided this one. Can this CLSID be used on all future ones or does each nasty have its own CLSID, requiring me to go to some other source, like you, for same? o_O

    Thanks again,
    Red Boy :D
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Red Boy,

    That is very hard to answer.

    Every ID should be unique (no guarantees), but not every nasty restricts itself to one CLSID. Some even generate random ones.

    I find mine in HijackThis logs and when I think something should be blocked or at least looked into, I mail them to javacool.

    Feel free to ask though if you think something should be stopped (again no guarantees ;) )

    Regards,

    Pieter
     
  8. Red Boy

    Red Boy Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    6
    Location:
    Louisiana
    Thanks again, Pieter.

    Red Boy :)
     
  9. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Just to add something here:

    I highly recommend that you do not block any CLSID that you come across. Some spyware makers have used CLSIDs that are the same as those of other software, and blocking them could cause conflicts.

    If you do come across a new CLSID, please (by all means) post it here in a new thread. I'll take a look at it, and if it indeed is spyware I can add it to the main database, so everyone can benefit from the protection. :cool:

    Best regards,

    -Javacool
     
  10. Red Boy

    Red Boy Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    6
    Location:
    Louisiana
    Thanks Javacool, excellent points. I will remember and act accordingly.

    Red Boy :)
     
Thread Status:
Not open for further replies.