DSOstop2 replaces original version

We built a new "DSOStop2" program. It's available to download from:

http://www.nsclean.com/dsostop.html

The original DSOSTOP has been withdrawn and it will be a few days before other mirror sites catch up with the change. This new version "2" will perform the test on both "signed" and "unsigned" ActiveX controls before indicating safety and will warn if either or both have been set to "allow." The original protected both, but only reported the status concerning the Greymagic vulnerability.


This new build was created to address a number of concerns raised by some individuals who were concerned about people who have "customized" either their registry zone settings or their "security settings" into potentially conflicting modes. Other objections were raised that DSOSTOP also changed the settings for the Internet Zone as well in order to prevent other similar exploits from occuring across the internet. We included the internet zone in the original DSOStop since "object tags" are frequently used to place trojan horses on people's machines from a web page and thought it was a good idea to include protection from that as well. We still believe that including the internet zone in DSOSTOP was a good idea but we've decided to provide a choice instead.  

 

hello nancy can you do  me a fave oh and thx for the col utlity i will be sure to upgrade.

i wrote you guys an e-mail but i hadnt recive anything back here was my e-mail and i actualy used spell check this time lol.

my name is Blaze I love the small freebie utilities you make like HTA STOP & DSO STOP it is a great service to the public and so easy to use many of us Newbies don't know much about security but with utilities like that its easy as 1,2,3 thank you so much.

How ever IM concerned about something I read about MPR.DLL that's on Windows95/98/ME WNetEnumCachedPasswords. It is officially undocumented, but enough unofficial documentation has been created so that Trojan authors can easily call this DLL from their own Trojan - indeed, many popular Trojans such as Sub 7 have taken advantage of this API for a long time,
A google.com search at March 12 2002 for "WNetEnumCachedPaswords" found 316 results.

This is very scary as it can easily single API call by displaying all cached passwords. Passwords include modem/dialup passwords, URL passwords, share passwords and more

I ask you make a simple utility that temperorarely fix this problem like you did with hta a stop turn it off and on with a click protect or unprotect simplicity.

Even tds company made a patch for this called pass lock but its to complicated and not newbie friendly.

That's why I ask you if you can make a patch for it like you did hta stop so that it encrptys the MPR.DLL entrypoint to the WNetEnumCachedPasswords function, and patches the first 3 bytes randomly so hackers cant simply guess the code.

A version from you would be better then from tds more info can be found here http://www.diamondcs.com.au/web/patches/enhancer.php3?patch=passlock but there version sucks lol for newbies lol.

 

Hi Blaze,

The problem here is that there are so many different versions of MPR.DLL that it would be extremely difficult to do, much less make it simple.  That DLL is different from Windows build to Windows build, and then across all the versions again as well. What Wayne did was about the best that can be hoped for, sorry.  :-/

 

Hi MrBlaze,

If you have problems with installing that patch from DiamondCS, please feel free to ask questions in a new thread. I'm sure we will try to help you with it if you got problems with it.

Cheers, Jan.

 

Hi Nancy,

Thanks so much to you and Kevin for giving us all the new version and your thoughts about it !  

Cheers, Jan.

 

ok ill try my best to install it gulp blaze sweats  with paronoyle

 

OK, keep us posted how it goes!

Please start a new thread if you have problems with it or questions.

 

:-/i hadnt try yet hold me