How to add custom CLSID's to block with SpywareBlaster

Discussion in 'SpywareBlaster & Other Forum' started by Pieter_Arntz, Sep 12, 2003.

  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Start SpywareBlaster, click "Tools" and select the "Custom Blocking" tab.
    Click "Add Item" and fill out the name you want it to have.

    Then fill out the CLSID (don't forget the accolades):

    [​IMG]

    and click OK.

    Then the item will show up in the custom block list:

    [​IMG]

    Then put a checkmark in the box and click "Protect Against Checked Items" and you are done.

    And low and behold, if you have added something that Javacool decides to add as well, it will show when you get that update.
    As you can see, Javacool decided to give it a different name, but the Xupiter / SearchSquire Variant is already checked, thus showing the kill-bit was already set:

    [​IMG]

    If that happens you can select the item in the Custom Blocklist and click "Remove Selected Item" (Don't remove the protection though)

    HTH,

    Pieter

    Edited to replace screenshots with the latest version of SpywareBlaster
     
  2. habari42

    habari42 Registered Member

    Joined:
    Aug 4, 2003
    Posts:
    73
    Hi, Pieter. I'm interested in Custom Blocking in Blaster and (as a complete Newbie in this field ) could you explain about "the name you want" and how you can find out the relative CSLID.please?
    Regards, Haba. o_O
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi habari42,

    The name you want, means that it doesn´t matter for the protection how it is called. So you can give it any name you like or would find easy to remember.

    Finding out a CLSID is a bit trickier. Is there something in particular that you want to block?

    Regards,

    Pieter
     
  4. habari42

    habari42 Registered Member

    Joined:
    Aug 4, 2003
    Posts:
    73
    Hi, Pieter. Sorry to seem so dim but am I correct to asume that you start with a URL you want to block, then give it a name and link it to a CLSID.? I have in mind several URLs I have had trouble with, involving Browser Hacking. eg Global-Finder.com,true-counter.com,coolwebsearch.net and joker.com. I don't even know what CSLID means !!

    Regards, Haba.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi habari42,

    That is a very technical question (way over my head ;) )
    Maybe this will help a bit in understanding: http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q183/7/71.ASP&NoWebContent=1
    In terms that I can understand a CLSID is a number that (almost) uniquely identifies a certain process.

    Unfortunately there is no way that I can think of on how to stop the CWS hijacks from happening with SpywareBlaster.
    As far as I know CWS uses the ByteVerify vulnerability to get installed, so it does not use ActiveX : http://vil.nai.com/vil/content/v_100261.htm

    Hope this helps,

    Pieter
     
  6. rayone

    rayone Registered Member

    Joined:
    Sep 18, 2003
    Posts:
    1
    Does Red Sherrif and Alexa Related need to be set up as custom items to block. Spywareblaster has blocked everything except these two. What numbers do I need to use to block these two?
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi rayone,

    Welcome at Wilders. :)

    I found this CLSID for Alexa : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
    I don't know if blocking this can have any unwanted side-effects, but it won't hurt to try.

    Red Sherrif uses a Java applet, more info: http://www.spywareinfoforum.com/index.php?showtopic=2239

    HTH,

    Pieter
     
  8. habari42

    habari42 Registered Member

    Joined:
    Aug 4, 2003
    Posts:
    73
    Hi,Pieter. Thanks for the links and I have them both downloaded and printed. Haven't had time to study them properly yet but they seem to be pretty complicated.!! Was the procedure set out in the first link what you used to provide the CLSID for rayone above ? Re: the CWS hijacking:- I have used SpywareBlaster's Tools>Misc: IE Settings>Disable Home Page Setting, to lock my browser setting and,so far,so good !! I hope someone will organise a search party if I get lost in Registry !! Regards, Haba. :)
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi habari42,

    Actually I found that CLSID for Alexa on a German website: http://home.pages.at/kb_home/internet.htm#Alexa_deaktivieren
    and confirmation here: http://www.imilly.com/alexa.htm

    One extra note: the CLSID's for the real Alexa spyware are already blocked in SpywareBlaster.
    This one is for the related links feature in IE. The difference is explained pretty well at the second link.

    Regards,

    Pieter
     
  10. x5dr

    x5dr Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    3
    Hi...I'm a newbie too and thought I would keep to this thread since it relates. I'm still not sure about how to add to the block list. I pick up a bug from this site (XP tweaks)... http://www.dougknox.com/index.html

    and Adaware's log...

    Tracking Cookie Object recognized!
    Type : File
    Data : john@bravenet[2].txt


    I don't know what to do with this...I added john@bravenet[2].txt to custom blocking and it gave all 0's for the CSLID...but didn't work. thanks for any help.
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi x5dr,

    A cookie is not a process, so you won't be able to block it this way.
    If you are using IE6 you can block third party cookies (which I think is what you need here)
    Explained better then I could ever manage here: http://privacy.getnetwise.org/browsing/tools/ie6/block1and3

    Regards,

    Pieter
     
  12. x5dr

    x5dr Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    3
    Thanks! I blocked the 3rd party cookies (it worked!) but will I be blocking pages that I might need? I downloaded cookiewall from analogX but for some reason I couldn't get it to block their cookie either...I'm sure it was my settings. Should I need a 3rd party cookie for some reason, is there a way to disable this setting...like holding the CTRL key when disabling a popupstopper?
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi x5dr,

    I have yet to meet the first third-party cookie that is of any use to the visitor of a site.

    I have never heard of any problems coming from blocking those, and that's probably because more then 99% of them is placed on your computer by advertisers.

    Regards,

    Pieter
     
  14. x5dr

    x5dr Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    3
    ok...thanks again.
     
  15. Spyware Blaster is not blocking Commission Junction, Doubleclick or several versions of sex tracker. How do I find out the clsid's to add them to my custom list?

    thank you.
     
  16. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Those sound like cookies to me.
    SpywareBlasters cookie protection only works for IE6. Is that what you are using?

    Regards,

    Pieter
     
  17. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Hi Pieter .. remember my little problem with ajrotator. I discovered this tracking cookie piggyback rides on thruport [thruport was the site's internet engine & their policy seemed okay but they are listed under spyware nontheless]. I did a google search of ajrotator and that is how I discovered it had a connection to thruport; I was then able to connect that info to the site I was visiting. What I did to rid myself of this nasty was, I went to Security in IE, and placed the following on my block list: http://adj16.thruport.com/servlet/ajrotator [found it through google]. This did the trick and I do not get the tracking cookie anymore but am still able to get to the discussion forums on that site. Whew!! what a relief that was to get rid of that nasty. :)

    The method I used might be easier than trying to add to SpywareBlasters database because of the difficulty of obtaining CSLIDs.
     
  18. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    I am soooo new. Just downloaded spywareblaster, and I have 2, probably equally silly, questions. What does CLSID stand for. And, after I opened the spyware program, I saw all the red writing, but at the bottom it said "remove protection for unchecked items". Nothing is checked, don't I want to check it for protection? :doubt:
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  20. Kathyhl

    Kathyhl Registered Member

    Joined:
    Oct 18, 2003
    Posts:
    186
    Location:
    California
    thank you so very much Pieter. I would have probably not done a thing, and thought it was working!

    Kathy ;)
     
  21. squik_kitty

    squik_kitty Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    2
    Location:
    Sydney Australia
    Hi, here we go again o_O
    I am having trouble with 2 hijackers, glober-finder & luckysearch. They are preventing me from going to pages of my choice.
    I looked in the tool option and under browser pages listed I can see the &*^%&% mongrels listed!!!!
    How can I get them onto the custom listo_O
    I have no idea what Im doing :doubt:
     
  22. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :D Hi Pieter! How's it going? ;)

    Not all of these nasties (mentioned above) are ActiveX processes. If you need to remove stuff that SpywareBlaster does not do, try getting the freeware version of Adaware http://www.lavasoft.de/ or the totally free Spybot Search and Destroy http://www.safer-networking.org/index.php?lang=en&page=download. Each/both of these can help you to get rid of lingering spywares. I hope I'm not out-of-line mentioning these proggies here? I use them both and SpywareBlaster.

    For the newbies: remember to keep your proggies up-to-date! New spywares are always being covered.

    Best regards from Larry :)
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Kathyhl,

    My pleasure. :)

    squik_kitty,

    Please use this thread to get your problem resolved: http://www.wilderssecurity.com/showthread.php?t=15136

    Prince_Serendip,

    No problem. Actually it is IMO the best way to go, make sure you are clean before installing SpywareBlaster and SpywareGuard. And AdAware and Spybot S&D are great free programs to do just that.

    Regards,

    Pieter
     
  24. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Hey Peter, good explaination, I always wondered what the heck CLSID stands for, but was to lazy to ask or google.

    I was wondering about how spywareblaster blocks cookies in IE 6, is that the equalavant of importing a XML list as in http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/customimportxml/customimportxml.asp

    Or any entries added in spywareblaster can be seen in the custom per site list?

    Or does spywareblaster do more?

    Thank you.

    Added URL tags
     
  25. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Thanks for the compliment. :)
    I won't be able to answer those questions, since I am no programmer, but I imagine that the methods work at least very similar. Javacool would be to only one who can answer that with 100% certainty.
    Yes, they do show up in that list.

    You´re welcome.


    Regards,

    Pieter
     
Loading...