a single popup from Adult Friend Finder.com
[programs used]
Ad-Aware SE
Hijack This
Spybot Search and Destroy
Spyware Blaster
DSO Stop 2
Bazooka
[hijack this log]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\first\Desktop\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswkrwr32.exe
[spybot s&d log]
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-01 Includes\Dialer.sbi
2004-12-02 Includes\Hijackers.sbi
2004-12-01 Includes\Keyloggers.sbi
2004-12-01 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2004-12-01 Includes\Spybots.sbi
2004-12-01 Includes\Trojans.sbi
2004-11-29 Includes\Tracks.uti
[progress]
adawareSE--scans clean
hijackthis--you tell me
spywareblaster--scans clean
bazooka--scans clean
spybot s&d--using this program i have (4) re-occuring DSO (data sorce object) files that get listed as possible exploit, removal function is used but files remain after reboot/re-scan popup persists
i follow procedure found on http://security.grey...om/adv/gm001-ie about setting registery zone value to (3) this solved nothing popup remains
this is seriously pissing me off What the... must i do short of reinstall to kill 1 freaking popup