Try running Ad-aware as explained or download CWShredder from:
http://www.spywareinfo.com/~merijn/cwschronicles.html
Either one should remove AboutBlank.
Hope this helps!
Lorry
|
Try running Ad-aware as explained or download CWShredder from:
http://www.spywareinfo.com/~merijn/cwschronicles.html
Either one should remove AboutBlank.
Hope this helps!
Lorry
Whiskey14, I appreciate the input and will try your solution/s, but my question stands for one simple reason. I need to know if webdialer is causing the about:blank IE page?
Yes, the web dialer is the culprit. Remove it.
Hope this helps!
Whiskey14
Well, I've read all five pages and I'm still not sure I'm getting all of this. (I have ADD so please be kind.)
I too have DSO Exploit, 6 entries showing on Spybot. When I right click on DSO Exploit "more details" "jump to location" it then sends me to the Register Editor with an open folder named "settings" on the left side.
On the right side are six files with a little {ab} boxed before the following six names:
Default
Anchor color
Anchor color visited
Background color
Text color
Use anchor hover color
I don't see a folder called "zones" and I don't see this 1004 file you guys are talking about. Am I missing something here or am I misunderstanding what to do?
Any help would be appreciated. Thanks.
Spock, initially I had the same problem. When you get to location (link you clicked from spybot's page) and you see an inventory of folders, find the one that is listed in the spybot's list. Then click on the plus sign to the left of the folder name and it will open up. Go into it and keep clicking plus signs next to appropriate names of folders and they'll keep opening up until you get to the end (I think folder "0"). In there you'll see the key you need to delete.
To Clueless,
Thank you. Your directions were simpler and just what the doctor ordered. I had six entries Spybot found of DSO Exploit, and now I have one. For some reason that final one doesn't want to leave. I did exactly the same steps as given, but I can't seem to find this last 1004 file in all five folders - 0,1,2,3,4.
Oh well, I'll get it sooner or later.
I couldn't find one DSO as well, it was supposed to sit in the .Default folder, I never found it. Nevertheless spybot never showed it being there after I was done deleting the rest of them. Go figure...
In Spybot, the DSO Exploit should point you to a registry key like... Zones\0\1004.
It could be folder 01 instead of 0, but open the registry and go there. Don't depend on the "jump to" feature of spybot to do this.
The 1004 is called a DWORD. You'll notice that it's icon is different than most of the icons there. Here's what you have to do.
Right click on 1004 and delete it.
Right click on folder 0 (or 01) and create a new DWORD called 1004.
Double click on your new 1004 and give it a value of 3. Make sure the "Base" is chosen as "hexadecimal" (it is by default).
Click on OK and close the registry. You're all set.
I FINALLY got rid of DSO blah blah blah... I read in this forum about what to try.. I went to the advanced mode and took a chance. I hope I didn't screw up our computer. I'm still not clear how that helps... all I know is that DSO is gone... for now.
For anyone with those awful porno pop-ups... I downloaded CWShredder and it did the trick. I currently have Spybot Search and Destroy, Spyware Blaster and CWShredder. It is THE only way I've been able to use the computer without the porn and other stuff. My only complaint now is something called Best Online Casino that pops up and becomes an icon on my desktop. Can anyone tell me what to do about that?
Sudbury,
I tried to do what is listed below and I thought it worked. The problem is that now the porn that was a problem before is back. I had to go back and uncheck the DSO and get out of advanced mode. The porn is gone now , but DSO is back. I don't get it. Any ideas?
Counselor
Quote:
If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following:
1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.
You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.
It must be a coincidence. They aren't related. All you've been doing is telling Spybot to ignore the DSO Exploit.Quote:
]... but DSO is back. I don't get it. Any ideas?
Counselor
When you run spybot, it gets rid of the DSO Exploit. The problem is that a bug in spybot's fix changes the DWORD 1004 in the... Internet Settings\Zones\0 folder into a String Value 1004. When you run spybot again, it sees that this area is incorrect and identifies it, again, as the DSO because it thinks that any problem in this area is the DSO Exploit. Sudbury's fix simply tells spybot to ignore it from now on. This is probably OK since the DSO is actually gone. However, if you get it again, spybot won't see it.
If you want to put everything back properly, you need to:
1. Open the 0 folder
2. In the right pane, right click on 1004 and delete it
3. Right click on the 0 folder and choose New then DWORD Value
4. A new DWORD key will appear named New Value #1. Rename it to 1004 and hit Enter
5. Hit Enter again (or double click 1004) to open your new 1004 DWORD
6. A dialog box will appear. The Name Value at the top will be 1004. On the left is a box to enter a Value data. Place a 3 in this box. On the right is a place to choose the BASE. Make sure hexadecimal is chosen
7. Click OK and close the registry
The next time you run spybot, the problem should be gone, and you don't have to tell spybot to ignore it.
Well, isn't that ironic? I've got an illiterate kid and self proclaimed "full expert" attacking me.Quote:
GTX or wateva, if you don't know what your going on about then don't give advice.
The GREAT N POWERFUL ALICKA (as he calls himself) simply doesn't understand the problem.
Just about everyone here has run Spybot, told it to get rid of the DSO Exploit, run Spybot again and found the DSO still there. It's not. It's a bug in Spybot that will be fixed with the next update. They already have the fix for it, but it didn't make it into the last update.
After you run Spybot the second time, it will tell you the DSO is still there. Click each check box and find all the 1004 locations that it points to. It may be only one, or it may be several.
Open your registry (Start/Run/and type in regedit). Don't bother with the "jump to" option of Spybot, it may only confuse you.
Follow the steps I've outlined in my previous post for each instance of 1004 that Spybot says is still infected.
As backup for my claim, I'm going to point you to the Official Spybot Forum. I don't know if I'm allowed to give you the link, so I'll post it in a separate reply (below) just in case it gets deleted. In the meantime, you can find the official forum by opening spybot, clicking on the "Info & License" box and then on "Credits". At the bottom of the page it gives you the forum address.
When you get there, click "forums" at the top of the page and then "enter forum" at the bottom of the next page. Browse down to the "Official Spybot Search & Destroy Forums" sections and choose "Spybot Search & Destroy 1.X" At the top of the page you'll see the pinned topic "DSO Exploit reappears after fixing".
OR... if you hold "The GREAT N POWERFUL ALICKA" in as high esteem as he holds himself, you can try to follow his misguided directions (which may or may not work, I haven't tried them).
Here's the Official Spybot forum. The first link is to the main page, the 2nd to the topic.
http://forums.net-integration.net/
http://forums.net-integration.net/in...howtopic=17159
Guys... can we all just get along?. Nah, just kidding. But seriously, most of us, mere mortals, only care about fixing our systems not who's a bigger expert.
GTX, why did you suggest not just deleting the 1004 key out of the registry but also to replace it with a new key? I followed alicka's advice from before to delete 1004 key and it worked. What will happen if I leave my registries without the 1004 key (PC seems to work fine)?
Thanks for all the info.
I have used the advanced mode to hide Dso but new want to reverse this.
How do you ge t to the O folder which is the first step?
Thanks
Peter
1004 is a security setting. It sets the policy (rules) when a url wants to take control of security settings in downloading unsigned activeX. The value of 3 (0x03 actually) sets URLaction_Download_Unsigned ActiveX to DISALLOW.
Here's one link explaining it. I'm sure you can find more if you're interested in these things.
http://msdn.microsoft.com/library/de...gistryKeys.asp
How important this setting is to your computer is up to you to decide. Before you got the DSO Exploit and ran Spybot, 1004 existed and most likely had the setting of 3. It takes less than 10 seconds to put it back to the way it was.
Clueless, it makes no difference to me what you do to fix the problem. I'm glad you fixed it and you're happy. The real question, though, should probably be why someone would advise you to delete the key altogether, not why I suggest putting things back the way they were.
I'm not "great and powerful" or a "full expert", I'm just a guy.
FINALLY, someone who writes comprehensibly, actually explains what things actually do, and provides links.Quote:
1004 is a security setting. It sets the policy (rules) when a url wants to take control of security settings in downloading unsigned activeX. The value of 3 (0x03 actually) sets URLaction_Download_Unsigned ActiveX to DISALLOW.
Here's one link explaining it. I'm sure you can find more if you're interested in these things.
http://msdn.microsoft.com/library/de...gistryKeys.asp
How important this setting is to your computer is up to you to decide. Before you got the DSO Exploit and ran Spybot, 1004 existed and most likely had the setting of 3. It takes less than 10 seconds to put it back to the way it was.
Clueless, it makes no difference to me what you do to fix the problem. I'm glad you fixed it and you're happy. The real question, though, should probably be why someone would advise you to delete the key altogether, not why I suggest putting things back the way they were.
I'm not "great and powerful" or a "full expert", I'm just a guy.
Sorry, but I couldn't resist jumping in here.
I have been watching the DSO Exploit-related questions/pleas and "answers" coming in and out of here for quite a while.
I had decided to let them be...
I keep watching "THE GREAT N POWERFUL ALICKA" flaming other members in this thread whenever they offer a different idea or opinion. In this case GTX_SlotCar is bringing information from the Spybot developers themselves, which I suppose has got to be worth something.
I would suggest everyone interested read the ENTIRE Spybot forum thread. It will tell you everything you need to know to fix the problem on your system, and understand why it occurs and why it needs to be stoppered...
To "THE GREAT N POWERFUL ALICKA":
You are not always right. You may think you are, but the world just doesn't work that way. You need to Stop flaming everyone who disagrees with you. What makes you think you are the final authority on everything?
Oh, and GTX... the 1004 DWORD... If it _is_ deleted, what will IE do with itself? Logically, one would think the key would be recreated, with the default value of 0x03, the way it should be, but who knows..
Oh, and by the way, _please_ stop using Internet Explorer. It is bad.
:)
~psi42
I followed Sudbury's directions and they seem to have worked. Thanks :D
GTX, it seems like you're defending your position. The problem is, no one is attacking it. Read my question again.
I couldn't care less if I delete a key or change it back to the original setting, I just don't know enough to make the right call (that's why I'm asking). If you would have come along first, then I would've changed it back to the original setting instead of deleting it. I thought 1004 key was created by the virus not changed by it, which meant I needed to delete it. Enough on semantics.
So...
1st, GTX and psi42, which one is it? Do I check to see if IE recreated the key or do I go and recreate it myself? Also, by recreating the key to it's default setting am I setting it to allow the same virus to enter my PC and start this cycle all over? If the answer is no, then please explain what has changed.
2nd, I have a few viruses that are quarantined by Symantec AntiVirus but that are not showing up during the S&D search. Viruses like: Trojan.BiteVerify, MHTMLRedir.Exploit, Download.Ject. Any insight?
To Clueless... Hello how are you? Listen about your antivirus scanner. I would recommend downloading one of the best anti-virus scanners out there it is called F-Secure Anti-virus by DataFellowes. I have been using it at work, it is on the network at work, and I have been using it at home. It picks up viruses that norton and mcafee won't and it also picks up malicious (bad) code that aren't identifiable. About that download.ject virus. Microsoft, on their website about a week and a half ago, had a patch for the download.ject virus. Go here to download the tool from Microsoft http://www.microsoft.com/downloads/d...displaylang=en Make sure you read the page and follow the directions As for the anti-virus, go here http://esd.element5.com/demoreg.html...0&languageid=1 and download the trial version, but remove your other anti-virus scanner first. Symantec has been known to be a "corporate" business out there to make money, there are other companies who do "real" work and "care" about their customers. Learn how to use the program, it is not difficult. And make sure you update those virus defintions. Any problems, you jot it in the forum and I will try to assist ANYONE...
| All times are GMT -7. The time now is 11:58 AM. |