Advertisement

09.02.2004 at 08:11AM PDT, ID: 21116883
[x]
Attachment Details

Alexa`related exploit that Spybot cannot remove - Can you???????

Asked by RonHum in Networking Security Vulnerabilities

Tags: alexa, related

Spybot cannot delete this alexa related exploit. I have run S&D numerous times and selected fix. Spybot says it is fixed but when I rerun S&D the exploit is still there. When I look for the related strings in regedit they are there but they are incomplete (e.g. HK_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 as it appears in Spybot. When I find the string in REGEDIT it is identical except for the end of 1004!=W=3). When I ran Hijackthis the exploit strings do not show up.

My question: Is it safe to delete the strings useing regedit?
   There are five strings in HK_USERS one each in S-1-5-18, s-1-5-21-436374069-842925246-1060284298-1004, s-1-5-19, s-1-5-20, and default

I have included my hijack this log. It follows:

Logfile of HijackThis v1.98.2
Scan saved at 4:56:17 PM, on 8/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.adelphiapowerpage.com/"); (C:\Documents and Settings\Ron Humann\Application Data\Mozilla\Profiles\default\hcfcjfky.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ron Humann\Application Data\Mozilla\Profiles\default\hcfcjfky.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_6.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\PROGRAM FILES\ZERO KNOWLEDGE\FREEDOM\PKR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\PROGRAM FILES\ZERO KNOWLEDGE\FREEDOM\FREEBHOR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O16 - DPF: Win32 Classes -
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21.1/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Start Free Trial
 
Keywords: Alexa`related exploit that Spybot can…
Title
1 epmap exploit port 125 open
2 Assistance with contents of Hijackthis …
3 Analyze this HijackThis log
4 HijackThis Log - hyattedeals.exe?
5 HIJACKTHIS
6 HijackThis Log
 
Loading Advertisement...
 
[+][-]09.02.2004 at 04:22PM PDT, ID: 11969196

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Networking Security Vulnerabilities
Tags: alexa, related
Sign Up Now!
Solution Provided By: KerryG
Participating Experts: 1
Solution Grade: B
 
 
 
Loading Advertisement...
20080716-EE-VQP-32