i seem to have an uninvited guest - dso exploit x5. I have used spybot s@d but it just seems to regenerate. I have the general location of where it is in the registry HKCU-software-microsoft-windows-current version-internet settings-zones.... and from there im not sure. My computer has five users with their own desktops and there is an instance of dso exploit showing up for each user. The problem is that the zones files have heaps of reg keys so how do I know which one is dso? What should I look for reg-dword? reg-sz? I also ran hijack this to see if their were any unusual or new programs running and I found some that are a little weird. they are C:Windows\system32\nvsvc32.exe C:Windows\system32\RUNDLL32.exe C:Windows\system32\wuauclt.exe and Autorun entries from Registry(HKLM\Software\microsoft\Current version\Run) NvCplDaemon=RUNDLL#@>EXE C:\WINDOWS|System32\NvCpl.dll,Nvstartup nwiz=nwiz.exe/install Autorun entries from reg (HKCU\S\M\W\CV\run) NvMediaCenter=RUNDLL32.EXE These are the ones that Im not sure about so if anyone can tell me what they are or if they are dodgy or related to the dso exploit then that would be great. Thanks in advanced

Trendmicro and Symantec virus encyclopedia do not have any information on what a dso exploit x5 is specifically (perhaps a worm?), but if you search Symantec.com all, many types of worm, trojans, backdoor trojans, and adware use the referece files you mentioned. There is a list of worms using nvsvc32.exe. There is a list of backdoor trojan, trojans, adware, and worms that use rundll32.exe. There is a list of one trojan and one worm that use wuauclt.exe There is a list of three worms that use nwiz.exe. After your removed all malware file references, you should clean out your files and do the usual maintenance routine, and empty Recycle Bin. Run scandisk and defrag your hard drive. Create a full backup and copies of backups. Run and install Windows security updates from Microsoft regularly. See causes, prevention, and recovery of security threats from Microsoft.com, http://support.microsoft.com/default.aspx?kbid=129972&product=winxp Research known issues and configure the firewall on Windows XP for additional protection.

Rogue,# 1 download all available microsoft updates,patches,etc, if you haven`t done so. #2 download DSOSTOP from this link provided.It scans,and protects you from the data source exploit.The Dsoexploit, "exploits" the vunerability in microsoft internet explorer,and by downloading the patches it will protect you from the dso exploit.If the patches don`t protect you,or if you still encounter the dsoexploit, you have the tool to use by clicking the link and downloading the tool. DSOEXPLOIT These are files related to the dso exploit. <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/winnt/system32/calc.exe"></object> ]]> </exploit> </security> </xml> Here is the registry information: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] Change the value of "1004" (DWORD) to 3. None of the files you inquired about are related to the exploit. COVER ME! IT`S A WAR OUTTHERE.

so WHERE DO you go to get this DSoSTOP scan? Where is the link? MLR

http://www.nsclean.com/dsostop.html