PDA

View Full Version : Immunization anomalies 2008-01-30



md usa spybot fan
2008-02-04, 20:20
Immunization anomalies 2008-01-30

HOSTS file (or Windows – Global (Hosts)). There are 22 HOSTS file duplicates:
antispywaresuite.com
antiworm2008.com
goldenantispy.com
here4search.biz
k-litegold.com
klitepro.com
k-litetk.com
menacerescue.com
motioncodecs.com
owntibia.com
pc-on-internet.com
smart-security.biz
trojansfilter.com
www-spybot.net
www.antispywaresuite.com
www.antiworm2008.com
www.goldenantispy.com
www.menacerescue.com
www.owntibia.com
www.pc-on-internet.com
www.trojansfilter.com
www.www-spybot.net


There are 22 attempts to immunize the following entries twice in \SOFTWARE (Domains), .DEFAULT (Domains), username (Domains), etc.:
Antispywaresuite.com
Antispywaresuite.com\www
Antiworm2008.com
Antiworm2008.com\www
Goldenantispy.com
Goldenantispy.com\www
here4search.biz
k-litegold.com
klitepro.com
k-litetk.com
Menacerescue.com
Menacerescue.com\www
motioncodecs.com
owntibia.com
owntibia.com\www
Pc-on-internet.com
Pc-on-internet.com\www
smart-security.biz
Trojansfilter.com
Trojansfilter.com\www
www-Spybot.net
www-Spybot.net\www


There are two (2) entries in the \SOFTWARE (Plugins) immunization that do not appear to have a properly formatted CLSIDs (Class Identifiers) or GUIDs (Globally Unique Identifiers). A GUID is normally a 16-byte (128-bit) number normally written as {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} or {8 hex digits - 4 hex digits - 4 hex digits - 4 hex digits - 12 hex digits}.

The two (2) entries in questions are:
{D8F256B-6AB8-4398-8F86-1E56207DB77A}
{FC327B3F-377B-4CB7-8B61-27CD69816BC}
The first has a format of 7-4-4-4-12 hex digits (or nibbles) the second 8-4-4-4-11 hex digits (or nibbles).

There are two (2) corresponding entries in the immunization that appear as if they may the properly formatted CLSIDs for the two (2) improperly formatted CLSIDs above:
{6D8F256B-6AB8-4398-8F86-1E56207DB77A} (a 6 added as the first nibble)
{FC327B3F-377B-4CB7-8B61-27CD69816BC3} (a 3 added as the last nibble)