Results 1 to 1 of 1

Thread: Immunization anomalies 2008-01-30

Thread Tools
- Show Printable Version
Display
- Linear Mode
- Switch to Hybrid Mode
- Switch to Threaded Mode

2008-02-04, 19:20 #1
md usa spybot fan

View Profile

View Forum Posts
Spybot Advisor Team [Retired]

Join Date

Oct 2005

Posts

5,859
Immunization anomalies 2008-01-30
Immunization anomalies 2008-01-30

HOSTS file (or Windows – Global (Hosts)). There are 22 HOSTS file duplicates:

antispywaresuite.com
antiworm2008.com
goldenantispy.com
here4search.biz
k-litegold.com
klitepro.com
k-litetk.com
menacerescue.com
motioncodecs.com
owntibia.com
pc-on-internet.com
smart-security.biz
trojansfilter.com
www-spybot.net
www.antispywaresuite.com
www.antiworm2008.com
www.goldenantispy.com
www.menacerescue.com
www.owntibia.com
www.pc-on-internet.com
www.trojansfilter.com
www.www-spybot.net

There are 22 attempts to immunize the following entries twice in \SOFTWARE (Domains), .DEFAULT (Domains), username (Domains), etc.:

Antispywaresuite.com
Antispywaresuite.com\www
Antiworm2008.com
Antiworm2008.com\www
Goldenantispy.com
Goldenantispy.com\www
here4search.biz
k-litegold.com
klitepro.com
k-litetk.com
Menacerescue.com
Menacerescue.com\www
motioncodecs.com
owntibia.com
owntibia.com\www
Pc-on-internet.com
Pc-on-internet.com\www
smart-security.biz
Trojansfilter.com
Trojansfilter.com\www
www-Spybot.net
www-Spybot.net\www

There are two (2) entries in the \SOFTWARE (Plugins) immunization that do not appear to have a properly formatted CLSIDs (Class Identifiers) or GUIDs (Globally Unique Identifiers). A GUID is normally a 16-byte (128-bit) number normally written as {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} or {8 hex digits - 4 hex digits - 4 hex digits - 4 hex digits - 12 hex digits}.

The two (2) entries in questions are:

{D8F256B-6AB8-4398-8F86-1E56207DB77A}
{FC327B3F-377B-4CB7-8B61-27CD69816BC}

The first has a format of 7-4-4-4-12 hex digits (or nibbles) the second 8-4-4-4-11 hex digits (or nibbles).

There are two (2) corresponding entries in the immunization that appear as if they may the properly formatted CLSIDs for the two (2) improperly formatted CLSIDs above:

{6D8F256B-6AB8-4398-8F86-1E56207DB77A} (a 6 added as the first nibble)
{FC327B3F-377B-4CB7-8B61-27CD69816BC3} (a 3 added as the last nibble)
Getting an answer is one thing, learning is another.

Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Reply With Quote

Quick Navigation Spybot Top

Site Areas
Settings
Private Messages
Subscriptions
Who's Online
Search Forums
Forums Home
Forums
General Safer Networking
1. Announcements
2. Tavern
  1. Word Games
Software
1. Spybot
2. RootAlyzer
  1. RootAlyzer download
General Malware

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

All times are GMT +2. The time now is 18:40.

Copyright © 2000-2022 Safer-Networking Limited. All rights reserved.