Troublesome pests keeps reviving themselves

Every day I run Spybot S&D and everyday I find one and the same DSO exploit.
Even though DSOs have been "immunized" against, it keeps reviving and
coming back. Is there some way to stop it for good?

It's in the registry as HOTKEY_LOCAL_MACHINE.\.\.\...\zones\0\1004!=W=3

Pest Patrol also comes up with a single item every time, called
"twain-tech". Deleting registry entry doesn't kill it, keeps coming
back. It's key is HOTKEY_LOCAL_MACHINE\..\..\activex
compatibily\{000020dd-c-4113-af77-dd56626c6c42}|compatibility flags

Anyway to stop this too?

I'm not really knowledgeable, but I get called to fix browser problems
frequently, and I hope this is IT.


ana

Anna,

You might try running Adaware by Lavasoft. You can download it here:
http://www.lavasoftusa.com/support/download/

It's a free program, similar to Spybot. My experience has been that
Spybot isn't enough. Adaware fixed problems that Spybot failed to
do.

HTH,
B W


"anneAnna" wrote:

> Every day I run Spybot S&D and everyday I find one and the same DSO exploit.
> Even though DSOs have been "immunized" against, it keeps reviving and
> coming back. Is there some way to stop it for good?
>
> It's in the registry as HOTKEY_LOCAL_MACHINE.\.\.\...\zones\0\1004!=W=3
>
> Pest Patrol also comes up with a single item every time, called
> "twain-tech". Deleting registry entry doesn't kill it, keeps coming
> back. It's key is HOTKEY_LOCAL_MACHINE\..\..\activex
> compatibily\{000020dd-c-4113-af77-dd56626c6c42}|compatibility flags
>
> Anyway to stop this too?
>
> I'm not really knowledgeable, but I get called to fix browser problems
> frequently, and I hope this is IT.
>
>
> ana
>

Thank you, BW.
AAMF, Adaware can't locate it either. there must be a .dll or something
that all the anti-spyware on the machine seem to miss.
Ana

B W wrote:

> Anna,
>
> You might try running Adaware by Lavasoft. You can download it here:
> http://www.lavasoftusa.com/support/download/
>
> It's a free program, similar to Spybot. My experience has been that
> Spybot isn't enough. Adaware fixed problems that Spybot failed to
> do.
>
> HTH,
> B W
>
>
> "anneAnna" wrote:
>
>
>>Every day I run Spybot S&D and everyday I find one and the same DSO exploit.
>>Even though DSOs have been "immunized" against, it keeps reviving and
>>coming back. Is there some way to stop it for good?
>>
>>It's in the registry as HOTKEY_LOCAL_MACHINE.\.\.\...\zones\0\1004!=W=3
>>
>>Pest Patrol also comes up with a single item every time, called
>>"twain-tech". Deleting registry entry doesn't kill it, keeps coming
>>back. It's key is HOTKEY_LOCAL_MACHINE\..\..\activex
>>compatibily\{000020dd-c-4113-af77-dd56626c6c42}|compatibility flags
>>
>>Anyway to stop this too?
>>
>>I'm not really knowledgeable, but I get called to fix browser problems
>>frequently, and I hope this is IT.
>>
>>
>>ana
>>

Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/defaul...kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/ind...ail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


"anneAnna" <ana@microdot.faked.com> wrote in message
news:iyCUc.130442$M95.122679@pd7tw1no...
> Every day I run Spybot S&D and everyday I find one and the same DSO
> exploit.
> Even though DSOs have been "immunized" against, it keeps reviving
> and coming back. Is there some way to stop it for good?
>
> It's in the registry as
> HOTKEY_LOCAL_MACHINE.\.\.\...\zones\0\1004!=W=3
>
> Pest Patrol also comes up with a single item every time, called
> "twain-tech". Deleting registry entry doesn't kill it, keeps coming
> back. It's key is HOTKEY_LOCAL_MACHINE\..\..\activex
> compatibily\{000020dd-c-4113-af77-dd56626c6c42}|compatibility flags
>
> Anyway to stop this too?
>
> I'm not really knowledgeable, but I get called to fix browser
> problems frequently, and I hope this is IT.
>
>
> ana

Bruce Chambers wrote:
> Greetings --
>
> The DSO exploit was patched long ago by IE Cumulative Update
> MS02-015, in March of 2002. If you've installed this specific patch,
> or any subsequent IE Cumulative Updates, or Service Pack 1, you're
> safe. It would appear that the latest version of Spybot S&D is only
> checking for Internet zone settings in the registry that could be used
> as work-around protection, and not for the presence of any corrective
> patches. Hopefully, the makers of Spybot will soon fix this bug.
>
> MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
> http://support.microsoft.com/defaul...kb;EN-US;319182
>
> If you like, you can test your system for this particular
> vulnerability at this web site:
> http://www.greymagic.com/security/advisories/gm001-ie/
>
> The makers of SpyBot S&D have acknowledged the problem and will
> fix it on their next update:
> http://www.safer-networking.org/ind...ail=currentfaqs
>
> In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
> Ignore Products > Security > DSO Exploit, to turn off the false alarm.
>
>
> Bruce Chambers


Thank you. It was sort of driving me nuts.

ana

Bruce Chambers wrote:

> Greetings --
>
> The DSO exploit was patched long ago by IE Cumulative Update
> MS02-015, in March of 2002. If you've installed this specific patch,
> or any subsequent IE Cumulative Updates, or Service Pack 1, you're
> safe. It would appear that the latest version of Spybot S&D is only
> checking for Internet zone settings in the registry that could be used
> as work-around protection, and not for the presence of any corrective
> patches. Hopefully, the makers of Spybot will soon fix this bug.
>
> MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
> http://support.microsoft.com/defaul...kb;EN-US;319182
>
> If you like, you can test your system for this particular
> vulnerability at this web site:
> http://www.greymagic.com/security/advisories/gm001-ie/
>
> The makers of SpyBot S&D have acknowledged the problem and will
> fix it on their next update:
> http://www.safer-networking.org/ind...ail=currentfaqs
>
> In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
> Ignore Products > Security > DSO Exploit, to turn off the false alarm.
>
>
> Bruce Chambers

After reading the article MS02-015, it occurs to me that DSO
identifications have happened after I clean-installed windows xp.
Most of the cumulative patches turned into B8xxxxxx hotfixes. Only 2 of
the Q3xxxx patches remain, Q319182 not being one of them.
Since the update site has nothing critcal to add, I am at a loss.