Advice Regarding Spybot

[JD]

I've run Spybot for the first time. (Ad-Aware was run first and found
nothing.) Spybot finds five (red) entries under one heading: DSO. Each is
connected to Microsoft, but is identified as a "security hole." I'm
uncertain as to whether to leave them alone or what to do. I must wonder why
such "security holes" remain after installing sp2 and all of the latest
security updates. Are these items that should be marked "Ignore"?

 

[Wesley Vogel]

Make sure you have all the Windows Critical Updates.

Configure SpyBot S & D Not to Flag DSO Exploit
http://forum.aumha.org/viewtopic.php?t=8435

Courtesy of Randy Knobloch aka siljaline
MS - MVP Windows (IE/OE) 2003/04 AH-VSOP

 

[JD]

Thank you very much. I do have all the Windows Critical Updates and I will
follow your advice re the DSO Exploit. My "instincts" told me to check on
this before permitting those registry changes.

 

[Wesley Vogel]

Good instincts.

Keep Spybot - Search & Destroy updated.

Keep having fun!

You may also want to look at these...

Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

1a) CWShredder ver. 2.0 direct download:
http://www.aumha.org/downloads/cwshredder.zip

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

4) HijackThis (some other stuff that may be of interest also)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

=====

HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm

How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

How To Install Spybot Search and Destroy & a brief tutorial
http://tomcoyote.com/SPYBOT/index1.php

HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877

 

[Peter]

The DSO exploi issue will be fixed soon...just tell SB to ignore those items
in future http://www.safer-networking.org/en/faq/36.html

 

[Bruce Chambers]

I've run Spybot for the first time. (Ad-Aware was run first and found
nothing.) Spybot finds five (red) entries under one heading: DSO. Each is
connected to Microsoft, but is identified as a "security hole." I'm
uncertain as to whether to leave them alone or what to do. I must wonder why
such "security holes" remain after installing sp2 and all of the latest
security updates. Are these items that should be marked "Ignore"?

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of Spybot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of Spybot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the Spybot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH