DSO Exploit glitch in Spybot?

M

magicianstalk

Hey all,

This is my first post on here -- so I hope that this is in the correct
section. I have had my battles with virii and spyware in the past, as
well as homepage hijackings, etc..... And since I run AVG, Adaware,
and now spybot, regularly, there seems to be nothing that i cannot get
rid of for good. I have recently run cwshredder, and removed some
things as well....

Anyway, my question is -- even after everything seems clean, when i
run spybot i get the following (below) results (the top part is self
explanitory to me, it's the DSO EXPLOIT reg-entry part at the bottom
that I do not totally understand):


-----------

DoubleClick: Tracking cookie (Internet Explorer: Matt) (Cookie,
nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Matt) (Cookie,
nothing done)


DSO Exploit: Data source object exploit (Registry change, nothing
done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing
done)
HKEY_USERS\S-1-5-21-1307759246-3641812577-2111303108-1008\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing
done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing
done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing
done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-07-09 Includes\Cookies.sbi
2004-07-09 Includes\Dialer.sbi
2004-07-09 Includes\Hijackers.sbi
2004-07-09 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-07-09 Includes\Malware.sbi
2004-07-09 Includes\Revision.sbi
2004-07-02 Includes\Security.sbi
2004-07-09 Includes\Spybots.sbi
2004-07-09 Includes\Tracks.uti
2004-07-09 Includes\Trojans.sbi

-----------------------


Well, there it is.... Now since the DSO entries each say "Registry
change, nothing done" i don't know if this is something that windows
automatically changes all the time, and this is normal for this to
show in the scan results - or if it's a harmless preference that I
change that makes those appear or what..... If you could explain this
to me -- i would greatly appreciate it!!!


Thanks in advance,

Matt
([email protected])

P.S. Has anyone noticed that cwshredder is not able to update via the
program lately?
 
A

Abel

In another post someone said that this is a glitch in the
Spybot program and the creators are working on a patch
for it. I get the same results as you when I run Spybot.
 
B

Bruce Chambers

Greetings --

It's probably a false alarm.

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
D

Donald McDaniel

In another post someone said that this is a glitch in the
Spybot program and the creators are working on a patch
for it. I get the same results as you when I run Spybot.

I'm sure everyone gets the same result of the "DSO Exploit" when they
run Spybot on Windows XP. Maybe the creators of Spybot will fix the
bug sometime soon.

Donald L McDaniel
Post all replies to the Newsgroup, so that all may be informed.
Remove the obvious to reply by email.
===============================================================
 
B

Bruce Chambers

werD said:
To remove DSO exploit permanently.


Seems like a lot of effort, just to deal with a well-known false alarm.
Wouldn't it be much simpler just to configure Spybot S&D to ignore the
matter? In SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit.

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of SpyBot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of SpyBot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the SpyBot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3.1TX, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.



--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Wesley-DSO Exploit 27
DSO Exploit glitch in Spybot? 8
DSO Exploit 5
Spybot 3
Cannot Remove DSO EXPLOIT found by Spybot 5
SpyBot detected DSO Exploit 2
DSO Exploit Files 7
Spybot DSO Exploit 4

Top