Wesley-DSO Exploit

[Bob]

Wesley,

Hope you can help. Got the following error message using sypbot S & D. Went
to their site to get an explanation and they have an internal error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change, nothing done)



HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing done)


HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi
ndows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



They also have a solution site to go to. Went there and the explanation says
that the "0" zone should read 3. Changed the 1004s to 0x00000000 (3). Ran
the test again and the same exploit came up. Ran the "Fix" and all the 1004s
above were changed to "blank", no value.



Ran the test again and the same exploit explanation came up. Did not run the
"fix", checked the registry, and the 1004s were still blank.



My concern is that the message at
http://security.greymagic.com/adv/gm001-ie/ indicates that I have a
vulnability with IE.



Can you enlighten me on what to do?

 

[Wesley Vogel]

Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected problems.

[[This is the main scan page of Spybot-S&D. Here you scan your system
("Check for problems" button) and fix any problems that were found (Fix
selected problems" button). Hint: if you haven't done so yet, we recommend
you read the tutorial (see Help menu) to learn how to deal with the scan
results.]]

Reboot and run Spybot-S&D again to see if the problems show up again.

 

[*Vanguard*]

Bob said in news:[email protected]:

Wesley,

Hope you can help. Got the following error message using sypbot S &
D. Went to their site to get an explanation and they have an internal
error.

<snip>

See Google Groups of post at http://snipurl.com/dso_exploit.

 

[Bob]

Wesley,

Nope, No change. The DSO Exploit still comes up. When I go to the registry
to check it out I see an "ab" flag, the number 1004, type Reg_Sz, and then
nothing (blank area). There is no letter or sequence of #3, =W=3 etc. or
Reg_DWord.

If I change it to 21 or 47 would that stop the the DSO exploit from showing
up? or should I just ignore it?

Bob

Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected problems.

[[This is the main scan page of Spybot-S&D. Here you scan your system
("Check for problems" button) and fix any problems that were found (Fix
selected problems" button). Hint: if you haven't done so yet, we recommend
you read the tutorial (see Help menu) to learn how to deal with the scan
results.]]

Reboot and run Spybot-S&D again to see if the problems show up again.

--
Hope this helps. Let us know.
Wes

In

Wesley,

Hope you can help. Got the following error message using sypbot S &
D. Went to their site to get an explanation and they have an internal
error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change, nothing
done)




HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)

HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi

ndows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)


HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)


HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)


HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



They also have a solution site to go to. Went there and the
explanation says that the "0" zone should read 3. Changed the 1004s
to 0x00000000 (3). Ran the test again and the same exploit came up.
Ran the "Fix" and all the 1004s above were changed to "blank", no
value.



Ran the test again and the same exploit explanation came up. Did not
run the "fix", checked the registry, and the 1004s were still blank.



My concern is that the message at
http://security.greymagic.com/adv/gm001-ie/ indicates that I have a
vulnability with IE.



Can you enlighten me on what to do?

 

[Wesley Vogel]

Bob,

Check out the link that Vanguard provided

http://snipurl.com/dso_exploit.

--
Hope this helps. Let us know.
Wes

In

Wesley,

Nope, No change. The DSO Exploit still comes up. When I go to the
registry to check it out I see an "ab" flag, the number 1004, type
Reg_Sz, and then nothing (blank area). There is no letter or sequence
of #3, =W=3 etc. or Reg_DWord.

If I change it to 21 or 47 would that stop the the DSO exploit from
showing up? or should I just ignore it?

Bob

Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected
problems.

[[This is the main scan page of Spybot-S&D. Here you scan your
system ("Check for problems" button) and fix any problems that were
found (Fix selected problems" button). Hint: if you haven't done so
yet, we recommend you read the tutorial (see Help menu) to learn how
to deal with the scan results.]]

Reboot and run Spybot-S&D again to see if the problems show up again.

--
Hope this helps. Let us know.
Wes

In

Wesley,

Hope you can help. Got the following error message using sypbot S &
D. Went to their site to get an explanation and they have an
internal error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change, nothing
done)




HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)

HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi

 

[Bob]

Wesley,



Here are the excerpts of the links in question.



“Internet Explorer is the Internet browser from Microsoft, bundled with all
Microsoft Windows Operating systems. DSO exploit is an exploit using
Internet Explorer

There's a security hole in IE allowing websites to execute code without
asking you first”





“There is no configuration-tweaking workaround for this bug, it will work as
long as the browser parses HTML. The only possible solution must come in the
form of a patch from Microsoft. Update - 3 Mar 2002

Since the injected <object> runs in the "My Computer" Zone changing the
Internet Zone's settings didn't affect it, but changing the correct zone's
settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0]
Change the value of "1004" (DWORD) to 3”

The article at Microsoft talks about changing the “flags” value, to show My
Computer Security zone to be displayed. Doesn’t appear to deal with the 1004
change. My registry currently has “Flags”, Reg_Dword 0x00000021 (33) which
I assume has the “my computer zone” hidden. I’m confused as to what effect
that would have on the problem as the zone’s don’t appear to be changed,
just whether the zone is showing or not? The DSO Exploit that registers with
Spybot does not make any reference of the "Flags" key.



So I guess I’m supposed to just ignore it? However if the system has a
security hole I would like to plug it. Any suggestion would really be
appreciated.



Bob

Bob,

Check out the link that Vanguard provided

http://snipurl.com/dso_exploit.

--
Hope this helps. Let us know.
Wes

In

Wesley,

Nope, No change. The DSO Exploit still comes up. When I go to the
registry to check it out I see an "ab" flag, the number 1004, type
Reg_Sz, and then nothing (blank area). There is no letter or sequence
of #3, =W=3 etc. or Reg_DWord.

If I change it to 21 or 47 would that stop the the DSO exploit from
showing up? or should I just ignore it?

Bob

Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected
problems.

[[This is the main scan page of Spybot-S&D. Here you scan your
system ("Check for problems" button) and fix any problems that were
found (Fix selected problems" button). Hint: if you haven't done so
yet, we recommend you read the tutorial (see Help menu) to learn how
to deal with the scan results.]]

Reboot and run Spybot-S&D again to see if the problems show up again.

--
Hope this helps. Let us know.
Wes

In Bob <[email protected]> hunted and pecked:
Wesley,

Hope you can help. Got the following error message using sypbot S &
D. Went to their site to get an explanation and they have an
internal error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change, nothing
done)




HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)

HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi

 

[Wesley Vogel]

Bob,

If IE is up to date with Critical Updates, I wouldn't worry.

I know siljaline and trust what he has to say. ;-)

From siljaline:
@ http://snipurl.com/dso_exploit

[[Old flag for older builds of IE that could safely be ignored.]]

http://www.safer-networking.org/index.php?page=threats&detail=13

==================
DSO exploit >>>>>>> 2003-05-03 17:32:16 Look at this date!!! <<<<<<<<
Company Microsoft
Aliases
URLs Homepage (http://www.microsoft.com/)
Internet Explorer (http://www.microsoft.com/windows/ie/)
Privacy Policy (http://www.microsoft.com/info/privacy.htm)
GreyMagic report (http://security.greymagic.com/adv/gm001-ie/)

Functionality Internet Explorer is the Internet browser from Microsoft,
bundled with all Microsoft Windows Operating systems. DSO exploit is an
exploit using Internet Explorer
Description There's a security hole in IE allowing websites to execute code
without asking you first.
===================

--
Hope this helps. Let us know.
Wes

In

Wesley,



Here are the excerpts of the links in question.



“Internet Explorer is the Internet browser from Microsoft, bundled
with all Microsoft Windows Operating systems. DSO exploit is an
exploit using Internet Explorer

There's a security hole in IE allowing websites to execute code
without asking you first”





“There is no configuration-tweaking workaround for this bug, it will
work as long as the browser parses HTML. The only possible solution
must come in the form of a patch from Microsoft. Update - 3 Mar 2002

Since the injected <object> runs in the "My Computer" Zone changing
the Internet Zone's settings didn't affect it, but changing the
correct zone's settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0]
Change the value of "1004" (DWORD) to 3”

The article at Microsoft talks about changing the “flags” value, to
show My Computer Security zone to be displayed. Doesn’t appear to
deal with the 1004 change. My registry currently has “Flags”,
Reg_Dword 0x00000021 (33) which I assume has the “my computer zone”
hidden. I’m confused as to what effect that would have on the problem
as the zone’s don’t appear to be changed, just whether the zone is
showing or not? The DSO Exploit that registers with Spybot does not
make any reference of the "Flags" key.



So I guess I’m supposed to just ignore it? However if the system has a
security hole I would like to plug it. Any suggestion would really be
appreciated.



Bob

Bob,

Check out the link that Vanguard provided

http://snipurl.com/dso_exploit.

--
Hope this helps. Let us know.
Wes

In

Wesley,

Nope, No change. The DSO Exploit still comes up. When I go to the
registry to check it out I see an "ab" flag, the number 1004, type
Reg_Sz, and then nothing (blank area). There is no letter or
sequence of #3, =W=3 etc. or Reg_DWord.

If I change it to 21 or 47 would that stop the the DSO exploit from
showing up? or should I just ignore it?

Bob


Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected
problems.

[[This is the main scan page of Spybot-S&D. Here you scan your
system ("Check for problems" button) and fix any problems that were
found (Fix selected problems" button). Hint: if you haven't done
so yet, we recommend you read the tutorial (see Help menu) to
learn how to deal with the scan results.]]

Reboot and run Spybot-S&D again to see if the problems show up
again.

--
Hope this helps. Let us know.
Wes

In Bob <[email protected]> hunted and pecked:
Wesley,

Hope you can help. Got the following error message using sypbot S
& D. Went to their site to get an explanation and they have an
internal error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change, nothing
done)




HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)

HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi

 

[Bob]

Wesley

I'll follow your advice...Thanks ever so much for your help.

Bob

Bob,

If IE is up to date with Critical Updates, I wouldn't worry.

I know siljaline and trust what he has to say. ;-)

From siljaline:
@ http://snipurl.com/dso_exploit

[[Old flag for older builds of IE that could safely be ignored.]]

http://www.safer-networking.org/index.php?page=threats&detail=13

==================
DSO exploit >>>>>>> 2003-05-03 17:32:16 Look at this date!!! <<<<<<<<
Company Microsoft
Aliases
URLs Homepage (http://www.microsoft.com/)
Internet Explorer (http://www.microsoft.com/windows/ie/)
Privacy Policy (http://www.microsoft.com/info/privacy.htm)
GreyMagic report (http://security.greymagic.com/adv/gm001-ie/)

Functionality Internet Explorer is the Internet browser from Microsoft,
bundled with all Microsoft Windows Operating systems. DSO exploit is an
exploit using Internet Explorer
Description There's a security hole in IE allowing websites to execute code
without asking you first.
===================

--
Hope this helps. Let us know.
Wes

In

Wesley,



Here are the excerpts of the links in question.



“Internet Explorer is the Internet browser from Microsoft, bundled
with all Microsoft Windows Operating systems. DSO exploit is an
exploit using Internet Explorer

There's a security hole in IE allowing websites to execute code
without asking you first”





“There is no configuration-tweaking workaround for this bug, it will
work as long as the browser parses HTML. The only possible solution
must come in the form of a patch from Microsoft. Update - 3 Mar 2002

Since the injected <object> runs in the "My Computer" Zone changing
the Internet Zone's settings didn't affect it, but changing the
correct zone's settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0]
Change the value of "1004" (DWORD) to 3”

The article at Microsoft talks about changing the “flags” value, to
show My Computer Security zone to be displayed. Doesn’t appear to
deal with the 1004 change. My registry currently has “Flags”,
Reg_Dword 0x00000021 (33) which I assume has the “my computer zone”
hidden. I’m confused as to what effect that would have on the problem
as the zone’s don’t appear to be changed, just whether the zone is
showing or not? The DSO Exploit that registers with Spybot does not
make any reference of the "Flags" key.



So I guess I’m supposed to just ignore it? However if the system has a
security hole I would like to plug it. Any suggestion would really be
appreciated.



Bob

Bob,

Check out the link that Vanguard provided

http://snipurl.com/dso_exploit.

--
Hope this helps. Let us know.
Wes

In Bob <[email protected]> hunted and pecked:
Wesley,

Nope, No change. The DSO Exploit still comes up. When I go to the
registry to check it out I see an "ab" flag, the number 1004, type
Reg_Sz, and then nothing (blank area). There is no letter or
sequence of #3, =W=3 etc. or Reg_DWord.

If I change it to 21 or 47 would that stop the the DSO exploit from
showing up? or should I just ignore it?

Bob


Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected
problems.

[[This is the main scan page of Spybot-S&D. Here you scan your
system ("Check for problems" button) and fix any problems that were
found (Fix selected problems" button). Hint: if you haven't done
so yet, we recommend you read the tutorial (see Help menu) to
learn how to deal with the scan results.]]

Reboot and run Spybot-S&D again to see if the problems show up
again.

--
Hope this helps. Let us know.
Wes

In Bob <[email protected]> hunted and pecked:
Wesley,

Hope you can help. Got the following error message using sypbot S
& D. Went to their site to get an explanation and they have an
internal error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change, nothing
done)




HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change, nothing
done)

HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi

 

[Wesley Vogel]

Bob,

You betcha! Keep having fun. :0)

--
Hope this helps. Let us know.
Wes

In

Wesley

I'll follow your advice...Thanks ever so much for your help.

Bob

Bob,

If IE is up to date with Critical Updates, I wouldn't worry.

I know siljaline and trust what he has to say. ;-)

From siljaline:
@ http://snipurl.com/dso_exploit

[[Old flag for older builds of IE that could safely be ignored.]]

http://www.safer-networking.org/index.php?page=threats&detail=13

==================
DSO exploit >>>>>>> 2003-05-03 17:32:16 Look at this date!!!
<<<<<<<< Company Microsoft
Aliases
URLs Homepage (http://www.microsoft.com/)
Internet Explorer (http://www.microsoft.com/windows/ie/)
Privacy Policy (http://www.microsoft.com/info/privacy.htm)
GreyMagic report (http://security.greymagic.com/adv/gm001-ie/)

27 Feb 2002 And this date.<<<<<
MS has had how many patches since then??? <<<<

Functionality Internet Explorer is the Internet browser from
Microsoft, bundled with all Microsoft Windows Operating systems. DSO
exploit is an exploit using Internet Explorer
Description There's a security hole in IE allowing websites to
execute code without asking you first.
===================

--
Hope this helps. Let us know.
Wes

In

Wesley,



Here are the excerpts of the links in question.



“Internet Explorer is the Internet browser from Microsoft, bundled
with all Microsoft Windows Operating systems. DSO exploit is an
exploit using Internet Explorer

There's a security hole in IE allowing websites to execute code
without asking you first”





“There is no configuration-tweaking workaround for this bug, it will
work as long as the browser parses HTML. The only possible solution
must come in the form of a patch from Microsoft. Update - 3 Mar 2002

Since the injected <object> runs in the "My Computer" Zone changing
the Internet Zone's settings didn't affect it, but changing the
correct zone's settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0]
Change the value of "1004" (DWORD) to 3”

The article at Microsoft talks about changing the “flags” value, to
show My Computer Security zone to be displayed. Doesn’t appear to
deal with the 1004 change. My registry currently has “Flags”,
Reg_Dword 0x00000021 (33) which I assume has the “my computer
zone” hidden. I’m confused as to what effect that would have on the
problem as the zone’s don’t appear to be changed, just whether the
zone is showing or not? The DSO Exploit that registers with Spybot
does not make any reference of the "Flags" key.



So I guess I’m supposed to just ignore it? However if the system
has a security hole I would like to plug it. Any suggestion would
really be appreciated.



Bob





Bob,

Check out the link that Vanguard provided

http://snipurl.com/dso_exploit.

--
Hope this helps. Let us know.
Wes

In Bob <[email protected]> hunted and pecked:
Wesley,

Nope, No change. The DSO Exploit still comes up. When I go to the
registry to check it out I see an "ab" flag, the number 1004, type
Reg_Sz, and then nothing (blank area). There is no letter or
sequence of #3, =W=3 etc. or Reg_DWord.

If I change it to 21 or 47 would that stop the the DSO exploit
from showing up? or should I just ignore it?

Bob


Bob,

Latest version: Spybot - Search & Destroy 1.3
Latest detection update: 2004-05-29


[[Registry change, nothing done]]

Nothing done may be a clue.

Run Spybot S & D again, check the problems and click FIX selected
problems.

[[This is the main scan page of Spybot-S&D. Here you scan your
system ("Check for problems" button) and fix any problems that
were found (Fix selected problems" button). Hint: if you
haven't done so yet, we recommend you read the tutorial (see
Help menu) to learn how to deal with the scan results.]]

Reboot and run Spybot-S&D again to see if the problems show up
again.

--
Hope this helps. Let us know.
Wes

In Bob <[email protected]> hunted and pecked:
Wesley,

Hope you can help. Got the following error message using sypbot
S & D. Went to their site to get an explanation and they have an
internal error.

Here's what comes up when I run my test:

DSO Exploit: Data source object exploit (Registry change,
nothing done)




HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3



DSO Exploit: Data source object exploit (Registry change,
nothing done)

HKEY_USERS\S-1-5-21-349392075-151059869-3163335956-500\Software\Microsoft\Wi

 

[Guest]

Bob and Wesley, I also have this problem and every time I "fix", it doesn't. Says it does but doesn't. Any more ideas how Bob and I can get this off our systems>

Thanks Donna

 

[Wesley Vogel]

Donna,

First make sure that you have the latest version of Spybot S&D and that it's
updated.

Spybot - Search & Destroy Version: 1.3.0.12
Latest detection update: 2004-07-09

I think that the DSO exploit might have been a bug with Spybot S&D.
If you have all the Windows Critical Updates, you should be OK.

Second go to Windows Updates and make sure you have all the Critical
Updates.
http://windowsupdate.microsoft.com/

 

[JAX]

Hi Donna,

This post is not to the same thread, at least it don't show that way on my
machine, but if the reference is to Spybot S&D showing DSO Exploit, don't
worry about it. It is a known issue and Spybot is working on a fix. You can
do a Google search and find the same information.

JAX

 

[Wesley Vogel]

Forgot this >>

Spybot S & D
http://www.safer-networking.org/index.php?lang=en&page=download

 

[Wesley Vogel]

Hi JAX,

It was the first item that I saw. I just happened to see my name, I think.

It may be from an *old* thread.

 

[Guest]

You can manually delete DSO Exploit. Start>find>folders>search for DSO
Exploit>right clic it and delete it. It still comes back after a few days,
but spybot just detects it and doesn't delete it.

 

[Guest]

How do I Remove DSO Exploit?
Use caution when modifying the registry to fix this DSO Exploit!

Using Spybot Search & Destroy look for the DSO Exploit and then:
1) First, the this DSO Exploit Fix.
2) Disconnect your internet connection
3) Reboot your computer the standard way
4) Run Spy bot
5) Enter the registry by clicking on the start menu, then run, type regedit
and choose OK
6) Now locate each one of the registy entries that Spy Bot said it found the
DSO exploit in.
7) Rename the 1004 files to 1003 then exit regedit
8) Shut down your computer
9) Reconnect your internet connection
10)Restart your computer
11)Run Spy Bot again to verify the DSO Exploit has been removed
12) Make sure you're not being tracked in other ways by visiting our spyware
and firewall tests!
13) Use some type of Patch Management software OR
14) Use Proxomitron to mask your browsers signature!

You should be protected against the DSO Exploit if you're patched. If so,
you can eliminate the hassle of removing the exploit again and again in Spy
Bot by doing the following:
1 Open Spybot and select 'advanced' mode
2 Select 'settings' in the left column
3 Select 'ignore product' in the left column
4 Select 'security' tab
5 Place check mark in box beside DSO Exploit
6 Close program
7 Open Spybot and run another scan looking for the DSO Exploit

I should mention that this vulnerability in Internet Explorer has been
corrected. If you've patched IE and are up to date with current Microsoft
Patches, then you're safe, even if a DSO exploit is reported.

The problem comes from a bug in Spy bot Search and Destroy. It seems that
the DSO Exploit may still be reported even though you have removed the
exploit; it should be noted they are working on this issue and will have a
DSO Exploit fix soon.

In the end, you can safely ignore Spy Bot message of the DSO Exploit. Just
keep in mind that you must be fully patched and should be running some type
of patch management software.

 

[Colin Barnhorst]

The bug is now fixed. Update to the latest version.

 

[junior]

And which version would that be? I have 1.3 and update 2005-01-28.
Still shows the DSO Exploit problem.

 

[Tom Pepper Willett]

Get the patch here:
http://www.majorgeeks.com/download4392.html

| And which version would that be? I have 1.3 and update 2005-01-28.
| Still shows the DSO Exploit problem.
|
| On Tue, 1 Feb 2005 20:14:45 -0700, "Colin Barnhorst"
|
| >The bug is now fixed. Update to the latest version.
|

 

[Bruce Chambers]

Get the patch here:
http://www.majorgeeks.com/download4392.html

| And which version would that be? I have 1.3 and update 2005-01-28.
| Still shows the DSO Exploit problem.
|
| On Tue, 1 Feb 2005 20:14:45 -0700, "Colin Barnhorst"
|
| >The bug is now fixed. Update to the latest version.
|

I'm afraid that "patch" doesn't solve the problem, either. I've been
running it for several weeks, and still get the DSO Exploit false alarm
if I turn of the "Ignore" for it. I last tested it this past week-end
with the latest updates.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH