XP New User - spyware question

B

Bob Moyer

SpyBot 1.3 has been run and highlighted in red a problem listed as:

"DSO Exploit" - 5 entries

Expanding the item, it lists 5 registry entries DSO Exploit: Data source
object exploit (Registry change, nothing done)
HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\SXXXXXXXXXXXXXXX\Software\Microsoft\Windows\CurrentVersion\Intern
et Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-xxxxx\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

The series of X's in the keys above I put in to replace the numbers that are
really there. Should these be deleted or left alone? I certainly would
appreciate your help and advice.

Thanks,
Bob
 
P

Patti MacLeod

Hi Bob,

The DSO Exploits that Spybot reports has been patched if you've installed
the cumulative update MS02-015 (March 28, 2002), or any subsequent updates
including SP1......however, Spybot still reports a "false positive" where
these exploits are concerned. This "false positive" reporting is to be
rectified in an upcoming update. In the meantime, have a look at this "How
to exclude products from the search":
http://www.safer-networking.org/en/howto/exclude.html
Exclude the DSO Exploits from further searches.



Regards,
 
G

Guest

I'm having similar problem. I keep getting this result repeatedly using the
same version of Spybot:

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1960408961-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

GoldenPalace.Casino: Autorun settings (ucogqmabm) (Registry value, nothing
done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ucogqmabm
 
B

Bruce Chambers

Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
G

Guest

Hello,

If DSO exploit has been patched and I have Service Pack 1 installed, is it
safe to assume that I still have another spyware problem since I'm still
getting popup ads past my firewall? My antivirus software and 2 spyware
programs can't find it - whatever it is.
 
G

Guest

Hello Patti,

I am currently running the SP2 version of XP Media Center (Professional with
media enhancements) I still get this same problem every time I run spybot. If
this was patched is SP1 I think the patch may need some glue because it's
back.

Robert
 
G

Guest

Hi,

I keep getting the exact same message BOB....and each day I run spybot it
comes up with the same 5 DSO expoits even though I keep removing them

Does anybody know a program that you can use for FREE to finally rid myself
of this constant annoying mesage.? I found one program but they wanted $34
which I don't have. Any help would be appreciated.

WiLd
 
G

Guest

WHAT is the DSO expolit found in Spybot and if you are running xp sp2 is
there a patch to remove or correct it?
 
B

Bruce Chambers

WiLd said:
Hi,

I keep getting the exact same message BOB....and each day I run
spybot it comes up with the same 5 DSO expoits even though I keep
removing them

Does anybody know a program that you can use for FREE to finally rid
myself of this constant annoying mesage.? I found one program but
they wanted $34 which I don't have. Any help would be appreciated.

WiLd
Click to expand...


The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or IE Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the Spybot Detection rules dated 30
Aug 04, when used with SpyBot S&D 1.3, will fix this problem.
However, I've had inconsistent results with that particular detection
update; sometimes it reads clean, then later it will once again find
the DSO problem, and then it will read clean again, all on the same
machine, with no other changes made.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH
 
G

Guest

I would just like to say a big thanks to everyone who has answered any DSO
Exploit questions.

The answers have cheered me up and put my mind at rest!

Cheers chaps/chapesses!

Chris
 
G

Guest

Yes, I too get some ad pop-ups after Spybot has cleansed my system and my XP
firewall is running.
 
G

Guest

Is Spybot really giving a false alarm? Has Microsoft fixed the DSO Exploit
vunerability? I'm interested in short answers, not long dissertations.
Where's the proof?
Thanks,
Angel
 
B

Bruce Chambers

Don't worry about it; it's a false alarm.

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of Spybot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of Spybot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the Spybot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
G

Guest

Bruce,

I think that if it was a false alarm it would be listed on Spybot S&D's
website. In fact, on Spybot S&D says that DSO Exploit is "a security hole in
IE allowing websites to execute code without asking you first."
I think I prefer to make my own decisions, especially if it has something to
do with the internet, and executing codes. Will you tell me how to remove
this "DSO Exploit"?

Tony S.
 
G

Guest

This has been a very helpful post and the link to the Spybot page was
confirmation that this is entry on spybot is a non-problem. Thanks for the
info!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DSO exploit question 8
DSO Exploit glitch in Spybot? 8
internet shut down help!!!!!!!!! 1
HKeys DSO 3
DSO Exploit 5
OT: Spybot Search And Distroy 2
SpyBot detected DSO Exploit 2
Cannot Remove DSO EXPLOIT found by Spybot 5

Top