DSO Exploit by Spybot Search & Destroy

  • Thread starter Thread starter MONGOLRED
  • Start date Start date
M

MONGOLRED

Have installed Spybotand let it run and show results as:
1)Data Source Object Exploit
HKEY_USERS\S-1-15-18\Software\Microsoft\
Windows\Current Version\Internet Settings.
2)-do-\S-1-5-19\-do-
3)-do-\S-1-5-20\-do-
4)-do-\S-1-5-20\-do-
5)-do-\DEFAULT-do
Spybot says it fixed the problem, but when you let it checked again, it
shows the same result as if it was not fixed. what are these problem? can
this be fixed by other softaware? pls. help mongolred
 
False Positive declaration !

Please search the News Group for posts on the same topic.

Dave






| Have installed Spybotand let it run and show results as:
| 1)Data Source Object Exploit
| HKEY_USERS\S-1-15-18\Software\Microsoft\
| Windows\Current Version\Internet Settings.
| 2)-do-\S-1-5-19\-do-
| 3)-do-\S-1-5-20\-do-
| 4)-do-\S-1-5-20\-do-
| 5)-do-\DEFAULT-do
| Spybot says it fixed the problem, but when you let it checked again, it
| shows the same result as if it was not fixed. what are these problem? can
| this be fixed by other softaware? pls. help mongolred
|
|
 
Leave it be, all is well.

If it reads as this:

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2390659565-950919980-1244295952-1005\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

All is well.

This means that you have asked for protection via one of the cleanup tools.
This is what it changes:

HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0"

1001 and 1004


HKEY_LOCAL_MACHINE
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0"

1001 and 1004

and optionally:

HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"

1001 and 1004

HKEY_LOCAL_MACHINE
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"

1001 and 1004
When protection is applied, the values of 1001 and 1004 are set to DWORD
(unsigned long integer) 3. When protection is removed, these key values are
reset to their default values of DWORD 0 per Microsoft default settings for
the "Local Machine zone" (run automatically) and to DWORD 1 for the
"Internet Zone" (PROMPT) ...
 
Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 
MONGOLRED said:
Have installed Spybotand let it run and show results as:
1)Data Source Object Exploit
HKEY_USERS\S-1-15-18\Software\Microsoft\
Windows\Current Version\Internet Settings.
2)-do-\S-1-5-19\-do-
3)-do-\S-1-5-20\-do-
4)-do-\S-1-5-20\-do-
5)-do-\DEFAULT-do
Click to expand...

These can arise if you have done a perfectly normal setting of Internet
explorer to use about:blank as home page. That can also indicate a
hijack, hence the warning. If you use about:blank deliberately, ignore
the warning
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

OT: Spybot Search And Distroy 2
SpyBot Results 7
Cannot Remove DSO EXPLOIT found by Spybot 5
DSO Exploit 5
DSO Exploit 5
SpyBot detected DSO Exploit 2
Help please re Spybot S & D result 1
DSO Exploit 3

Back
Top