DSO Exploit - HKEY USERS - Registry Change

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Can anyone help with the above problem .. a friend just brought a computer and we are trying to clean up files were are not sure of .. we have installed spybot and ad aware, run both, and even though ad aware did pick up some problems, we fixed them and now it is running clear, spybot brought up quite a few things and we fixed them, one item it said it could not delete unless we restarted, we did this, spybot did open on start up and i thought it would clear the problem, but when we ran spybot again when computer was fully rebooted it is bringing up one folders 'DSO EXPLOIT' with 5 entries within it .. they are HKEY_USERS 5-1-5-18, 19, 20, 21 and DEFAULT folder .. i am trying to delete it (assuming that it is a bad thing that shouldn't be on the system) it is saying they are deleted but when i run Spybot again they are all still there .. what on earth are they ? can anyone help me ? and should i be trying to delete them ? .. thanks in advance for any help you can give
 
Basically what's happening is that Spybot is finding that the security setting
for "Download Unsigned ActiveX controls" for the (normally) hidden
"My Computer" zone in Internet Explorer is not set to disabled.

Visit http://forums.net-integration.net/index.php?showtopic=15308
for additional info.

Make sure you visit the Windows Update website and download any
recommended Critical Updates.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------------------------------


| Can anyone help with the above problem .. a friend just brought a computer and we are trying to clean up
files were are not sure of .. we have installed spybot and ad aware, run both, and even though ad aware did
pick up some problems, we fixed them and now it is running clear, spybot brought up quite a few things and we
fixed them, one item it said it could not delete unless we restarted, we did this, spybot did open on start up
and i thought it would clear the problem, but when we ran spybot again when computer was fully rebooted it is
bringing up one folders 'DSO EXPLOIT' with 5 entries within it .. they are HKEY_USERS 5-1-5-18, 19, 20, 21 and
DEFAULT folder .. i am trying to delete it (assuming that it is a bad thing that shouldn't be on the system)
it is saying they are deleted but when i run Spybot again they are all still there .. what on earth are they ?
can anyone help me ? and should i be trying to delete them ? .. thanks in advance for any help you can give
 
problemsrus said:
Can anyone help with the above problem .. a friend just brought a computer and we are trying to clean up files were are not sure of .. we have installed spybot and ad aware, run both, and even though ad aware did pick up some problems, we fixed them and now it is running clear, spybot brought up quite a few things and we fixed them, one item it said it could not delete unless we restarted, we did this, spybot did open on start up and i thought it would clear the problem, but when we ran spybot again when computer was fully rebooted it is bringing up one folders 'DSO EXPLOIT' with 5 entries within it .. they are HKEY_USERS 5-1-5-18, 19, 20, 21 and DEFAULT folder .. i am trying to delete it (assuming that it is a bad thing that shouldn't be on the system) it is saying they are deleted but when i run Spybot again they are all still there .. what on earth are they ? can anyone help me ? and should i be trying to delete them ? .. thanks in advance for any help you can give
Click to expand...

http://www.nsclean.com/dsostop.html
 
Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH


problemsrus said:
Can anyone help with the above problem .. a friend just brought a
Click to expand...
computer and we are trying to clean up files were are not sure of ..
we have installed spybot and ad aware, run both, and even though ad
aware did pick up some problems, we fixed them and now it is running
clear, spybot brought up quite a few things and we fixed them, one
item it said it could not delete unless we restarted, we did this,
spybot did open on start up and i thought it would clear the problem,
but when we ran spybot again when computer was fully rebooted it is
bringing up one folders 'DSO EXPLOIT' with 5 entries within it .. they
are HKEY_USERS 5-1-5-18, 19, 20, 21 and DEFAULT folder .. i am trying
to delete it (assuming that it is a bad thing that shouldn't be on the
system) it is saying they are deleted but when i run Spybot again they
are all still there .. what on earth are they ? can anyone help me ?
and should i be trying to delete them ? .. thanks in advance for any
help you can give
 
Back
Top