DSO exploit question

[Guest]

Hi I was wondering if anyone could help me with this question I have
regarding Spybot 1.3. When I run spybot a highlighted in red a problem listed
as: I have read the reviews from 8/27/04 under XP new user spywarequestion. I
have just purchased a new lapop about a month ago and I just installed
service pack 2 on it last week and I am still getting this DSO error when I
run spybot and I have read the review and I tried to go back and download for
the patch for internet explorer 6.0 but it is saying that you need to
download version 6.0 but I already have it loaded on this laptop. I -am
hoping that since I have downloaded service pack 2 that it should be okay and
that I can exlude this item from future searches. Can someone help me out
here? Thank you very much



"DSO Exploit" - 5 entries

Expanding the item, it lists 5 registry entries DSO Exploit: Data source
object exploit (Registry change, nothing done)
HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\SXXXXXXXXXXXXXXX\Software\Microsoft\Windows\CurrentVersion\Intern
et Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-xxxxx\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

The series of X's in the keys above I put in to replace the numbers that are
really there. Should these be deleted or left alone? I certainly would
appreciate your help and advice.
and the error that keeps logging on my system when ran.

 

[Guest]

Hi I was wondering if anyone could help me with this question I have
regarding Spybot 1.3. When I run spybot a highlighted in red a problem listed
as: I have read the reviews from 8/27/04 under XP new user spywarequestion. I
have just purchased a new lapop about a month ago and I just installed
service pack 2 on it last week and I am still getting this DSO error when I
run spybot and I have read the review and I tried to go back and download for
the patch for internet explorer 6.0 but it is saying that you need to
download version 6.0 but I already have it loaded on this laptop. I -am
hoping that since I have downloaded service pack 2 that it should be okay and
that I can exlude this item from future searches. Can someone help me out
here? Thank you very much



"DSO Exploit" - 5 entries

Expanding the item, it lists 5 registry entries DSO Exploit: Data source
object exploit (Registry change, nothing done)
HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\SXXXXXXXXXXXXXXX\Software\Microsoft\Windows\CurrentVersion\Intern
et Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-xxxxx\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

The series of X's in the keys above I put in to replace the numbers that are
really there. Should these be deleted or left alone? I certainly would
appreciate your help and advice.
and the error that keeps logging on my system when ran.

If you have SP2 installed you already have the patch you are refering too.
The next time you run Spybot S&D just add the DSO exploit to the ignore list.

 

[Ricky]

Some info here..
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

 

[Bruce Chambers]

Hi I was wondering if anyone could help me with this question I have
regarding Spybot 1.3. When I run spybot a highlighted in red a
problem listed as: I have read the reviews from 8/27/04 under XP new
user spywarequestion. I have just purchased a new lapop about a
month
ago and I just installed service pack 2 on it last week and I am
still getting this DSO error when I run spybot and I have read the
review and I tried to go back and download for the patch for
internet
explorer 6.0 but it is saying that you need to download version 6.0
but I already have it loaded on this laptop. I -am hoping that since
I have downloaded service pack 2 that it should be okay and that I
can exlude this item from future searches. Can someone help me out
here? Thank you very much

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or IE Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the Spybot Detection rules dated 30
Aug 04, when used with SpyBot S&D 1.3, will fix this problem.
However, I've had inconsistent results with that particular detection
update; sometimes it reads clean, then later it will once again find
the DSO problem, and then it will read clean again, all on the same
machine, with no other changes made.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH

 

[Guest]

Thankyou MAP-Ricky-and Bruce I appreciate you taking time to help me out with
this matter. I will do as stated thanks again
GL

 

[Guest]

Thanks Ricky I will check this address out.
GL

Some info here..
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

 

[Guest]

Thanks Map that makes me feel alot better I was going crazy trying to
research. Thanks again for your help- GL

 

[Guest]

Your welcome!

Thanks Map that makes me feel alot better I was going crazy trying to
research. Thanks again for your help- GL

 

[Guest]

I read this link and your other previous blogs on this subject saying that
Microsoft has this fixed and stating that the Spyware detection software is
faulty. Really I am amazed that you can say this when I have personally
wasted the last 6 hours to fix this! So excuse me if I feel your statements
are more Microsoft propaganda than reality.

How do you know you have a problem? Perhaps it is due to me being f____ing
inundated with bulls__t pop-up adds which I never was getting previously!
Please... it is simply condescending to tell people there is no problem when
obvioulsy there is.

Secondly, after six hours, I have had it finally fixed once and for all.
What is required is changing the value in the registry that is suggested by
the link provided by Spybot Search & Destroy at Grey Magic. That alone though
did not finish the job completely. The executable file or dll originating
the crap had to be located using Hijack This! software.

Note: I had all the Windows Updates including SP2 prior - again I repeat -
prior to getting this problem and this error message from Spybot!!!! (Note
that Spybot had not shown this error earlier either as is implied by this
link reply). So this crap that it is really fixed is just that. Finally, I
ended up checking out four other forums: cdnet, computercops.biz,
subratam.org, and SWI Forums. Funny isn't it that none of them had a single
reply that "microsoft has fixed this" but some real advice on how to tackle
the problem. Nor did any of them state that microsoft had an appropriate
patch to handle this problem either.

So anyone having this so called fictitious error please check out the
aforementioned sites for some real help!