DSO Exploit

[Guest]

Every time I run Spybot - Search and Destroy it detects the same five entries
of DSO Exploit. Every time I select fix problems, it saya problems are
fixed, but if I run it again it finds them again. Is there any way I can
permanantly remove theese? They are as follows.

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-21\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

If I delete theese file extensions will it fix the problem? Will it cause
any other problems?

 

[Bruce Chambers]

Every time I run Spybot - Search and Destroy it detects the same
five entries of DSO Exploit. Every time I select fix problems, it
saya problems are fixed, but if I run it again it finds them again.
Is there any way I can permanantly remove theese? They are as
follows.

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-21\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

If I delete theese file extensions will it fix the problem? Will
it cause any other problems?

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or IE Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the Spybot Detection rules dated 30
Aug 04, when used with SpyBot S&D 1.3, will fix this problem.
However, I've had inconsistent results with that particular detection
update; sometimes it reads clean, then later it will once again find
the DSO problem, and then it will read clean again, all on the same
machine, with no other changes made.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH