dso exploit?

[Jan Il]

Are you letting Spybot "fix" the DSO Exploits?

I did the first time, but, just told it to ignore the second time. I just
ran another scan to check before I replied here, and here are the two that
it 'found'

--- Search result list ---
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1078081533-1580818891-1957994488-1000\Software\Microsoft
\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search & Destroy version: 1.3 .1TX (build:

Do you see anything threatening?

Jan

 

[HistoryFan]

Do you see anything threatening?
If your computer has all the critical updates from Microsoft Windows
Update you should be okay.

Have you restarted your computer since installing the Spybot 1.3.1TX
patch? I installed the patch on two computers, one running XP and the other
ME and it fixed the DSO glitch on both of them.

 

[Jan Il]

If your computer has all the critical updates from Microsoft Windows
Update you should be okay.

Have you restarted your computer since installing the Spybot 1.3.1TX
patch? I installed the patch on two computers, one running XP and the other
ME and it fixed the DSO glitch on both of them.

Yes.....I'm fully updated, and I restarted the machine after the install,
then ran the first check. I ran the second check last Saturday, and the
most recent a while ago before my other reply here to test again. All three
times it listed DSO exploits.

Just wanted to let you know that it may have some flaws yet on some
machines.

Jan

 

[Anonymous via Panta Rhei]

Path: news.netfront.net!newsgate.cuhk.edu.hk!border2.nntp.dca.giganews.com!nntp.giganews.com!cyclone1.gnilink.net!spamkiller.gnilink.net!gnilink.net!trnddc01.POSTED!dd072159!not-for-mail
From: "Jan Il" <[email protected]>
Newsgroups: alt.comp.anti-virus
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Subject: Re: dso exploit?
Lines: 20
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Message-ID: <Ywrod.1726$TG2.558@trnddc01>
Date: Mon, 22 Nov 2004 19:57:44 GMT
NNTP-Posting-Host: 70.104.234.60
X-Complaints-To: (e-mail address removed)
X-Trace: trnddc01 1101153464 70.104.234.60 (Mon, 22 Nov 2004 14:57:44 EST)
NNTP-Posting-Date: Mon, 22 Nov 2004 14:57:44 EST
Xref: news.netfront.net alt.comp.anti-virus:71044

Hi HistoryFan


On a different note on this, it would appear that they may not have yet
gotten the problem completely resolved. I downloaded and installed the new
SpyBot patch a week ago, and on my very first run I got DSO Exploits (3),
and again on the second run today, 3 more. I am not the only one who has
had this situation, and actually, I installed it simply as a test to see if
it would happen on my machine too. I have W2K SP4, a new installation on a
new hard drive only 2 weeks old. So, I don't think this new patch works
fully up to par yet.

Honestly, I think that the patch in Spybot is working fine. I
see from your headers that you're using "X-Newsreader: Microsoft
Outlook Express 6.00.2800.1437". In my experience, if someone
is using Outhouse Distress for a mail / news client, then
they're probably also using IE for a browser.

This would be the reason that you've got a fresh set of DSO
exploits with each run of spybot. IE and OE are inherently non
safe non secure.

for a browser, take your pick from:

Netscape 7 popular browser / email / news combo client)
Mozilla 1.7 (Very similar open source version of Netscape)
Firefox 1.0 (open source standalone browser)
Opera 7.6 (closed source commercial browser / email / news
client, costs some $ but is very Worth it, or you can find a
keygen easily)

for a mail client, see above or try:

"The Bat!" commercial email client, there is NONE more powerfull
or versatile
Thunderbird a freeware mozilla compatible companion to Firefox
Pegasus Freeware, is also good as well but has a higher
learning curve to start out.
Jack B. Nymble designed to be 'safe' no html rendering to get in
the way or complicate matters by letting crap in that you don't
need. primary design is to send anonymous email and newsgroup
postings (like this one) and create / manage anonymous
pseudonyms.



Then after this, the ONLY reason to use IE is for Windows
Update, OE should be trashed as unuseable / unsafe.

Jan
Smiles are meant to be shared,
that's why they're so contagious

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.

 

[Anonymous via Panta Rhei]

If your computer has all the critical updates from Microsoft Windows
Update you should be okay.

Have you restarted your computer since installing the Spybot 1.3.1TX
patch? I installed the patch on two computers, one running XP and the other
ME and it fixed the DSO glitch on both of them.

check her headers, she's using IE and OE, no wonder the DSO
problem keeps coming back! OE is worthless and IE should only
be used for windows update

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.

 

[aD]

Hi.
My girlfriend's got dso exploit trouble on her pc. I understand that CW
Shredder is the only tool that will get rid of this problem, but I can't
find a currently functioning download link that will work for it. Any idea
where I can get CW Shredder from now... or something else that will tackle
this dso exploit problem? Thanks.

From http://www.spywareinfo.com/~merijn/downloads.html
--Start quote
If you are unable to download any of the files here and are redirected to a
porn page, search page or just denied access to the file, try these
alternate links that should always work:

HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe

The redirection is probably because of a Coolwebsearch variant
(CWS.Aff.Tooncomics or CWS.Dreplace) that intercepts your download to
prevent downloading my programs.
--End quote

For CWS Shredder:
http://cwshredder.net/bin/CWSInstall.exe

If you can't get it from there email me (I'm not .invalid, I'm .co.uk) and
I'll send you a copy.

HTH,


aD

 

[Jan Il]

However....you see........the other person, for whom I was checking on my
end, does not use either IE or OE, they use FireFox....and
Thunderbird.....and they get them too using the new patched SpyBot. That is
the only reason I even tried it, as a test to see if it would happen on my
machine as well. Thus, your personal opinion of OE/IE or others that you
listed below does not really make any difference.

If you hadn't posted using "Anonymous", I 'might' have taken your
'experience' seriously. ;-)

Have a good one.......

Jan

 

[Bart Bailey]

However....you see........the other person, for whom I was checking on my
end, does not use either IE or OE,

No IE/OE here,
can I still get one of those "latest fad" afflictions?

they use FireFox....and
Thunderbird.....

Will Opera suffice?

and they get them too using the new patched SpyBot.

Can I get one without any version of SpyBot, patched or not?

That is
the only reason I even tried it, as a test to see if it would happen on my
machine as well.

I wanna play too, or at least let my machine play.

Thus, your personal opinion of OE/IE or others that you
listed below does not really make any difference.

"I don't want to hear about jesus, I just want to see his face"
~Mick Jagger~

If you hadn't posted using "Anonymous", I 'might' have taken your
'experience' seriously. ;-)

If you hadn't top posted,
I 'might' have taken your 'experience' seriously. ;-)

Have a good one.......

You too.

 

[Jan Il]

Hiya Bart...

I wanna play too, or at least let my machine play.

Sure...... the leg pulling is all meant in fun....and anyone is welcome to
play too.

However, there've been a few others that have mentioned some DSO's showing
up on their machines using the new patch, and their Browsers and e-mail
programs vary; some are Agent, Netscape, Mozilla, etc., as well as OE/IE.
My friend just wanted to see if it would give an errant report on my new set
up as well. Could be a number of causes, but, it can still happen. Nothing
is 100%.

Also.....I was joshing with 'Anonymous', didn't mean to raise any dander.


BTW....I retired from Trolley and moved to Virginia last month. Tell my
good friend 'Tuck' I said Hi next time you talk to him...'k. <g>

Have a happy holiday.....

Jan

 

[Bart Bailey]

Hiya Bart...


Sure...... the leg pulling is all meant in fun....and anyone is welcome to
play too.

However, there've been a few others that have mentioned some DSO's showing
up on their machines using the new patch, and their Browsers and e-mail
programs vary; some are Agent, Netscape, Mozilla, etc., as well as OE/IE.
My friend just wanted to see if it would give an errant report on my new set
up as well. Could be a number of causes, but, it can still happen. Nothing
is 100%.

Curious;
has this sploit affected anyone that didn't have [mshtml.dll] on their
machine?
('nother reason to ieradicate)

Also.....I was joshing with 'Anonymous', didn't mean to raise any dander.

At my age, there isn't much dander to raise ;-)

BTW....I retired from Trolley and moved to Virginia last month. Tell my
good friend 'Tuck' I said Hi next time you talk to him...'k. <g>

It's been awhile, I'm quite inactive on HAM nets these days,
and seldom manage to catch one of his trains.

Have a happy holiday.....

Gonna stuff at Golden Hall again this year,
under the auspices of the Starvation Army ;-)
http://tinyurl.com/6vh7p

 

[Jan Il]

[...]

Curious;
has this sploit affected anyone that didn't have [mshtml.dll] on their
machine?
('nother reason to ieradicate)

Don't know on this one...I haven't heard anything about this aspect.

At my age, there isn't much dander to raise ;-)
;-)

It's been awhile, I'm quite inactive on HAM nets these days,
and seldom manage to catch one of his trains.

I think he retired too.....he was gonna soon, at least the last I heard,
but, I was out on disability after a surgical snafu for the best part of the
year.

Gonna stuff at Golden Hall again this year,
under the auspices of the Starvation Army ;-)
http://tinyurl.com/6vh7p

Yeah......they really do a nice thing.....and they always have the real
holiday spirit. I had several friends who were victims of the firestorms we
had last October, and they are still trying to put their lives together.
The SA was there to lend them a hand when the RED CROOKS turned them away.

Ya'll have a good one.....and Bon Appetite!

Jan

 

[Anonymous via Panta Rhei]

However....you see........the other person, for whom I was checking on my
end, does not use either IE or OE, they use FireFox....and
Thunderbird.....and they get them too using the new patched SpyBot. That is
the only reason I even tried it, as a test to see if it would happen on my
machine as well. Thus, your personal opinion of OE/IE or others that you
listed below does not really make any difference.

If you hadn't posted using "Anonymous", I 'might' have taken your
'experience' seriously. ;-)

I post Anonymous to protect my identity. It's not as
melodramatic as it sounds, but my privacy is valuable to me,
thus an anonymous remailer and a mail2news gateway

Have a good one.......

Jan

you too.

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.

 

[Jan Il]

I post Anonymous to protect my identity. It's not as
melodramatic as it sounds, but my privacy is valuable to me,
thus an anonymous remailer and a mail2news gateway

No problem.....I understand. Just a bit of leg pulling. See...on a lot of
the MS newsgroups accessed from the Internet, there is an automatic setup to
post as "Anonymous," to help cut down spam and such I guess, so there are
usually a very large number of posters and responders that are 'Anonymous'.
I don't normally use that format, but, I have had to a few times when my
newsreader was acting up to follow-up on a few posts. It's just a bit
mirthful in a way to see so many of these 'Anonymous' posts, sort of like a
Secret Agents info forum, so, I couldn't help make a play on it. I don't
post here often so not many here know my sense of humor to know I was merely
joshing. No personal offense intended. )


Cheers!

Jan

 

[Joan Archer]

And we love you for it <g>
Joan

Jan Il wrote:
I don't post here

 

[Jan Il]

Hey Joanie!

And we love you for it <g>

Thanks... and the feeling is mutual! ;o))

Jan

 

[ah]

[full headers]

Hi HistoryFan

There is a patch that I downloaded from Spybot's website that upgrades
Spybot 1.3 to 1.3TX. This fixes the 5 DSO exploit problems.

On a different note on this, it would appear that they may not have yet
gotten the problem completely resolved. I downloaded and installed the new
SpyBot patch a week ago, and on my very first run I got DSO Exploits (3),
and again on the second run today, 3 more. I am not the only one who has
had this situation, and actually, I installed it simply as a test to see if
it would happen on my machine too. I have W2K SP4, a new installation on a
new hard drive only 2 weeks old. So, I don't think this new patch works
fully up to par yet.

Honestly, I think that the patch in Spybot is working fine. I
see from your headers that you're using "X-Newsreader: Microsoft
Outlook Express 6.00.2800.1437". In my experience, if someone
is using Outhouse Distress for a mail / news client, then
they're probably also using IE for a browser.

This would be the reason that you've got a fresh set of DSO
exploits with each run of spybot. IE and OE are inherently non
safe non secure.

This may be more indicative of some self-correction on Windows part: these
registry settings revert back to the way they were when I 'fixed' them with
SBSnD . . . with every reboot.

I use IE /online/ only for http://v4.windowsupdate.microsoft.com/ and offline
for testing <html>+CSS . . . OE hasn't been used since c. 2000

Anyway, I don't really care if they're there (like Alexa . . . so what?), just
that I know I'm not doing something 'wrong'.

for a browser, take your pick from:

[other options]

Then after this, the ONLY reason to use IE is for Windows
Update, OE should be trashed as unuseable / unsafe.

 

[Papa Joe]

I have just been 'ignoring products' it since I read the problem was
fixed.
This is cleaner.

Thanks
Joe

 

[Papa Joe]

Have you seen any problems moving to say a Pegasus or other EMail
client when there is a large volume of stored/saved EMail Messages,
Folders and a large number of contacts in an address book?
Do all messages, folders and address book import into say pegasus,
thunderbird or the bat?

I found that a number of browsers work just fine--I like Ace and
Firefox and Maxthon although some secure sites seem to need IE.

Also, when there are problems with OE, as with any client, one is not
alone. The others may leave a user out there when it comes to
resolution. Finally, it would have to be a seamless way back to OE in
case one wants to move back.

I would love to move, but the email system is very important to me for
business.

Heck, I even looked at Agent for email, as, I figure if their email
client is half as good as their news client I would be just fine.

FWIW, I am no big fan of Microsoft as I think they sure do a decent
job.....and can also put clients out of business with a few basic
changes to how Windows functions. Windows seems to get through a lot
of hardware/software and do a fairly satisfactory job. Personally, I
think Microsoft is hurt by people who just expect the thing to not
only 'work' but not require any knowledge or common sense to
use....MACs seem to do some of this but they are not exposed to the
issues brought on by the large numbers of users either....

This virus/spyware/adware thing is breaking the backs of a lot of
people. There are lots of fingers in the dike approaches to dealing
with them and I am assuming(bad word here) that it must be very
difficult to systemically eliminate the problems for all
users--otherwise it would be done. Just look at the crap we talk about
on this ng......

Joe

AnyOn 23 Nov 2004 03:57:03 -0000, Anonymous via Panta Rhei