spybot question

[jtc]

I have 5 DSO objects...should they be removed...all say registry change..
I have done nothing yet

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Current Version\Internet
Settings\Zones\0\1004!=W=3
HKEY_USERS\S-1-5-21-436374069-1563985344-854245398-1003\Software\ same as
above
HKEY_USERS\S-1-5-20\same as item one above
HKEY_USERS_\S-1-5-19\ same as one and three
HKEY_USERS\DEFAULT\same as one, three, four

I am running version 1.3
I am a newbie so speak plainly, thank you

 

[Edwin The Elf]

It's a known bug with SpyBot. Check out their support forum
http://forums.net-integration.net/ for a more technical explanation (if
you want it - search for DSO).

 

[Bruce Chambers]

I have 5 DSO objects...should they be removed...all say registry change..
I have done nothing yet

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Current Version\Internet
Settings\Zones\0\1004!=W=3
HKEY_USERS\S-1-5-21-436374069-1563985344-854245398-1003\Software\ same as
above
HKEY_USERS\S-1-5-20\same as item one above
HKEY_USERS_\S-1-5-19\ same as one and three
HKEY_USERS\DEFAULT\same as one, three, four

I am running version 1.3
I am a newbie so speak plainly, thank you

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of SpyBot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of SpyBot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the SpyBot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3.1TX, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[jtc]

thanks

--
jtc
(e-mail address removed)

It's a known bug with SpyBot. Check out their support forum
http://forums.net-integration.net/ for a more technical explanation (if
you want it - search for DSO).

 

[jtc]

Thank you and I will for now, leave it alone til I see what it's all
about...I was afraid it was something UGLY!!!!!!!!!!