SPybot - Search and Destroy

[MIke]

Hi, Can someone advise me as to why I have to run Spybot every day to
clear the same, identical 5 pieces of spyware? Is there something I can
do to prevent it? If I deactivate the WINXP Fire Wall, and run Zone
Alarm's Firewall, would I still get the stupid spyware?

The usual is: DSO EXploit -I delete it per the program, then re-
immunize, and sign out.

Next day, the same thing.

ThanX....Mike

 

[Tom Pepper Willett]

It's a bug in Spybot S&D...ignore it.

Tom
| Hi, Can someone advise me as to why I have to run Spybot every day to
| clear the same, identical 5 pieces of spyware? Is there something I can
| do to prevent it? If I deactivate the WINXP Fire Wall, and run Zone
| Alarm's Firewall, would I still get the stupid spyware?
|
| The usual is: DSO EXploit -I delete it per the program, then re-
| immunize, and sign out.
|
| Next day, the same thing.
|
| ThanX....Mike
|

 

[Jim Macklin]

Get the latest version of SpyBot, do the updates including
the DOS Exploit patch.


| It's a bug in Spybot S&D...ignore it.
|
| Tom
|
|| Hi, Can someone advise me as to why I have to run Spybot
every day to
|| clear the same, identical 5 pieces of spyware? Is there
something I can
|| do to prevent it? If I deactivate the WINXP Fire Wall,
and run Zone
|| Alarm's Firewall, would I still get the stupid spyware?
||
|| The usual is: DSO EXploit -I delete it per the program,
then re-
|| immunize, and sign out.
||
|| Next day, the same thing.
||
|| ThanX....Mike
||
|
|

 

[Wesley Vogel]

Why does DSO Exploit return?
[[DSO-Exploit is a security gap in Internet Explorer, Outlook and Outlook
Express. Microsoft did already close this gap with security updates, so with
current Windows updates and patches installed, it will no longer be a threat
to your system.
Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for
good, it will unfortunately again set an invalid value. Therefore it will
again be found with every scan.
This little bug in Spybot-S&D has already been repaired and the respective
fix will soon be available as a program update.]]
http://www.safer-networking.org/en/faq/36.html

====

Configure SpyBot S & D Not to Flag DSO Exploit
http://forum.aumha.org/viewtopic.php?t=8435

Courtesy of Randy Knobloch aka siljaline
MS - MVP Windows (IE/OE) 2003/04 AH-VSOP

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Bruce Chambers]

Hi, Can someone advise me as to why I have to run Spybot every day to
clear the same, identical 5 pieces of spyware?

Because it's a bug in SpyBot S&D.

Is there something I can
do to prevent it?

Configure SpyBot S&D to ignore it.

If I deactivate the WINXP Fire Wall, and run Zone
Alarm's Firewall, would I still get the stupid spyware?

No, this would have absolutely no bearing on this issue, or on few,
very few other spyware problems.

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

The usual is: DSO EXploit -I delete it per the program, then re-
immunize, and sign out.

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of SpyBot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of SpyBot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the SpyBot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3.1TX, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Philip Ashley]

You can apply a registry fix if you're happy in that area

http://www.pchell.com/support/dsoexploit.shtml

it worked for me

hth

philip ashley

 

[Kelly]

Hi Mike,

To avoid the False-Flag for the DSO Exploit (W3), open Spybot/Advanced
Mode/Settings/Ignore Products. On the All Products Tab, scrol to DSO
Exploit and check that item only.

--
Happy Mardi Gras,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com