Wesley-DSO Exploit

[Colin Barnhorst]

I must say I am surprised. It worked for me on the very next scan and I
haven't seen the problem since. What about uninstalling and then
downloading a fresh copy of the program? If you do, I suggest you reboot in
between just to clear out the cobwebs. Just a thought.

 

[Rex]

I'm afraid that "patch" doesn't solve the problem, either. I've been
running it for several weeks, and still get the DSO Exploit false alarm if
I turn of the "Ignore" for it. I last tested it this past week-end with
the latest updates.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

I am running the patch version 1.3.1TX and it does clear the DSO Exploit

Rex

 

[Bruce Chambers]

I must say I am surprised. It worked for me on the very next scan and I
haven't seen the problem since. What about uninstalling and then
downloading a fresh copy of the program? If you do, I suggest you reboot in
between just to clear out the cobwebs. Just a thought.

Already tried that. The curious thing is that the computer will scan
clean once or twice, and then the DSO Exploit false alarm comes back. I
know that several others have reported success, but I've yet to see it.
Oh well, it's easy enough to ignore, for now.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Wesley Vogel]

Configure SpyBot S & D Not to Flag DSO Exploit
http://forum.aumha.org/viewtopic.php?t=8435

Courtesy of Randy Knobloch aka siljaline
MS - MVP Windows (IE/OE) 2003/04 AH-VSOP

Why does DSO Exploit return?
[[DSO-Exploit is a security gap in Internet Explorer, Outlook and Outlook
Express. Microsoft did already close this gap with security updates, so with
current Windows updates and patches installed, it will no longer be a threat
to your system.
Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for
good, it will unfortunately again set an invalid value. Therefore it will
again be found with every scan.
This little bug in Spybot-S&D has already been repaired and the respective
fix will soon be available as a program update.]]
http://www.safer-networking.org/en/faq/36.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

There is a company using Patrick Kolla's name and his product Spybot
when in fact it is NOT his program that is being promoted here and
elsewhere. Your link of http://www.majorgeeks.com/download4392.html
features a description of Spybot, but when you click on the links to
download it, you will see that it directs you to here
http://www.majorgeeks.com/downloadget.php?id=4392&file=10&evp=17a4645dc80f11461d8549719a9350e0
which then sends you here
http://www.pctools.com/spyware-doctor/?ref=trial_mg_sd_336_rd to download
Spyware Doctor!
Here is a link to Patrick Kolla's website that explains what the other
company is doing
http://www.safer-networking.org/en/news/2005-01-17.html. I hope that you
will no longer promote an unscrupulous person who misleads people into buying
something that is NOT what it claims to be.

 

[Guest]

hi i am having the same promblem to if you ever get it off would you please
let me know

 

[Bruce Chambers]

hi i am having the same promblem to if you ever get it off would you please
let me know

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of SpyBot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of SpyBot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the SpyBot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3.1TX, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[plb2862]

I've had this problem and only having a desktop, the 1004 key (usually seen
as a string entry instead of hexadecimal) can be safely removed with no ill
affect on desktops. If you want to change the value to 3 remember to change
it to a REG_DWORD and enter the decimal value 3 if you enter it as
hexadecimal a 3 will work also but higher numbers than 9 won't.

Although these five exploits are not really a threat. See this link for
http://forums.net-integration.net/index.php?showtopic=15308&st=0.