We help IT Professionals succeed at work.

Hoist the colors! We’ve added location flags to usernames sitewide, so it's easier to connect with the global community on EE. View My Profile


Cant remove DSO Exploit using Spybot search & destroy

kittykatpoop asked
Last Modified: 2013-12-04
When I run Spybot it finds two entries for DSO Exploit which it continues to successfully remove, however on subsequent searches two entries for DSO Exploit show up again. I have 5 different user profiles of this PC and have tried on each to see if it makes a difference - it doesn't. What am I doing wrong??
Watch Question

Top Expert 2004

Hi kittykatpoop,

Make sure you got the lastest spybot

Check if that would remove the DSO exploit.

Follow instructions here

Here's some links to information on this DSO exploit problem:
Pinned explanation at SSD's forum http://forums.net-integration.net/index.php?showtopic=17159 pinned

For a l o o n g explanation on DSO: http://forums.net-integration.net/index.php?showtopic=15308
Good luck
Your question about can be solved with my link below, but it doesn't help unless you decides to protect your computer in the future.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each.

The reason is, that the many different programs not always protects against each other, and each of them doesn't protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):

BTW: I'm using the Trend Micro anti-virus-suite and SoftScan anti-spam, and haven't got any of my servers or computers infected since 1999, and I'm using PestPatrol anti-spyware since 2004.

Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open
Top Expert 2005


Have you tried running Spybot S&D in Safe Mode?

Top Expert 2005
This one is on us!
(Get your first solution completely free - no credit card required)
Top Expert 2005





Followed the instructions on manual registry cleaning and the DSO exploit no longer appears, thanks for the help guys, really appreciate it!
Top Expert 2005


Glad I could help.

I know the developers of Spybot S&D are aware of this problem and is expected to be resolved with the next release.

DSO Exploit

Here is response given.  I am unable to do this.  I cannot edit this line item in "regedit"  it will not let me make the change.  Also, I already have "DWORD" rather than "REG_SZ". It has a value of "0", but like I say cannot delete or modify.  The error block I get is "Error Editing Value" with a red x and the description, "Cannot edit 1004; Error writing the value's new contents".

I have run Spybot in "Safe Mode" and get the same two DSO exploit discrepancy.  Also get an "Alexa Related" line item that cannot be removed.

Anyone have a suggestion?


It seems that Spybot removes the DSO exploit but doesn't clean the registry. Hence the reappearance.

Start>Run type 'regedit' (without the qoutes)

Follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg.

HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3

After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.

Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok.

You may have to restart your pc for changes to take effect... i didn't.

Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)...

Top Expert 2005



You have to post your own question.

This one is closed.


Or just download todays main update to version 1.3.1 *hurray*
I had this problem too, but discovered the solution was simple ...

When Spybot finds the DSO exploit(s) click the "+" next to it so all occurances are displayed - click the registry icon at the end of the first line - PAUSE for several seconds whilst registry editor starts up - then click on the same icon again - this time registry editor will advance to the offending entry (1004) - simply right click to delete.

Repeat the above for all remaining lines that spybot finds, but make sure the one it highlights is the 1004 entry - often it can't find the 1004 entry in the last one you try to fix - in which case it highlights a 1001 entry - don't delete this one!

When you tell Spybot to fix the selected problems it complains that it can't fix them (not surprisingly as you've just done it manually) - but when you rescan they won't appear again. I've done this to dozens of PCs now and haven't had a single problem.


I am currently not at my work computer.  I have had a severe accident which will prevent me from going to work for a few more days.  I have already missed all of this week.  Having said that, this seems like a workable solution.  I will try it immediately after I return to work.  Thank you.

It appears more and more Spy ware is becoming malicious to anti Spy ware like Spy Bot Search and Destroy.    It seems that after you have updated SB S&D to the latest version which I believe is 1.3.1 and you are still having problems then…..

Experts Only Corner – This process is Dangerous to your computer and can cause it to stop working where you may have to reload it.  

************************Proceed at your own risk.****************************

Come up in Safe Mode
First go into regedit
Go to the key:
Check to see if only valid applications are running there.  If you are not sure then You can type the name of the application into Google and it will usually tell you If it is spyware, lameware, adware, etc…  
If you have identified a key that is invalid then delete the key.
Next check the key:
Do the same process.
Next check the key:
Do the same process
Next check the key:

Bottom line is I check everything in my registry that says Run or RunOnce.  I usually search on “runonce” and find from there. That seems to go fastest.

I also check the startup directory for any applications, I check the win.ini and the system.ini then I reboot the system.  When the system is up I bring up Taskman and check all the processes and look for any unfamiliar process.  Again if you see an unfamiliar process, type it into Google to see if it is spyware, lameware, adware, etc…

Good luck,

Mark Cutshall

The best solution for spyware-adware is this, in my opinion;
 Create a BART-PE disk containing spybot, use it to boot, clean away.
 Nothings "in use" so nothings left behind.

ohhh...in case you dont know where to get it....

One more note, you have to update the thing often, I update about once a month.....new cd every month....
Asta CuTechnical consultant & graphic design
Top Expert 2004

Great information here, just curious if when you updated Spybot S&D with all fixes, did you also run the "Immunize" function which currently blocks roughly 1944 known bad products/exploits and blocks them?


Yup, I sure did/do, but usually after cleaning.

Note to add to Cutshall's comment: "When the system is up I bring up Taskman and check all the processes and look for any unfamiliar process.  Again if you see an unfamiliar process, type it into Google to see if it is spyware, lameware, adware, etc…"

Here's where to look for what each process is:


     [click on 'Task List' for alphabetical listings of processes]

These are fairly comprehensive databases of known processes (good, bad, otherwise).  The greatis database is organized according to 'Necessary', 'At Your Option', 'Useless', and 'Dangerous'.

actually if you install or have messenger installed it recreates it also every time you start it (atleast it did on mine till I removed it for good)

trillium is my im now and has no problems with this and I can access icq/aim/msn/yahoo/irc all with one client and read all email and use winamp with it aswell :)
Hello all!!!!!!!  Anyone know a safe place to download current version of SpyBot 1.4....?  Thanks.
Asta CuTechnical consultant & graphic design
Top Expert 2004


Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.