Go Premium for a chance to win a PS4. Enter to Win


Please Explain Why Spybot Search & Destroy always finds these same 5 files!!!

Posted on 2004-09-19
Medium Priority
Last Modified: 2010-04-12
Points go out to the best explanation of why.....

Everytime I run Spybot S & D, it always finds the same  five  "Data Expliots" !!!

Everytime iI remove them, then seach and it finds them again.   (This happens on Win NT, 2003 Server, XP)      

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
Question by:pdoriley
  • 2
LVL 32

Expert Comment

ID: 12094866
Hi pdoriley,

It's very common that Spybot S&D keeps finding DSO exploids, please see this page:

From responce no. 10:
Since the injected <object> runs in the "My Computer" Zone changing the Internet Zone's settings didn't affect it, but changing the correct zone's settings will prevent this exploit from running.

Here is the registry information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Change the value of "1004" (DWORD) to 3.


LVL 29

Accepted Solution

blue_zee earned 1000 total points
ID: 12101036

It's a known bug in Spybot S&D.

It's expected to be solved in the next release. Meanwhile, just ignore it.

LVL 29

Expert Comment

ID: 12111006

Thank you.

Latest news on this:

>>Please note the current beta release of the application (v 1.3.1b) corrects the DSO bug. If you are not comfortable with installing the beta ignore the DSO items until the final is released. Again, please note it is an application update and not an includes update that fixes this bug<<




Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question