Please Explain Why Spybot Search & Destroy always finds these same 5 files!!!

Posted on 2004-09-19
Last Modified: 2010-04-12
Points go out to the best explanation of why.....

Everytime I run Spybot S & D, it always finds the same  five  "Data Expliots" !!!

Everytime iI remove them, then seach and it finds them again.   (This happens on Win NT, 2003 Server, XP)      

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-21-1085031214-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
Question by:pdoriley
  • 2
LVL 32

Expert Comment

by:Luc Franken
ID: 12094866
Hi pdoriley,

It's very common that Spybot S&D keeps finding DSO exploids, please see this page:

From responce no. 10:
Since the injected <object> runs in the "My Computer" Zone changing the Internet Zone's settings didn't affect it, but changing the correct zone's settings will prevent this exploit from running.

Here is the registry information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Change the value of "1004" (DWORD) to 3.


LVL 29

Accepted Solution

blue_zee earned 250 total points
ID: 12101036

It's a known bug in Spybot S&D.

It's expected to be solved in the next release. Meanwhile, just ignore it.

LVL 29

Expert Comment

ID: 12111006

Thank you.

Latest news on this:

>>Please note the current beta release of the application (v 1.3.1b) corrects the DSO bug. If you are not comfortable with installing the beta ignore the DSO items until the final is released. Again, please note it is an application update and not an includes update that fixes this bug<<



Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Datas crypted by cryptolocker after zip attachement opened 3 60
Cleaned Windows 7 laptop still very sluggish 34 82
ACAS / Nessus 2 101
PUP or Virus 6 70
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now