Solved

DSO Exploit

Posted on 2004-10-15
18
411 Views
Last Modified: 2013-12-04
hi
everytime i run spybot i get the DSO Exploit as a problem to fix...i can click on fix errors and run the program again,and its right back.
i went to the greymagic website and did this
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]
Change the value of "1004" (DWORD) to 3.

was this the right thing to do?
0
Comment
Question by:armydog
  • 9
  • 7
  • 2
18 Comments
 
LVL 33

Assisted Solution

by:sajuks
sajuks earned 25 total points
ID: 12320703
You need the latest updated version of spybot.
Chec kthis link
http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html

It seems that Spybot removes the DSO exploit but doesn't clean the registry. Hence the reappearance.
Start>Run type 'regedit' (without the qoutes)
Follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg.

HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3

After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.

Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok.

You may have to restart your pc for changes to take effect... i didn't.

Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)...
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321034
and to answer your question yes u did the rite thing.
The latest version of spybot too does the same change to the registry
0
 

Author Comment

by:armydog
ID: 12321306
sajuks
followed your steps in your post and my DSO EXploit entries changed from 2 to 1 so must have worked.
wasn't sure if i was supposed to look in different zone no.s for more of the same entries. 0-5 was listed and they all had values of 3 except in zone 2...so i followed your steps in that zone and am currently running spybot right now.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:armydog
ID: 12321427
sajuks
all the 1004 listings are showing a value of 3
but spybot is still listing 1 dso exploit
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321445
did you restart your machine once and check ?


0
 

Author Comment

by:armydog
ID: 12321552
sajuks
 ok restarted and am running right now.
now these changes i'm making to the registry won't effect the security of the pc in any way will they?

also my version of spybot is 1.3...is there a newer edition?
0
 

Author Comment

by:armydog
ID: 12321612
sajuks
after the restart and then running spybot again...i'm still getting 1 DSO Eploit entry.
could there be another DWORD entry causing this?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321628
1.3.1 is the latest version.
You will find a button for updating the detection rules. Chec kwhether all the detection rules 've been downloaded.
also remember to click on the immunize button to verify whether all bad products are blocked
the changes that  u've done is not going to compromise your security.
0
 

Author Comment

by:armydog
ID: 12321939
sajuks
checked for updates...have all the latest.
clicked on immunize and it displayed that 1997 currently blocked with 10 more i could immunize...did this.
ran spybot again and am still getting DSO Exploits 1 entry

is there anything else i can do...or should i just ignore this listing?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322069
can you post what spybot shows as the dso exploit
0
 

Author Comment

by:armydog
ID: 12322225
i'll try
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12322427
Hi
What's a 'DSO exploit' and how do I get rid of it?
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

I wouldn't worry too much - it's a glitch referencing a potential internet explorer problem, but if you're fully patched with IE you can safely ignore it. Otherwise get patched, then ignore it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12322609
debsyl99
have everything windows update has to offer for my pc.
does that include the patch your talking about?

sajuks
saved a file and copied this from it.
DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322679
go to the registry
if you have a 1004 (Reg_Dword) entry, double click on it and make sure it is set to zero. If you have a 1004 (Reg_sz) entry, click on it once (to highlight it) and hit the Delete Key on the keyboard.
Thats it. You're all done
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 25 total points
ID: 12322876
If you're fully up to date - yes - Unfortunately spybot is finding what used to be a vulnerability - if you're fully patched from windows update, then don't worry about it. I'm a network admin, so I need to check these things out. My home PC logs it and it's as clean as a whistle. Do some googling for spybot dso exploit - you'll see plenty written on it, so you won't just need to take my word for it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12323109
sajuks
ain't sure how to go about this,
when i go to the registry and navigate to zones..all 5 are listed like this

name                                    data
1004                                   0x00000003 (3)
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12323388
You can also delete the entry from spybot.
Else from spybot check which registry entry it is pointing to and then delete the corresponding entry.
In case yo uare unsure about it as Deb said let it be . its not a big deal . you can tel lspybot to deslect this entry from further searches.
0
 

Author Comment

by:armydog
ID: 12323646
thank you both for your suggeestions on this issue
armydog
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now