Solved

DSO Exploit

Posted on 2004-10-15
18
412 Views
Last Modified: 2013-12-04
hi
everytime i run spybot i get the DSO Exploit as a problem to fix...i can click on fix errors and run the program again,and its right back.
i went to the greymagic website and did this
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]
Change the value of "1004" (DWORD) to 3.

was this the right thing to do?
0
Comment
Question by:armydog
  • 9
  • 7
  • 2
18 Comments
 
LVL 33

Assisted Solution

by:sajuks
sajuks earned 25 total points
ID: 12320703
You need the latest updated version of spybot.
Chec kthis link
http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html

It seems that Spybot removes the DSO exploit but doesn't clean the registry. Hence the reappearance.
Start>Run type 'regedit' (without the qoutes)
Follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg.

HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3

After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.

Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok.

You may have to restart your pc for changes to take effect... i didn't.

Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)...
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321034
and to answer your question yes u did the rite thing.
The latest version of spybot too does the same change to the registry
0
 

Author Comment

by:armydog
ID: 12321306
sajuks
followed your steps in your post and my DSO EXploit entries changed from 2 to 1 so must have worked.
wasn't sure if i was supposed to look in different zone no.s for more of the same entries. 0-5 was listed and they all had values of 3 except in zone 2...so i followed your steps in that zone and am currently running spybot right now.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:armydog
ID: 12321427
sajuks
all the 1004 listings are showing a value of 3
but spybot is still listing 1 dso exploit
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321445
did you restart your machine once and check ?


0
 

Author Comment

by:armydog
ID: 12321552
sajuks
 ok restarted and am running right now.
now these changes i'm making to the registry won't effect the security of the pc in any way will they?

also my version of spybot is 1.3...is there a newer edition?
0
 

Author Comment

by:armydog
ID: 12321612
sajuks
after the restart and then running spybot again...i'm still getting 1 DSO Eploit entry.
could there be another DWORD entry causing this?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321628
1.3.1 is the latest version.
You will find a button for updating the detection rules. Chec kwhether all the detection rules 've been downloaded.
also remember to click on the immunize button to verify whether all bad products are blocked
the changes that  u've done is not going to compromise your security.
0
 

Author Comment

by:armydog
ID: 12321939
sajuks
checked for updates...have all the latest.
clicked on immunize and it displayed that 1997 currently blocked with 10 more i could immunize...did this.
ran spybot again and am still getting DSO Exploits 1 entry

is there anything else i can do...or should i just ignore this listing?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322069
can you post what spybot shows as the dso exploit
0
 

Author Comment

by:armydog
ID: 12322225
i'll try
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12322427
Hi
What's a 'DSO exploit' and how do I get rid of it?
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

I wouldn't worry too much - it's a glitch referencing a potential internet explorer problem, but if you're fully patched with IE you can safely ignore it. Otherwise get patched, then ignore it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12322609
debsyl99
have everything windows update has to offer for my pc.
does that include the patch your talking about?

sajuks
saved a file and copied this from it.
DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322679
go to the registry
if you have a 1004 (Reg_Dword) entry, double click on it and make sure it is set to zero. If you have a 1004 (Reg_sz) entry, click on it once (to highlight it) and hit the Delete Key on the keyboard.
Thats it. You're all done
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 25 total points
ID: 12322876
If you're fully up to date - yes - Unfortunately spybot is finding what used to be a vulnerability - if you're fully patched from windows update, then don't worry about it. I'm a network admin, so I need to check these things out. My home PC logs it and it's as clean as a whistle. Do some googling for spybot dso exploit - you'll see plenty written on it, so you won't just need to take my word for it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12323109
sajuks
ain't sure how to go about this,
when i go to the registry and navigate to zones..all 5 are listed like this

name                                    data
1004                                   0x00000003 (3)
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12323388
You can also delete the entry from spybot.
Else from spybot check which registry entry it is pointing to and then delete the corresponding entry.
In case yo uare unsure about it as Deb said let it be . its not a big deal . you can tel lspybot to deslect this entry from further searches.
0
 

Author Comment

by:armydog
ID: 12323646
thank you both for your suggeestions on this issue
armydog
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question