Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DSO Exploit

Posted on 2004-10-15
18
Medium Priority
?
418 Views
Last Modified: 2013-12-04
hi
everytime i run spybot i get the DSO Exploit as a problem to fix...i can click on fix errors and run the program again,and its right back.
i went to the greymagic website and did this
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]
Change the value of "1004" (DWORD) to 3.

was this the right thing to do?
0
Comment
Question by:armydog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 2
18 Comments
 
LVL 33

Assisted Solution

by:sajuks
sajuks earned 100 total points
ID: 12320703
You need the latest updated version of spybot.
Chec kthis link
http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html

It seems that Spybot removes the DSO exploit but doesn't clean the registry. Hence the reappearance.
Start>Run type 'regedit' (without the qoutes)
Follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg.

HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3

After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.

Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok.

You may have to restart your pc for changes to take effect... i didn't.

Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)...
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321034
and to answer your question yes u did the rite thing.
The latest version of spybot too does the same change to the registry
0
 

Author Comment

by:armydog
ID: 12321306
sajuks
followed your steps in your post and my DSO EXploit entries changed from 2 to 1 so must have worked.
wasn't sure if i was supposed to look in different zone no.s for more of the same entries. 0-5 was listed and they all had values of 3 except in zone 2...so i followed your steps in that zone and am currently running spybot right now.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:armydog
ID: 12321427
sajuks
all the 1004 listings are showing a value of 3
but spybot is still listing 1 dso exploit
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321445
did you restart your machine once and check ?


0
 

Author Comment

by:armydog
ID: 12321552
sajuks
 ok restarted and am running right now.
now these changes i'm making to the registry won't effect the security of the pc in any way will they?

also my version of spybot is 1.3...is there a newer edition?
0
 

Author Comment

by:armydog
ID: 12321612
sajuks
after the restart and then running spybot again...i'm still getting 1 DSO Eploit entry.
could there be another DWORD entry causing this?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321628
1.3.1 is the latest version.
You will find a button for updating the detection rules. Chec kwhether all the detection rules 've been downloaded.
also remember to click on the immunize button to verify whether all bad products are blocked
the changes that  u've done is not going to compromise your security.
0
 

Author Comment

by:armydog
ID: 12321939
sajuks
checked for updates...have all the latest.
clicked on immunize and it displayed that 1997 currently blocked with 10 more i could immunize...did this.
ran spybot again and am still getting DSO Exploits 1 entry

is there anything else i can do...or should i just ignore this listing?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322069
can you post what spybot shows as the dso exploit
0
 

Author Comment

by:armydog
ID: 12322225
i'll try
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12322427
Hi
What's a 'DSO exploit' and how do I get rid of it?
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

I wouldn't worry too much - it's a glitch referencing a potential internet explorer problem, but if you're fully patched with IE you can safely ignore it. Otherwise get patched, then ignore it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12322609
debsyl99
have everything windows update has to offer for my pc.
does that include the patch your talking about?

sajuks
saved a file and copied this from it.
DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322679
go to the registry
if you have a 1004 (Reg_Dword) entry, double click on it and make sure it is set to zero. If you have a 1004 (Reg_sz) entry, click on it once (to highlight it) and hit the Delete Key on the keyboard.
Thats it. You're all done
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 100 total points
ID: 12322876
If you're fully up to date - yes - Unfortunately spybot is finding what used to be a vulnerability - if you're fully patched from windows update, then don't worry about it. I'm a network admin, so I need to check these things out. My home PC logs it and it's as clean as a whistle. Do some googling for spybot dso exploit - you'll see plenty written on it, so you won't just need to take my word for it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12323109
sajuks
ain't sure how to go about this,
when i go to the registry and navigate to zones..all 5 are listed like this

name                                    data
1004                                   0x00000003 (3)
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12323388
You can also delete the entry from spybot.
Else from spybot check which registry entry it is pointing to and then delete the corresponding entry.
In case yo uare unsure about it as Deb said let it be . its not a big deal . you can tel lspybot to deslect this entry from further searches.
0
 

Author Comment

by:armydog
ID: 12323646
thank you both for your suggeestions on this issue
armydog
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question