Improve company productivity with a Business Account.Sign Up

x
?
Solved

DSO Exploit

Posted on 2004-10-15
18
Medium Priority
?
422 Views
Last Modified: 2013-12-04
hi
everytime i run spybot i get the DSO Exploit as a problem to fix...i can click on fix errors and run the program again,and its right back.
i went to the greymagic website and did this
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]
Change the value of "1004" (DWORD) to 3.

was this the right thing to do?
0
Comment
Question by:armydog
  • 9
  • 7
  • 2
18 Comments
 
LVL 33

Assisted Solution

by:sajuks
sajuks earned 100 total points
ID: 12320703
You need the latest updated version of spybot.
Chec kthis link
http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html

It seems that Spybot removes the DSO exploit but doesn't clean the registry. Hence the reappearance.
Start>Run type 'regedit' (without the qoutes)
Follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg.

HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3

After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.

Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok.

You may have to restart your pc for changes to take effect... i didn't.

Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)...
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321034
and to answer your question yes u did the rite thing.
The latest version of spybot too does the same change to the registry
0
 

Author Comment

by:armydog
ID: 12321306
sajuks
followed your steps in your post and my DSO EXploit entries changed from 2 to 1 so must have worked.
wasn't sure if i was supposed to look in different zone no.s for more of the same entries. 0-5 was listed and they all had values of 3 except in zone 2...so i followed your steps in that zone and am currently running spybot right now.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 

Author Comment

by:armydog
ID: 12321427
sajuks
all the 1004 listings are showing a value of 3
but spybot is still listing 1 dso exploit
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321445
did you restart your machine once and check ?


0
 

Author Comment

by:armydog
ID: 12321552
sajuks
 ok restarted and am running right now.
now these changes i'm making to the registry won't effect the security of the pc in any way will they?

also my version of spybot is 1.3...is there a newer edition?
0
 

Author Comment

by:armydog
ID: 12321612
sajuks
after the restart and then running spybot again...i'm still getting 1 DSO Eploit entry.
could there be another DWORD entry causing this?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321628
1.3.1 is the latest version.
You will find a button for updating the detection rules. Chec kwhether all the detection rules 've been downloaded.
also remember to click on the immunize button to verify whether all bad products are blocked
the changes that  u've done is not going to compromise your security.
0
 

Author Comment

by:armydog
ID: 12321939
sajuks
checked for updates...have all the latest.
clicked on immunize and it displayed that 1997 currently blocked with 10 more i could immunize...did this.
ran spybot again and am still getting DSO Exploits 1 entry

is there anything else i can do...or should i just ignore this listing?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322069
can you post what spybot shows as the dso exploit
0
 

Author Comment

by:armydog
ID: 12322225
i'll try
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12322427
Hi
What's a 'DSO exploit' and how do I get rid of it?
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

I wouldn't worry too much - it's a glitch referencing a potential internet explorer problem, but if you're fully patched with IE you can safely ignore it. Otherwise get patched, then ignore it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12322609
debsyl99
have everything windows update has to offer for my pc.
does that include the patch your talking about?

sajuks
saved a file and copied this from it.
DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322679
go to the registry
if you have a 1004 (Reg_Dword) entry, double click on it and make sure it is set to zero. If you have a 1004 (Reg_sz) entry, click on it once (to highlight it) and hit the Delete Key on the keyboard.
Thats it. You're all done
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 100 total points
ID: 12322876
If you're fully up to date - yes - Unfortunately spybot is finding what used to be a vulnerability - if you're fully patched from windows update, then don't worry about it. I'm a network admin, so I need to check these things out. My home PC logs it and it's as clean as a whistle. Do some googling for spybot dso exploit - you'll see plenty written on it, so you won't just need to take my word for it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12323109
sajuks
ain't sure how to go about this,
when i go to the registry and navigate to zones..all 5 are listed like this

name                                    data
1004                                   0x00000003 (3)
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12323388
You can also delete the entry from spybot.
Else from spybot check which registry entry it is pointing to and then delete the corresponding entry.
In case yo uare unsure about it as Deb said let it be . its not a big deal . you can tel lspybot to deslect this entry from further searches.
0
 

Author Comment

by:armydog
ID: 12323646
thank you both for your suggeestions on this issue
armydog
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question