Solved

DSO Exploit

Posted on 2004-10-15
18
413 Views
Last Modified: 2013-12-04
hi
everytime i run spybot i get the DSO Exploit as a problem to fix...i can click on fix errors and run the program again,and its right back.
i went to the greymagic website and did this
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]
Change the value of "1004" (DWORD) to 3.

was this the right thing to do?
0
Comment
Question by:armydog
  • 9
  • 7
  • 2
18 Comments
 
LVL 33

Assisted Solution

by:sajuks
sajuks earned 25 total points
ID: 12320703
You need the latest updated version of spybot.
Chec kthis link
http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html

It seems that Spybot removes the DSO exploit but doesn't clean the registry. Hence the reappearance.
Start>Run type 'regedit' (without the qoutes)
Follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg.

HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3

After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.

Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok.

You may have to restart your pc for changes to take effect... i didn't.

Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)...
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321034
and to answer your question yes u did the rite thing.
The latest version of spybot too does the same change to the registry
0
 

Author Comment

by:armydog
ID: 12321306
sajuks
followed your steps in your post and my DSO EXploit entries changed from 2 to 1 so must have worked.
wasn't sure if i was supposed to look in different zone no.s for more of the same entries. 0-5 was listed and they all had values of 3 except in zone 2...so i followed your steps in that zone and am currently running spybot right now.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:armydog
ID: 12321427
sajuks
all the 1004 listings are showing a value of 3
but spybot is still listing 1 dso exploit
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321445
did you restart your machine once and check ?


0
 

Author Comment

by:armydog
ID: 12321552
sajuks
 ok restarted and am running right now.
now these changes i'm making to the registry won't effect the security of the pc in any way will they?

also my version of spybot is 1.3...is there a newer edition?
0
 

Author Comment

by:armydog
ID: 12321612
sajuks
after the restart and then running spybot again...i'm still getting 1 DSO Eploit entry.
could there be another DWORD entry causing this?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12321628
1.3.1 is the latest version.
You will find a button for updating the detection rules. Chec kwhether all the detection rules 've been downloaded.
also remember to click on the immunize button to verify whether all bad products are blocked
the changes that  u've done is not going to compromise your security.
0
 

Author Comment

by:armydog
ID: 12321939
sajuks
checked for updates...have all the latest.
clicked on immunize and it displayed that 1997 currently blocked with 10 more i could immunize...did this.
ran spybot again and am still getting DSO Exploits 1 entry

is there anything else i can do...or should i just ignore this listing?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322069
can you post what spybot shows as the dso exploit
0
 

Author Comment

by:armydog
ID: 12322225
i'll try
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12322427
Hi
What's a 'DSO exploit' and how do I get rid of it?
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

I wouldn't worry too much - it's a glitch referencing a potential internet explorer problem, but if you're fully patched with IE you can safely ignore it. Otherwise get patched, then ignore it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12322609
debsyl99
have everything windows update has to offer for my pc.
does that include the patch your talking about?

sajuks
saved a file and copied this from it.
DSO Exploit: Data source object exploit (Registry change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12322679
go to the registry
if you have a 1004 (Reg_Dword) entry, double click on it and make sure it is set to zero. If you have a 1004 (Reg_sz) entry, click on it once (to highlight it) and hit the Delete Key on the keyboard.
Thats it. You're all done
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 25 total points
ID: 12322876
If you're fully up to date - yes - Unfortunately spybot is finding what used to be a vulnerability - if you're fully patched from windows update, then don't worry about it. I'm a network admin, so I need to check these things out. My home PC logs it and it's as clean as a whistle. Do some googling for spybot dso exploit - you'll see plenty written on it, so you won't just need to take my word for it,

Deb :))
0
 

Author Comment

by:armydog
ID: 12323109
sajuks
ain't sure how to go about this,
when i go to the registry and navigate to zones..all 5 are listed like this

name                                    data
1004                                   0x00000003 (3)
0
 
LVL 33

Expert Comment

by:sajuks
ID: 12323388
You can also delete the entry from spybot.
Else from spybot check which registry entry it is pointing to and then delete the corresponding entry.
In case yo uare unsure about it as Deb said let it be . its not a big deal . you can tel lspybot to deslect this entry from further searches.
0
 

Author Comment

by:armydog
ID: 12323646
thank you both for your suggeestions on this issue
armydog
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bombarded with 45000+ event ID from the same computer ? 10 81
Using cipher to decrypt files. 4 87
Scan Mac for security breach? 5 82
Password reset 1 37
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question