Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 483
  • Last Modified:

DSO Exploit

I have read over and tried so many things to solve this but it's still there.  I have run Ad-aware, SpySubtract, Noadware and Spybot and they are all clean except for Spybot that comes up with the same 5  DSO EXploit files. I delete them and they come back. I have updated my Spybot and have all the security patches on windows possible for my system. I also patched my Workes Suite and Microsoft picture it platinum. These DSO's don't show up on any of the adwares that I have mentioned except for Spybot. My computer isn't even a month old. Everything is up to date including my Norton Anti Virus.  Can any one tell me something else to do? Not anything to complicated I hope???  Thanks
0
jannet55
Asked:
jannet55
  • 5
  • 4
  • 2
  • +3
2 Solutions
 
SheharyaarSaahilCommented:
Hello jannet55 =)

Read here for the possible solutions,

Spybot keeps finding DSO exploit
http://www.computing.net/windowsxp/wwwboard/forum/104837.html
0
 
shahrialCommented:
It a bug...not to worry. Read here for details..;-)
http://forums.net-integration.net/index.php?showtopic=17159
0
 
gjohnson99Commented:
1. Turn off your system restore run spybot

2. if dose not do it then do a  manual remove from register with regedit  


0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
jannet55Author Commented:
How do I turn off system restore?  I have 2 computers.  My new pc is only a week or so old.  That is the one that Spybot shows 5 DSO Exploits.  When I go into regedit and follow the path I see that    the name is a Ab 1004 and the Type is REG-SZ.  Thie REG-SZ is only on the 1004 as the rest are REG-WORD.

My laptop is 2yrs old and doesn't get run as much but shows no DSO Exploits in the Spybot run.  When I follow the same path as my PC the 1004 is not a Ab but the same as all the ones under it.  The type is REG-WORD and REG WORD is listed all the way down with the other numbers.

I am not very computer smart but I guess I just know enough to be dangerous. :) :)

I have read all the above sites and I know that I can just wait for a upgrade in Sypbot to fix the problem. But sometimes a challenge ,,,, does challenge me.  Thanks
0
 
winkingtigerCommented:
Do everthing said above, but also find and then delete the dll file that keeps n replicating the dso.  It could be found in the system32 folder.  Once it is found, boot into safe mode delete from there, or else you will get some 'unable to delete' message because the file will claim it is in use.
0
 
gjohnson99Commented:
To turn off ->contorl panel -> system -> system restore

It ok to turn off the system restore, when get you system clean you can turn in back on

As for doing the register edit backup your register first.

to back it up  regedit  -> file  -> export .




0
 
jannet55Author Commented:
I did the system restore off and ran spybot and there was so change.  So I opened Regedit and did a export to a CD of the registry and now what.  Do I go in and change the REG-SZ to REG-WORD? And do I do that by right clicking and changing it to say DWORD?  All 5 of the exploits are in the 1004. and all of the have REG-SZ and not REG-WORD.  If that goofs thing up do I do a import from my CD to the Regristy then?  Thanks,  
0
 
gjohnson99Commented:
delete the entery that show up in spybot from register  

rerun spybot to make sure got them.
0
 
jannet55Author Commented:
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

That is just the first one Spybot shows.  Do I go in and just do a delete where the line starts in the description for instance, Ab 1004  REG-SZ    And then do that for the rest of the exploits that are named?  Forgive me for being so ignorant on this but sometimes it is hard to show a old dog new tricks!  :)
0
 
gjohnson99Commented:
ya just delete them
i
0
 
cnewgaardCommented:
This seems to work when I run into that issue with Spybot

http://www.experts-exchange.com/Security/Win_Security/Q_21054787.html#11525067
0
 
gjohnson99Commented:
And won't be getting add pop up
0
 
jannet55Author Commented:
Sorry I have been so long getting back to this problem but I had a family emergency and I had to leave town for 10 days.  But getting back  the REG_SZ, I try to right click that and all I get is a "new" with drop down of String value, DWORD value etc. I can delete the ab 1004 but I wasn't sure if that is what I should do???  Sorry for the delay!
0
 
cnewgaardCommented:
When you create the new DWORD it will add a value call New Value #1  Change that to 1004 and then double click on it and a new window will come up.  Change the Base to decimal and then type in a 3 for the value.  That should do the trick for ya.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 5
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now