Link to home
Start Free TrialLog in
Avatar of LorneBackler
LorneBackler

asked on

What type of exploits is a DSO Exploit and what could a hacker do through it

WHat does it mean by changing the key from what it was to 3?
What does it mean if the value was 0?
What does it mean if the value was 1?
What does it mean if the value was 2?
What does it mean if the value was 3? And why does this make it more secure?
What type of exploits is a DSO Exploit and what could a hacker do through it.
And why is there more then one location?
And on a server that is running iis 6.0 should the registry keys be changed as well or is it only for desktop machines which use the internet?

Please read below for more information. Thanks!

HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor

3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title

4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

5) Close the Registry Editor and Reboot your computer

6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.


Thanks!
Avatar of Phil_Agcaoili
Phil_Agcaoili
Flag of United States of America image
Read this article by Leo Laporte (TechTV)

DSO exploit article:
http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html


Read the thread for 2 pages...

THE WRONG ANSWER:
======================================
To fix this probelem please follow the steps below. As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

Right click the error found in spybot and select "more details","jump to location". This will open registry editor and go to the correct registry entry to modify. Sometime Spybot doesn't do the jump the first time for some reason, just do it again to kick it into action.

You will see it has focused on an entry which is 1004 of the type "reg_sz", this should actually be a "reg_dword".

You will need to delete the 1004 entry.

Create a new DWORD called 1004 by right clicking on the folder which contained this entry (normally "0"), select New, DWORD value. The default value it's given is "0"

Double click 1004 and change "0" to "3".

This will need to be done for every DSO exploit entry that Spybot has found.

As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

Posted by: jim at September 5, 2004 06:41 PM
======================================

THE RIGHT ANSWER:
As stated in the article, there is no need to do that. All you need do is make sure IE is up to date, and then ignore the warning in SpyBot, until SpyBot is updated to fix it.

Posted by: Leo at September 5, 2004 10:00 PM
======================================

IF YOU ARE PARANOID AND WANT TO ENSURE ALL IS WELL:

http://spaces.msn.com/members/greyhat/Blog/cns!1pUk7QRF4x9-c8NiDSc_ZYKg!129.entry

http://www.majorgeeks.com/download4392.html

ASKER CERTIFIED SOLUTION
Avatar of Phil_Agcaoili
Phil_Agcaoili
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial