Spybot always finds DSO Exploit

C

Carlosinfl

Loves the juice
Joined
Sep 25, 2002
Messages
6,633
I just did a fresh install of XP on my notebook for fun and loaded sp1.

I have spybot 1.3 and ad-aware 6 on my system (both up2date). I only go to message boards on my notebook.

Linuxquestions.org
Hardforums.com
Forums.pcper.com

When I run spybot 1.3 everyday...I get back 5 entries listed as "DSO EXPLOIT"

They all seem to be registry keys under HKEY_USER.

Why do these always show up? I have system restore off & I never use IE, just FF .9.3.

Any suggestions?
 
I get these too, I think its notifying you of an exploit in IE that isn't patched or something.

I can't click that link here at work, so I don't know what it says :D
 
I read that thread and the one guy had him download some utility DLExpert v0.98. Very nice freeware download manager. Spyware-free.(Ad-aware flags a false positive!) added 01/11/2001

I installed this and looks like it does not support english keys. It's all wierd and have no idea what I am doing...
 
You need to edit the registry Under The Reg Keys Identified you need to change the 1004 or 1001 manually:
HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0"
1001 and 1004
HKEY_LOCAL_MACHINE
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0"
1001 and 1004
HKEY_CURRENT_USER,
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
1001 and 1004
HKEY_LOCAL_MACHINE
"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3"
1001 and 1004

You need to set these Value of the REG_DWORD to 3. If there is NO REG_DWORD but there is another type delete that type and create a new DWORD and call it 1004 or 1001 (which ever one that Spy Bot Detects.

Cheers,
 
there is a new adaware, with a new core engine
Its adaware (pro) SE 1.03

Much better at cleaning out stuff, if you crank all the settings on.

Do not download 1.02 which was quickly patched for a hole.
 
I get the same thing on my system as the original poster does on his system. I have been wondering why this shows up everytime I use Spybot. Now with this new information in this thread, I can fix it. I hope. :)
 
I just played with this
If you go run - regedit
then find>> type in zones
In IE there are zones 0-1-2-3-4 (for my O/S)
in ea there are 1001 and 1004 amongst many others
they are in both HKLocal machine and same in HKCurrentusers

Just change all the 1001 and 1004 to 3 from 0 or 1

anyway thats my take on it :p
 
Qwestman said:
I get the same thing on my system as the original poster does on his system. I have been wondering why this shows up everytime I use Spybot. Now with this new information in this thread, I can fix it. I hope. :)
Click to expand...

You can definitely fix it. Just make sure you get the right keys in there. The exploit messes up the Registry, and changes the Key type to avoid being fixed. Sneaky bugger

One last note, if you are still having problems, do each key, than reboot, and continue. It can be a stubborn mother.
 
When I am in the reg, I see some folders labeled

0
1
2
3
4

In those folders I see the 1004 entrie that spybot detects. I modified that to value of 3 and or 0 and they always came back up under detection
 
NOTE: Bugger, Its going to be in Zone 1 and 3, leave 0 alone

You need to delete the 1004 entry and create a new REG_DWORD by right clicking anywhere in the key pane, and create a new REG_DWORD call it 1004 and give it an attribute 3

It should look like this


REGDWORD.JPG
 
so what you are saying is that in the 1 & 3 zone folders, I need to delete the 1004 REG_DWORD that already have a value or 3 and recreate a new DWORD Value and give it a value of 3 again?

Just want to be sure I understand this...
 
Post a screen shot of your Spy Bot Result. You need to browse to the Sections where spy bot identifies. The ones above were mine. Also if you can post a screen shot of your registry. If you can't host, send them to me via email at [email protected]

Cheers,
 
You must log in or register to reply here.
Back
Top