DSO Exploit

hi. im not really experiencing any problems with spyware right now but i just scanned my computer using spybot and i keep geting a DSO exploit. I cannot remove it. Could someone tell me what it is?

 

The DSO "Data Source Object" Exploit is a bug in Internet Explorer that could, under certain circumstances, allow untrusted software to run - in other words, a vulnerability.

To fix this issue...
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixdso.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixdso.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you complete the above, complete another scan with Spybot and see if it returns.

 

yes it is still there.

 

That's the fix for the latest DSO exploits, attach your Spybot scan log.

 

maybe it has something to do with the updates? i never got the DSO exploit before but i searched for updates today and now i get it.

 

ok here it is.

 

Hi. If someone could help me real quick that would be nice. I'm afraid to turn off my computer if it isn't safe. Thanks

 

If you have completed post #2, the manualy regedit you should be fixed up. I will double check to confirm.

 

i did do step #2 but it did not fix it.

 

Do you have Spybot's TeaTimer or any other antispyware program running because it could be causing a block?

Also, try fixing it with Spybot and see if it will fix it. The manual regedit should fix it because it sets the values to 3 where they are supposed to be.

 

It will fix it but if i scan again it will show up again. I have Teatimer but i don't think it is running.

 

I have spyware guard running. I also have a firewall.

 

Thats probably whats blocking the change then, you will have to do a manual regedit to each key.

Click Start > Run > Type in regedit

Navigate to the following key:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
On the right hand side look for the DWORD value "1004". Right click on "1004" and select modify. Now change the value data to 3. Click OK

Navigate to the following key:

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
On the right hand side look for the DWORD value "1004". Right click on "1004" and select modify. Now change the value data to 3. Click OK

Navigate to the following key:

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
On the right hand side look for the DWORD value "1004". Right click on "1004" and select modify. Now change the value data to 3. Click OK


Navigate to the following key:

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
On the right hand side look for the DWORD value "1004". Right click on "1004" and select modify. Now change the value data to 3. Click OK


Navigate to the following key:

HKEY_USERS\S-1-5-21-1110412475-2304659736-1445258045-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
On the right hand side look for the DWORD value "1004". Right click on "1004" and select modify. Now change the value data to 3. Click OK


After you complete the above, exit registry editor, reboot and do another scan with Spybot.

 

HKEY_USERS\S-1-5-21-2280197863-308232438-2037070609-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
On the right hand side look for the DWORD value "1004". Right click on "1004" and select modify. Now change the value data to 3. Click OK


I can't find this. I click on HKEY_USERS but there is no S-1-5-21-2280197863-308232438-2037070609-1003

 

Procede on with the next key, see if they come back after a restart.

 

which key? i have S-1-5-21-1110412475-2304659736-1005
i don't have that one that you posted

 

ok thanks for clearing that up chaslang

 

Now, after you complete each edit reboot and do another scan and see if they come back.

 

it won't go away. this is really getting on my nerves.

 

Attach the new Spybot log.

 

is this really a big problem? cause school starts tomrrow and i raelly need to get to bed

 

No it's really not a huge deal but it does need to be addressed as soon as possible. We will get it tomorrow, go on to bed

 

here is the log. i think when i rebooted the registry values went back to the originals.

 

thanks for your help man. i really appreciate it.

 

Reboot into Safe Mode and then complete the below...

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixdso1.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixdso1.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

i can't add the registry. there was an error in accessing the registry.

 

should i try it in normal mode?

 

am i the only one with this problem?

 

is there anyway to fix it?

 

http://forums.majorgeeks.com/showthread.php?t=70491

sorry for the repeated posting but i need to figure this out before i go nuts. i have the same problem as this person. spybot scans were coming out clean before but after i updated it i got those DSO exploits.

 

so what action should i take? is it ok to just leave it the way it is?

 

I have windows xp with service pack 2. my computer is set to download automatic updates. it asks me to install every once in a while when i shut down.

I have tried to manually edit the registry but they just keep changing back. How do i tell spybot to ignore it?

 

i skimmed through it just now.

i have a question. is it recommended to set spybot to ignore the exploits? because setting it to ignore and just physically ignoring it have the same results.

 

i have a firewall

 

I use symantec personal firewall. i didn't disable Windows Security center

 

Actually i think 4 of the entries were fixed because the scan only shows 1 entry now.

 

The one in S-1-5-21

 

I just did and the spybot scan i ran still showed the same problem. Well I'll stop wasting your time. I think it's best for me to just leave it alone if it really isn't any harm.

 

yes i fixed it manually. It did show the change in effect but spybot still picks it up in the scans.

 

yes. i am sure