Solution to Spybot DSO

Chas,

I ran Spybot S&D with the 20050819 Defs and also got the DSO exploit. The five registry keys were:

To fix this run regedit and navigate to the registry keys indicated by Spybot and modify the DWORD value to 3.

Reboot, Run Spybot again, the DSO Exploit will no longer be found.

 

Thanks SPD, I was in the process of researching this new DSO issue. For any user that views this thread I will make the fix available.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixdso.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixdso.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

I was suprised that they started showing up with the latest defs, and in Zone0 every time. Surfing around researching the latest postives, it seems that having spybot fix it, doesn't always work. The regedit fix works, to resolve the issue. I've rebooted several times and run spybot after system restart, I get no positive results after the manual regedit.

Microsoft supposedly fixed the DSO Exploit issue. So, why is Spybot finding it in Zone0? I suspect it is a bug in Spybot.

 

I just checked all 4 PCs in the house and they all have the 1004 key in Zone\0. DWORD:00000000. Manually editing the DWORD value to 3, on all 5 registry keys shown by Spybot does the trick.

 

I concur with that assessment.

 

I should add that if the manual regedit fails, then something is blocking the fix. SpywareGuard and MS Anti-Spyware are both active on my system, and neither blocked the fix.

 

This key is system specific:

HKEY_USERS\S-1-5-21-507921405-1614895754-839522115-1004

and will be different on another system.

 

I'm following the other threads closely.