Re: Spybot DSO Exploit

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Donald McDaniel (orthocrossNOSPAM_at_cablespeedDOTcom.invalid)
Date: 09/09/04 

Date: Thu, 09 Sep 2004 08:03:55 -0700

On Wed, 8 Sep 2004 20:35:20 -0700, "FM" <fm@ncinternet.com> wrote:

>The problem can be fixed easily if you do it right. It seems no one has
>properly advised us beginners on how to correct the problem. In my case I
>had five different "0\1004" zones that needed to be changed. I found the
>solution by chance. I changed all of them the same way. I will just
>illustrate one.
>
>SpyBot's DSO Exploit:
>HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
>Settings\Zones\0\1004!=W=3
>
>What the program is saying is the the "W" has to be changed to 3. The "W" in
>this case is the "Dword".
>
>1.If you follow the above path in the registry to the 0 zone folder you will
>see in the right hand window the number 1004 in the name column.
>2. In the next column, the Data column, you will find a blank. This blank
>has to be changed to "x00000003(3)"
>3. To do this you have to right click on the data column. A "NEW" will
>appear. Click on it. From popup screen select "DWORD Value".
>4. This will put a "NEW Value #1" at the bottom of the window. Left click on
>the small icon on the left of the "New Value #1" file.
>5. An "Edit DWORD Value" screen will appear.
>6. In the "Value Data" window insert the number 3. (make sure the Base
>Hexadecimal is checked) then click ok.
>7. Then go back and delete the original 1004 file.
>8. Rename the "NEW Value #1" number "1004".
>
>Once you've done all the registry entries showing in SPYBot's DSO
>Exploit...the problem will be solved.
>
>FM
>
A much easier way to avoid SpyBot S&D constantly showing the DSO
Exploit, which does not require Registry entries, is outlined below:
1) Make sure you have the latest version of SpyBot S&D installed
(1.3.0.12).
2) Open SpyBot S&D, click on "Settings".
3) Click on "Ignore products".
4) Click on "All Products" tab
5) Scroll down list until you come to the "DSO Exploit" entry.
6) Put a check mark beside it.
7) Close SpyBot S&D.

Donald L McDaniel
Keep the thread intact
Post reply to original newsgroup
=======================================================

Relevant Pages

  • Re: IEXPLORE.exe has generated errors and will be closed by Windows
    ... If you have been installing updates for Windows and IE, you can have Spybot ... Do a google search for +spybot +dso +exploit. ... > My operating software is Windows 2000 Professional ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: DSO Exploit
    ... DSO Exploit means a lot of different ... It looks to me like Spybot is just ... Installing IE6 and Office XP / 2002 or the Outlook Security Update ... Because of these attack vectors, you're probably not going to be too likely ...
    (microsoft.public.security)
  • Re: DSO Exploit glitch in Spybot?
    ... Basically what's happening is that Spybot is finding that the security setting ... it's the DSO EXPLOIT reg-entry part at the bottom ... Data source object exploit (Registry change, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: DOS Exploit Executing programs
    ... > be forwarded to Spybot or Microsoft. ... > Microsoft Internet Explorer and reported it to the public. ... > dynamically inserted HTML fragments at any point in the ... > sources (DSO) for Data Binding can be almost anything, ...
    (microsoft.public.windowsxp.hardware)
  • Re: CD-TRAY
    ... | The DSO exploit was patched long ago by IE Cumulative Update ... the makers of Spybot will soon fix this bug. ... | Ignore Products> Security> DSO Exploit, to turn off the false alarm. ...
    (microsoft.public.security.virus)