Re: DSO Exploit glitch in Spybot?
From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 07/14/04
- Next message: Bruce Chambers: "Re: converting FAT to NTFS"
- Previous message: Hilary Karp: "Re: BackDoor-AZV.gen : My Silicon Titties 8602"
- In reply to: KillerQ: "DSO Exploit glitch in Spybot?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 13 Jul 2004 20:12:52 -0600
Greetings --
The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.
MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182
If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/
The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs
In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.
Bruce Chambers
-- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH "KillerQ" <KillerQ.19bzja@news.nospam.local> wrote in message news:KillerQ.19bzja@news.nospam.local... > > Hey all, > > This is my first post on here -- so I hope that this is in the correct > section. I have had my battles with virii and spyware in the past, as > well as homepage hijackings, etc..... And since I run AVG, Adaware, > and now spybot, regularly, there seems to be nothing that i cannot get > rid of for good. I have recently run cwshredder, and removed some > things as well.... > > Anyway, my question is -- even after everything seems clean, when i > run spybot i get the following results (the top part is self > explanitory to me, it's the DSO EXPLOIT reg-entry part at the bottom > that I do not totally understand). ALso, I hear that this may be a > glitch that is known in the current version of Spybot -- I just wanted > to make sure that it's nothing to worry about -- and I have updated all > thye critical patches for XP home, as well..... Here is the info: > > > ----------- > > DoubleClick: Tracking cookie (Internet Explorer: Matt) (Cookie, > nothing done) > > > Avenue A, Inc.: Tracking cookie (Internet Explorer: Matt) (Cookie, > nothing done) > > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-21-1307759246-3641812577-2111303108-1008\Software\Mic rosoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > > --- Spybot - Search && Destroy version: 1.3 --- > 2004-07-09 Includes\Cookies.sbi > 2004-07-09 Includes\Dialer.sbi > 2004-07-09 Includes\Hijackers.sbi > 2004-07-09 Includes\Keyloggers.sbi > 2004-05-12 Includes\LSP.sbi > 2004-07-09 Includes\Malware.sbi > 2004-07-09 Includes\Revision.sbi > 2004-07-02 Includes\Security.sbi > 2004-07-09 Includes\Spybots.sbi > 2004-07-09 Includes\Tracks.uti > 2004-07-09 Includes\Trojans.sbi > > ----------------------- > > > Well, there it is.... Now since the DSO entries each say "Registry > change, nothing done" i don't know if this is something that windows > automatically changes all the time, and this is normal for this to > show in the scan results - or if it's a harmless preference that I > change that makes those appear or what..... Or if it is, in fact, the > glitch. I looked on the spybot FAQ and they didn't really go ionto > detail...If you could explain this > to me -- i would greatly appreciate it!!! > > > Thanks in advance, > > Matt > (magicianstalk@hotmail.com) > > P.S. Has anyone noticed that cwshredder is not able to update via the > program lately? > > > -- > KillerQ > -------------------------------------------------------------------- ---- > KillerQ's Profile: http://extremetechsupport.com/forum/member.phtml?userid=269 > View this thread: http://extremetechsupport.com/forum/showthread.phtml?t=41077 >
- Next message: Bruce Chambers: "Re: converting FAT to NTFS"
- Previous message: Hilary Karp: "Re: BackDoor-AZV.gen : My Silicon Titties 8602"
- In reply to: KillerQ: "DSO Exploit glitch in Spybot?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
