Re: XP New User - spyware question
From: Godfather (Godfather_at_discussions.microsoft.com)
Date: 08/28/04
- Next message: Rich: "Re: SP2 reboot after install"
- Previous message: Rich: "Re: Blue screen and PPDrv.sys"
- In reply to: Patti MacLeod: "Re: XP New User - spyware question"
- Next in thread: Bruce Chambers: "Re: XP New User - spyware question"
- Reply: Bruce Chambers: "Re: XP New User - spyware question"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 28 Aug 2004 09:17:02 -0700
I'm having similar problem. I keep getting this result repeatedly using the
same version of Spybot:
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1960408961-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3
GoldenPalace.Casino: Autorun settings (ucogqmabm) (Registry value, nothing
done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ucogqmabm
"Patti MacLeod" wrote:
> Hi Bob,
>
> The DSO Exploits that Spybot reports has been patched if you've installed
> the cumulative update MS02-015 (March 28, 2002), or any subsequent updates
> including SP1......however, Spybot still reports a "false positive" where
> these exploits are concerned. This "false positive" reporting is to be
> rectified in an upcoming update. In the meantime, have a look at this "How
> to exclude products from the search":
> http://www.safer-networking.org/en/howto/exclude.html
> Exclude the DSO Exploits from further searches.
>
>
>
> Regards,
>
> --
> Patti MacLeod
> Microsoft MVP - Windows Shell/User
>
> "Bob Moyer" <bob.moyer@dol.net> wrote in message
> news:u8kjKdJjEHA.3896@TK2MSFTNGP15.phx.gbl...
> > SpyBot 1.3 has been run and highlighted in red a problem listed as:
> >
> > "DSO Exploit" - 5 entries
> >
> > Expanding the item, it lists 5 registry entries DSO Exploit: Data source
> > object exploit (Registry change, nothing done)
> > HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\Zones\0\1004!=W=3
> >
> > DSO Exploit: Data source object exploit (Registry change, nothing done)
> >
> >
> HKEY_USERS\SXXXXXXXXXXXXXXX\Software\Microsoft\Windows\CurrentVersion\Intern
> > et Settings\Zones\0\1004!=W=3
> >
> > DSO Exploit: Data source object exploit (Registry change, nothing done)
> > HKEY_USERS\S-xxxxx\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\Zones\0\1004!=W=3
> >
> > DSO Exploit: Data source object exploit (Registry change, nothing done)
> > HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\Zones\0\1004!=W=3
> >
> > DSO Exploit: Data source object exploit (Registry change, nothing done)
> > HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\Zones\0\1004!=W=3
> >
> > The series of X's in the keys above I put in to replace the numbers that
> are
> > really there. Should these be deleted or left alone? I certainly would
> > appreciate your help and advice.
> >
> > Thanks,
> > Bob
> >
> >
> >
> >
>
>
>
- Next message: Rich: "Re: SP2 reboot after install"
- Previous message: Rich: "Re: Blue screen and PPDrv.sys"
- In reply to: Patti MacLeod: "Re: XP New User - spyware question"
- Next in thread: Bruce Chambers: "Re: XP New User - spyware question"
- Reply: Bruce Chambers: "Re: XP New User - spyware question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
