Re: XP New User - spyware question
From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 08/28/04
- Next message: Rich: "Re: MVP Help - Domain Access Problem After Win2000 Pro to WinXP Pro Upgrade."
- Previous message: Rich: "Re: Its kaput, gone !"
- In reply to: Godfather: "Re: XP New User - spyware question"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 28 Aug 2004 10:47:29 -0600
Greetings --
The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.
MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182
If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/
The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs
In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.
Bruce Chambers
-- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH "Godfather" <Godfather@discussions.microsoft.com> wrote in message news:DB35AB25-2DB7-414D-8F1B-588336EB1DCD@microsoft.com... > I'm having similar problem. I keep getting this result repeatedly > using the > same version of Spybot: > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > > HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > > HKEY_USERS\S-1-5-21-1960408961-1682526488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > > HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > > HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > > HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > GoldenPalace.Casino: Autorun settings (ucogqmabm) (Registry value, > nothing > done) > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ucogqmabm > > > > > "Patti MacLeod" wrote: > >> Hi Bob, >> >> The DSO Exploits that Spybot reports has been patched if you've >> installed >> the cumulative update MS02-015 (March 28, 2002), or any subsequent >> updates >> including SP1......however, Spybot still reports a "false positive" >> where >> these exploits are concerned. This "false positive" reporting is to >> be >> rectified in an upcoming update. In the meantime, have a look at >> this "How >> to exclude products from the search": >> http://www.safer-networking.org/en/howto/exclude.html >> Exclude the DSO Exploits from further searches. >> >> >> >> Regards, >> >> -- >> Patti MacLeod >> Microsoft MVP - Windows Shell/User >> >> "Bob Moyer" <bob.moyer@dol.net> wrote in message >> news:u8kjKdJjEHA.3896@TK2MSFTNGP15.phx.gbl... >> > SpyBot 1.3 has been run and highlighted in red a problem listed >> > as: >> > >> > "DSO Exploit" - 5 entries >> > >> > Expanding the item, it lists 5 registry entries DSO Exploit: Data >> > source >> > object exploit (Registry change, nothing done) >> > >> > HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet >> > Settings\Zones\0\1004!=W=3 >> > >> > DSO Exploit: Data source object exploit (Registry change, nothing >> > done) >> > >> > >> HKEY_USERS\SXXXXXXXXXXXXXXX\Software\Microsoft\Windows\CurrentVersion\Intern >> > et Settings\Zones\0\1004!=W=3 >> > >> > DSO Exploit: Data source object exploit (Registry change, nothing >> > done) >> > >> > HKEY_USERS\S-xxxxx\Software\Microsoft\Windows\CurrentVersion\Internet >> > Settings\Zones\0\1004!=W=3 >> > >> > DSO Exploit: Data source object exploit (Registry change, nothing >> > done) >> > >> > HKEY_USERS\S-XXXXXX\Software\Microsoft\Windows\CurrentVersion\Internet >> > Settings\Zones\0\1004!=W=3 >> > >> > DSO Exploit: Data source object exploit (Registry change, nothing >> > done) >> > >> > HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet >> > Settings\Zones\0\1004!=W=3 >> > >> > The series of X's in the keys above I put in to replace the >> > numbers that >> are >> > really there. Should these be deleted or left alone? I >> > certainly would >> > appreciate your help and advice. >> > >> > Thanks, >> > Bob >> > >> > >> > >> > >> >> >>
- Next message: Rich: "Re: MVP Help - Domain Access Problem After Win2000 Pro to WinXP Pro Upgrade."
- Previous message: Rich: "Re: Its kaput, gone !"
- In reply to: Godfather: "Re: XP New User - spyware question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
