DSO Exploit Files

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I ran Spybot Search and Destroy and 5 files show up,
every time, stating the are DSO Exploit: Data Source
Object Exploit (Registry change, fixed) They are
HKEY_USERS\S-1-5-21- a bunch of numbers and then
\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\104!=W=3. Anyone have a clue as to what
they are and If they are safe to remove from the
registry? Spybot does not remove them. I can run spybot
and then close it and reopen it and they are there
again. Anyone know what these are and why Spybot won't
remove them even though it said it did?
Thanks for help.
Pat

 

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Pat Scott wrote:
> I ran Spybot Search and Destroy and 5 files show up,
> every time, stating the are DSO Exploit: Data Source
> Object Exploit (Registry change, fixed) They are
> HKEY_USERS\S-1-5-21- a bunch of numbers and then
> \Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\Zones\0\104!=W=3. Anyone have a clue as to what
> they are and If they are safe to remove from the
> registry? Spybot does not remove them. I can run spybot
> and then close it and reopen it and they are there
> again. Anyone know what these are and why Spybot won't
> remove them even though it said it did?

Problem with SpyBot.
http://www.safer-networking.org/en/faq/36.html

--
<- Shenan ->
--
The information is provided "as is", it is suggested you research for
yourself before you take any advice - you are the one ultimately
responsible for your actions/problems/solutions. Know what you are
getting into before you jump in with both feet.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Download their new version 1.3.1TX, latest detection update 2004-10-14.
The DSO EXPLOIT 'bug' has been fixed.

"Pat Scott" <anonymous@discussions.microsoft.com> schreef in bericht
news:16c401c4b67a$3bf761b0$a501280a@phx.gbl...
>I ran Spybot Search and Destroy and 5 files show up,
> every time, stating the are DSO Exploit: Data Source
> Object Exploit (Registry change, fixed) They are
> HKEY_USERS\S-1-5-21- a bunch of numbers and then
> \Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\Zones\0\104!=W=3. Anyone have a clue as to what
> they are and If they are safe to remove from the
> registry? Spybot does not remove them. I can run spybot
> and then close it and reopen it and they are there
> again. Anyone know what these are and why Spybot won't
> remove them even though it said it did?
> Thanks for help.
> Pat

 

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Thank you, I will try the newest version, I thought I had
it but I guess not. Thanks again.
Pat
''
>-----Original Message-----
>Download their new version 1.3.1TX, latest detection
update 2004-10-14.
>The DSO EXPLOIT 'bug' has been fixed.
>
>"Pat Scott" <anonymous@discussions.microsoft.com>
schreef in bericht
>news:16c401c4b67a$3bf761b0$a501280a@phx.gbl...
>>I ran Spybot Search and Destroy and 5 files show up,
>> every time, stating the are DSO Exploit: Data Source
>> Object Exploit (Registry change, fixed) They are
>> HKEY_USERS\S-1-5-21- a bunch of numbers and then
>> \Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings\Zones\0\104!=W=3. Anyone have a clue as to
what
>> they are and If they are safe to remove from the
>> registry? Spybot does not remove them. I can run
spybot
>> and then close it and reopen it and they are there
>> again. Anyone know what these are and why Spybot won't
>> remove them even though it said it did?
>> Thanks for help.
>> Pat
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Pat Scott wrote:
> I ran Spybot Search and Destroy and 5 files show up,
> every time, stating the are DSO Exploit: Data Source
> Object Exploit (Registry change, fixed) They are
> HKEY_USERS\S-1-5-21- a bunch of numbers and then
> \Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\Zones\0\104!=W=3. Anyone have a clue as to what
> they are and If they are safe to remove from the
> registry? Spybot does not remove them. I can run spybot
> and then close it and reopen it and they are there
> again. Anyone know what these are and why Spybot won't
> remove them even though it said it did?
> Thanks for help.
> Pat


Don't worry about it; it's a false alarm.

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of Spybot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of Spybot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.

Some people have reported that the Spybot Detection rules dated 30
Aug 04, when used with SpyBot S&D 1.3, will fix this problem.
However, I've had inconsistent results with that particular detection
update; sometimes it reads clean, then later it will once again find
the DSO problem, and then it will read clean again, all on the same
machine, with no other changes made.

--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH

 

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Not in my latest download it hasn't. Version 1.3tx still displays DSO
Exploits. The only way i have got round it is by disabling the option in the
settings. Open spybot and change the mode to Advanced. Click Settings and
select Ignore products from the list on the left of the screen. The ignore
product window opens with the All product tab. Scroll down until you come to
DSO Exploits and place a tick in the box on the left to disable it.

--
John Barnett MVP
Associate Expert
www.freelanceit.glowinternet.net

"Pat Scott" <anonymous@discussions.microsoft.com> wrote in message
news:1a5f01c4b6dc$80e3a740$a501280a@phx.gbl...
> Thank you, I will try the newest version, I thought I had
> it but I guess not. Thanks again.
> Pat
> ''
>>-----Original Message-----
>>Download their new version 1.3.1TX, latest detection
> update 2004-10-14.
>>The DSO EXPLOIT 'bug' has been fixed.
>>
>>"Pat Scott" <anonymous@discussions.microsoft.com>
> schreef in bericht
>>news:16c401c4b67a$3bf761b0$a501280a@phx.gbl...
>>>I ran Spybot Search and Destroy and 5 files show up,
>>> every time, stating the are DSO Exploit: Data Source
>>> Object Exploit (Registry change, fixed) They are
>>> HKEY_USERS\S-1-5-21- a bunch of numbers and then
>>> \Software\Microsoft\Windows\CurrentVersion\Internet
>>> Settings\Zones\0\104!=W=3. Anyone have a clue as to
> what
>>> they are and If they are safe to remove from the
>>> registry? Spybot does not remove them. I can run
> spybot
>>> and then close it and reopen it and they are there
>>> again. Anyone know what these are and why Spybot won't
>>> remove them even though it said it did?
>>> Thanks for help.
>>> Pat
>>
>>
>>.
>>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

John Barnett MVP wrote:
> Not in my latest download it hasn't. Version 1.3tx still displays
> DSO
> Exploits. The only way i have got round it is by disabling the
> option
> in the settings. Open spybot and change the mode to Advanced. Click
> Settings and select Ignore products from the list on the left of the
> screen. The ignore product window opens with the All product tab.
> Scroll down until you come to DSO Exploits and place a tick in the
> box on the left to disable it.
> --
> John Barnett MVP
> Associate Expert
> www.freelanceit.glowinternet.net
>
> "Pat Scott" <anonymous@discussions.microsoft.com> wrote in message
> news:1a5f01c4b6dc$80e3a740$a501280a@phx.gbl...
> > Thank you, I will try the newest version, I thought I had
> > it but I guess not. Thanks again.
> > Pat
> > ''
> > > -----Original Message-----
> > > Download their new version 1.3.1TX, latest detection
> > update 2004-10-14.
> > > The DSO EXPLOIT 'bug' has been fixed.
> > >
> > > "Pat Scott" <anonymous@discussions.microsoft.com>
> > schreef in bericht
> > > news:16c401c4b67a$3bf761b0$a501280a@phx.gbl...
> > > > I ran Spybot Search and Destroy and 5 files show up,
> > > > every time, stating the are DSO Exploit: Data Source
> > > > Object Exploit (Registry change, fixed) They are
> > > > HKEY_USERS\S-1-5-21- a bunch of numbers and then
> > > > \Software\Microsoft\Windows\CurrentVersion\Internet
> > > > Settings\Zones\0\104!=W=3. Anyone have a clue as to
> > what
> > > > they are and If they are safe to remove from the
> > > > registry? Spybot does not remove them. I can run
> > spybot
> > > > and then close it and reopen it and they are there
> > > > again. Anyone know what these are and why Spybot won't
> > > > remove them even though it said it did?
> > > > Thanks for help.
> > > > Pat
> > >
> > >
> > > .


It ran clean for me, this time, for what it's worth.

--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH

 

[Jan]

Archived from groups: microsoft.public.windowsxp.basics (More info?)

On Wed, 20 Oct 2004 00:55:58 -0700, "Pat Scott"
<anonymous@discussions.microsoft.com> wrote:

>I ran Spybot Search and Destroy and 5 files show up,
>every time, stating the are DSO Exploit: Data Source
>Object Exploit (Registry change, fixed) They are
>HKEY_USERS\S-1-5-21- a bunch of numbers and then
>\Software\Microsoft\Windows\CurrentVersion\Internet
>Settings\Zones\0\104!=W=3. Anyone have a clue as to what
>they are and If they are safe to remove from the
>registry? Spybot does not remove them. I can run spybot
>and then close it and reopen it and they are there
>again. Anyone know what these are and why Spybot won't
>remove them even though it said it did?
>Thanks for help.
>Pat




To get rid of the problem use this:


www.nsclean.com/dsostop.html