DSO Exploit: Removal instructions
Links: home · search · speed test · login · more ·
 
Links: Reply New Topic
Forums » Security » Security » DSO Exploit: Removal instructions

John2g @ 9th Dec 02:49PM:
DSO Exploit: Removal instructions

I don't know if this had been posted before. It might help someone. I saw it posted on another forum.

DSO Exploit
Removal Instructions and Help

What is a DSO Exploit?

If you use Spybot Search and Destroy or another spyware removal tool, it may find an item called DSO Exploit. This exploit is a bug in Internet Explorer that under certain circumstances would allow untrusted software to run on the computer. In other words, its a hole in Internet Explorer that unsavoury characters could use to gain access to your system.

However, if you are running the latest version of Internet Explorer and have all your Windows Updates installed, the bug has been patched and is not a threat to your computer system. Even though Spybot may still show it as a threat.

How do I remove the DSO Exploit?

If you have the latest Internet Explorer version and all your Windows Updates, you can safely ignore the DSO Exploit as a potential problem when Spybot Search and Destroy or other spyware removal tools discover it. However if you would rather fix the exploit so it does not show up again, follow these steps to edit your Windows Registry. Please be careful however, incorrect changes to the Windows Registry can cause Windows to not boot.

1) Make a note of the location(s) of the exploit shown in Spybot, something similar to:

HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\M*cros*ft\Windows\CurrentVers ion\Internet Settings\Zones\0\1004!=W=3

2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor

3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title

4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

Repeat if there's more than one entry.

5) Close the Registry Editor and Reboot your computer

6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.
reply
Fat City @ 9th Dec 03:21PM:
Re: DSO Exploit: Removal instructions

A longer but very thorough version of the removal procedure:
»Re: Spybot - Search & Destroy 1.3.1 TX Update!!

Written by:
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
reply
Tactics @ 9th Dec 09:47PM:
Re: DSO Exploit: Removal instructions

uhhh... or you can just go here and dl the fix and be done in about 25 seconds. :)

»www.majorgeeks.com/download4392.html
reply
Chameleon @ 10th Dec 11:53PM:
Re: DSO Exploit: Removal instructions

This is for anyone else that comes across the DSO exploit. Tried to re-download the program and it didn't work. I have all the updates and it still shows up. Just take a little time and change the registry. It quick and painless and it works!
--
I have no idea what I'm doing, but someday I'll understand this stuff!!!
reply
TheMetrix @ 11th Dec 12:39AM:
Re: DSO Exploit: Removal instructions

Works like a charm.
reply
Name Game @ 11th Dec 06:51AM:
Re: DSO Exploit: Removal instructions

Has anyone ever found a badboy taking advantage of this exploit in the wild..or is everyone just messing around with this because of the proof of concept promoted some months back? :D
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/
reply
Chameleon @ 11th Dec 09:34AM:
Re: DSO Exploit: Removal instructions

Well I guess you can call it "control freak" or "neat freak" or whatever anyone wants to call it, but I was very annoyed by this coming up in Spybot, so I "cleaned" it up.:)
--
I have no idea what I'm doing, but someday I'll understand this stuff!!!
reply
Name Game @ 11th Dec 11:08AM:
Re: DSO Exploit: Removal instructions

said by Chameleon:

Well I guess you can call it "control freak" or "neat freak" or whatever anyone wants to call it, but I was very annoyed by this coming up in Spybot, so I "cleaned" it up.:)
Set the old spybot to ignore it..:D maybe they will fix it next year..
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/
reply
dadkins @ 11th Dec 11:22AM:
Re: DSO Exploit: Removal instructions

said by Name Game:

said by Chameleon:

Well I guess you can call it "control freak" or "neat freak" or whatever anyone wants to call it, but I was very annoyed by this coming up in Spybot, so I "cleaned" it up.:)
Set the old spybot to ignore it..:D maybe they will fix it next year..
I was just going to suggest the same thing! You beat me to it! LOL!
--
No Firefox here, move along!
reply
Chameleon @ 11th Dec 12:38PM:
Re: DSO Exploit: Removal instructions

I took 15 minutes and fixed the problem. No big deal! Simple fix!!! Why ignore something if it needs to be fixed?
--
I have no idea what I'm doing, but someday I'll understand this stuff!!!
reply
happin_in @ 11th Dec 04:21PM:
Re: DSO Exploit: Removal instructions

I deleted Spybot and that fixed the problem
reply
sumukh @ 2nd Jan 07:49AM:
Re: DSO Exploit: Removal instructions

DSO exploit is a common problem. I have found good explaination on DSO exploit removal at following link.

»www.cheapest-computer-hardware-s···val.html

Thanks & regards

Sumukh
reply
amysheehan @ 2nd Jan 08:03AM:
Re: DSO Exploit: Removal instructions

said by sumukh:





DSO exploit is a common problem. I have found good explaination on DSO exploit removal at following link.

»www.cheapest-computer-hardware-s···val.html

Thanks & regards

Sumukh
The instructions in that link include:
6) Rename the 1004 files to 1003 then exit regedit.

That information is incorrect.

If you prefer to do it thru regedit see the OP's instructions in:

4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

For more information see this post:
said by Fat City:



A longer but very thorough version of the removal procedure:
»Re: Spybot - Search & Destroy 1.3.1 TX Update!!

Written by:
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
EDIT: ADD: Easiest fix for most users - update to the Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC