|
Temporarily Pinned/stuck: DSO Exploit keeps coming back! & bad checksum
Hello all!
Wondering why every time you run Spybot v1.3 it finds and fixes the same DSO Exploit, even when you just scanned and fixed it? Rest easy! It's because of a bug in the new version that hasn't been fixed yet. Assurance has been given that this bug will be addressed in an update yet to come. More information as well as several suggestions/instructions on how to stop the false DSO Exploit being reported can be found in both of the following links. http://forums.net-integration.net/in...pic=15308&st=0 http://forums.net-integration.net/in...ic=17159&st=30 You will find it is said repeatedly when you read through these, if you are currently up-to-date with Microsoft Windows Security Updates, your system is protected against these exploits! If the repeated reports bother you, feel free to use one of the suggested fixes, or exclude them from Spybot's scan for now. |
noahdfear: Earlier today Oscar raised this very point. I was curious about the same issue, and then JohnB posted similar information to what you just offered. Here's the link to that thread:
http://www.windowsbbs.com/showthread.php?t=33003 It doesn't offer the workarounds that your first link does, however. Personally, although I've worked with RegEdit before, I think I'll wait until Spybot provides an update containing a fix. As has been made clear already, the bug is harmless and messing with the Registry isn't worth the potential risk, to me at least. |
Here are couple more that we should not be concerned with,,
Both false possitives. VX2/f: Settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Vendor http://forums.net-integration.net/in...=0&#entry89133 Possible Extension Hijack http://forums.net-integration.net/in...howtopic=19542 |
!!! bad checksum ! when downloading
http://www.net-integration.net/tools/sbsdupdate.html |
Wow thanks all.....I also have that problem of not being able to download that Explorer update....It says i need IE 6.0 to install and thats what i have..I'll go and look up that number that was posted in one of the forums....but knowing this about spybot i don't have to worry so much.
thanks bunches ann |
DSO Exploit in Spybot
To all of you that cannot remove DSO Exploit from Spybot. The manufacture states on their web site that their next update will resolve the problem. I have downloaded and installed 3 updates and it was still present.
However, I did find a sure simple way for it's removal. I can't take any credit for it as I read it in one of Langalist's news letter. Which I recommend as a must read. So here goes guys and gals it works as well as being simple. 1. Open Spybot & select " Advanced Mode". 2. Select : Settings in the left column 3. Select " Ignore" product in the left column 4. Select " Security Tab" 5. Place a check mark in box beside "DSO Exploit". 6 Close program 7. Open Spybot & run a scan. I haven't seen DOS Exploit since. Good luck. |
You can wait for the next version or in settings check to get the beta updates then ony get the beta main app update, not the includes, unless you intend to always check at the forum befor fixing.
when you first check for problems it might find the DSO once fix it, on subsequent scans it will not. Or temporaraly exclude/ignore as Oscar has mentioned |
Could someone here please comment on this procedure that I found elsewhere on the net for getting rid of the DSO Exploit?
RE: dso exploit Hi Barry, Regarding your post on removing DSO Exploit, please review the following steps: PROBLEM: Spybot Search & Destroy identifies malware called "DSO Exploit" is infecting your registry but Spybot S&D is unable to remove or correct the problem. Because Spybot S&D cannot resolve the problem it may report the symptom each time you scan. Spybot S&D may identify a DSO exploit in any of the following five registry keys. HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 HKEY_USERS\S-1-5-21-746137067-1677128483-854245398-1003\Software\Microsoft\W indows\CurrentVersion\Internet Settings\Zones\0\1004 HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 Note: The long number <GUID> in the second key (after S-5-21-) varies from machine to machine. CAUSE: Spybot S&D cannot correct the problem because the registry keys in question are corrupt. The registry keys identified above are legitimate but the data type has been changed by a 3rd party program from the original type: REG_DWORD to a different type: REG_SZ. This type setting prevents Spybot S&D from resolving this issue. RESOLUTION: Change all of the [1004] keys from type Reg_SZ to type REG_DWORD and XXX ign each a value = 3. Note: as a precaution you should back up each key prior to making the changes. SPECIFIC STEPS: 1. Click Start, then Run.. 2. Type REGEDIT in the Run box and either hit Enter or click OK. 3. Locate the following registry key: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 4. Right-click on the 1004 key and select Rename 5. Rename this key to -1004. <minus 1004> Note: this -1004 key will be the backup of the original key. 6. Click on the Edit menu, then New and select DWORD value. 7. Give the new Key a name of 1004. 8. Right-click the new 1004 key, select Modify, give it a value 3 and click OK. 9. Repeat steps 3-7 for each of the above registry keys. Note: remember that the long number after S-1-5-21 above will differ on each machine. 10. Close the registry editor. 11. Click Start, then Control Panel. 12. Click Network And Internet Options, then click Internet Options to open up the Internet properties. 13. Click on the Security tab, then click the Internet icon, then click Custom level. 14. Ensure that Download unsigned ActiveX controls is set to Disable. 15. Click [OK] on Security Settings and then click [OK] to close Int ernet Properties. 16. Run Spybot S&D again, this time DSO Exploit should not show up. ========= This posting is provided "AS IS" with no warranties, and confers no rights. MBSA Homepage: http://www.microsoft.com/MBSA Windows XP Security Homepage: http://www.microsoft.com/windowsxp/security/default.asp Windows 2000 Security Homepage: http://www.microsoft.com/windows200..ity/default.asp Top 10 Windows Newsgroups Security Questions: http://www.microsoft.com/technet/ne..technet/newsgro ups/nodepages/sectop10.asp ========= Paul Hayes, MCSE Product Support Services Microsoft Corporation pauly@online.microsoft.com -------------------- |
I applied the regestry fix outlined above for the "1004" entries. Opened Spybot S&D and removed the ignore DSOExploit check mark and ran the program. Also had new defs dl'ed. I got no hits on anything.
If the new defs didn't fix it then the regestry fix must have. |
| All times are GMT +1. The time now is 04:24. |
Powered by vBulletin®
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.1
Copyright © 2002 - 2010 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy