here's the fix.... Start>Run type 'regedit' (without the qoutes) follow to the keys that spybot catches as dso exploits, for me it was 5 of them, eg. HKEY_USERS\S-1-5-18\Software|Microsoft\Windows\Current Version\Internet Settings\Zones\0\1004!=W=3 After opening zones and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value. Then right click and create new>DWORD Value, name it 1004, right click on that and goto modify, give it the Hex Value of 3, Click ok. You may have to restart your pc for changes to take effect... i didn't. Run Spybot again and you will have one less dso exploit.... repeat for each of the other values flagged in spybot (should all be 1004)... job done :) For your info messing with the registry is not recommended unless you know what you are doing.. so create a restore point (just incase)... I Accept no liability! (just covering my b-side). I will say that i have used this fix on many pc's now and it has never returned to or messed-up any of them.

0

Everything everyone above says is correct. We ran an in-depth trace in ComputerCops forum on DSO exploit, and in every instance Spybot had destroyed the actual exploit, but did not change a couple of values in the key registers which fooled Spybot into thinking it was still there. Eventually they will fix it. I was just a little concerned that folks might do damage by entering their registers in a attempt to do it manually. To my knowledge AdAware will not detect DSO.

0

I agree with the above discussion. I have the reg changes on my laptop as described by Johnstun and Spybot identifies the 2 reg keys 1004. However, Ad-aware 6.0 (6th June 2004 update) does not identify the problem. I'm planning not to manually change the reg values but to leave it - hopefully this will be OK and safe to leave.

0

I did the procedure for checking the registy and mine reads different than any stated above. Mine reads: Name (1004), Type (REG_SZ),and under the DATA there is nothing. Shouldn't there be something under the DATA? momec

0

Momec, the problem with this exploit is that the key '1004' should NOT be a REG_SZ it SHOULD be a DWORD.. this is why (as above) i suggest deleting the reg_sz and creating a new dword (to the same value '1004'), you can then assign it the value of 3, exploit gone. Mikebreen, as far as i know adaware doesn't flag this exploit only spybotsd (as stated by Ranchhand) unfortunately spybotsd doesn't yet correct this (v1.3). Many people live with this exploit and in fact are never aware that it is even there! it is your choice Further reading..... http://forums.net-integration.net/index.php?showtopic=15308 the bottom-line: DSO exploits found by Spybot are nothing to worry about, but make certain your system is kept up to date with critical updates from Windows.

0

I too, am getting 5 DSO exploits each time I run spybot. I am having trouble with my internet explorer: I have to manually uncheck the proxy boxes and check automatic configure in order to view a web page. (under Tools/internet options/connections/settings) Is it DSO exploit that keeps causing this - or something else? If as said above Spybot has truly removed it, why do I kep having trouble with these settings.

0

so is this, basically correct DSO exploit is really nothing to be worried about, although i get 5 of them everytime i run spybot...it is an issue that spybot is working on?....no need to worry about it effecting the overall performance of my system?...HELP...please

0

johnstun thanks for the info you provided, I have managed to remove the 5 DSO Exploits but now have this problem. http://www.computing.net/security/wwwboard/forum/12249.html Regards M

0

There are a few other tools that you should run in congruent with spybot and adaware. It seems that no one tool is good enough to clean the entire machine. I found that Bazooka is an excellent tool for picking up other nasties. It does not remove anything, but will give you detailed directions how to manually clean. It seems to detect adware that others don't (yet). Also, MacAfee just released the 1st commercially available spyware cleaner (from a major competitor). I am hoping good things will come from this since they have the financial backing to put the resources to it. I am a Network Integrator by trade, and spend a great deal of time fixing computers. Over the past few months, I have seen spyware, malware, what ever you want to call it, get to epidemic proportions. Because there has been no large corporation taking on a commercially viable solution to curb this, we have seen small companies come out with products that just don’t do it all; hence that’s why you need to run several solutions to get to the core. In general, I can spend 3 to 5 hours trying to remove the spyware from a computer, and I have done hundreds of them. I can not imagine the general public having the aptitude to do this (I am not talking about everyone, but for the most part, the public is a general user). Spyware has gotten so band, that it has overwhelmed the local pc worse then a virus. I have seen computers with hundreds of entries, hijacked, and very difficult to repair. I would guess the general public would reinstall the OS to fix the proble Thanks for reading my post! Ira

0

is DSO Exploit the nasty thins that makes all the windows jump around when on-line to the internet or email? I seem to have infected my wife's computer when downloading music, and she's giving me a lot of grief!! I've tried McAffee which finds nothing as does Noadware; Spybot keeps coming up with DSO Exploit even though i tell it to delete it. I do't feel confident to attempt the registry changes - my life would be unbearable if I did any more damage! When will Spybot delete it properly?? Spuggy

0

To whom it may concern, Net-Integration Forums DSO Exploit reappears after fixing Good luck

0

Tho its sortof been established in this thread that this DSO Exploit can be lived with, I couldn't rest until it was gone. :) This is what did the trick for me. Maybe it will help someone else. Edit the registry keys (found by Spybot) as described above (delete 1004 then re create it as a DWORD with value 3), then ALSO make the same change to: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 Good luck to all of us hijackees... Who all thinks Billy G owes us a great BIG REBATE?

0

ok, here's one that's killing me. all the sudden i'm getting tons of pop up ads where i never did before (usually one for some pharmacy title "only the best). also, something i've never seen before. when i open Internet explorer, despite having reset my homepage, it takes me to this page (for God's sake, don't go to it, i don't want to ruin your computer to) res://ygcfb.dll/index.html#96676. it also opens up windows installer and starts trying to install something or other for windows xp. i too keep getting the 5 DSO exploits on spybot (nothing on ad aware), and assumed this was the problem. however, you guys seem to think these are harmless, and since you know more than i do i thought i'd ask your opinions. thanks for your time, rob

0

generally the dso exploit is harmless as long as you are up to date with all 'windows updates'. You could also try running 'hijack this' available here... http://www.thatcomputerguy.us/downloads-cat4.html and posting your results either on that websites forums... http://forums.thatcomputerguy.us/index.php?s=1d396f3426aa883150ab0893330b35c4&showforum=21 or perhaps someone here maybe able to help 'interpret' them them for you. Hope this is of some assistance

0

hmmm, think i may add this site for anyone concerned about how a browser can be hijacked... tests and most solutions to alot of vulnerabilities are provided. http://www.jasons-toolbox.com/BrowserSecurity/

0

Try Spy Sweeper... it has been the knock out after Adaware and Spybot for me.

0