jenn, I have the exact same problem. Running SpyBot 1.3 - the fixes don't work for me either - & I have XP. Didn't try sysinternals.com free process explorer yet though. When Spybot is scanning, in the lower left corner (Running bot-check) I try to spot the number of the "triggering" software but it goes by so fast - somewhere around #8560. Using Mozilla for your browser, might do the trick - but not if it's Windows Messenger, etc... I want my Spybot Congratulations result back! The registry keys (4 of them now, I got rid of 1 of them by changing the "1004" value to 3 - so it might work for my other ones) that keep coming up is in HKEY_USERS, not HKEY_CURRENT_USER. The "1004" under HKEY_CURRENT_USER says DWORD, under HKEY_USERS it's SZ. Of course my Registry is backed up before I made any of these minor changes! In my many years of computing, the only thing that defeated me was a Winmodem, but back then I trashed it & got a "real" hardware one. ;-)

0

http://www.greymagic.com/security/advisories/gm001-ie/

0

OK, I think I found the solution and a great explanation as to what's going on - http://forums.net-integration.net/index.php?showtopic=15308

0

If your critical updates are installed you are protected and the DSO exploit finding is just a nuisance. Eliminate it this way: 1 Start Spybot, change mode to 'advanced' and run a scan. 2 Select 'settings' in left column. 3 Select 'ignore product' in left column. 4 Select the 'security' tab. 5 Place check mark in box beside DSO Exploit. 6 Close program. Restart program and run a scan. 7 You should get a congradulatory message saying no spyware detected.

0

Geoff, Why do you want to ignore this ? It's so easy to repair that. The solution given by http://www.greymagic.com/security/advisories/gm001-ie/ works fine. You just need to delete the regedit entities and create them again with the same name but as a DWORD instead of a SZ. And set values to 3. http://meublesferforge.free.fr/

0

Well, I now have the Congratulations message from Spybot. :-) It's a matter of "If it ain't broke, don't fix it" vs. "If something can go wrong, it will go wrong". The former might be true, then again, by a "learned" habit I usually stick to the latter. ;-) Don't forget to back up the registry 1st! Also there's a right click option in Spybot that'll take you right to the registry key in question after scanning (right click on each result, correcting one at a time). I agree with Alc by default - don't forget to name the new DWORD value: 1004. To paraphrase LowWaterMark "Finally, in regedit you can right-click on the bad 1004 key in the right panel and select Delete. Then in a blank section in that same right panel in regedit, do a right-click and add a "New" > "DWORD" value. Name the new DWORD value 1004 (like the one you just deleted). When it is created double-click on it and enter a value of 3 into it. If you have multiple versions of this under different users on your system, you can do the same thing for each of those." - http://forums.net-integration.net/index.php?s=89865f9cdfb1b8c5591d4cb240372742&showtopic=15308&st=15

0

Alc. Thank you for the information. I am just too nervous about editing the registry, I avoid it like the plague.

0

This bug is maddeningly irritating for GMail users because, for some reason nobody seems capable of working out, when a computer has this DSO Exploit, GMail gives an error when you try to log on about how GMail requires Java to be able to set cookies in order to log in. The only way I can get around this is to run a Spybot scan, clean DSO Exploit, and then log in within about 30 seconds. Can anyone explain why GMail is affected by this or how I can fix it permanently? Thanks a lot, Milan Ilnyckyj

0

BTW, do you have the "real" Java installed from Sun? - http://java.com/en/index.jsp Spybot itself doesn't fix the DSO Exploit, that's why it keeps reappearing. You'll need to edit/fix the Registry as described & reboot (backup 1st before editing!)... :-)

0

I did it manually. What a pain in the arse, but I ran spy bot after fixing one, and it only found one occurence instead of 2. I jumped to, and found it in hkey users, and created a new dword and gave it a value of 3. Currently running spy bot again. No pop ups so far...works quickly! hurray!

0

All, If you want to avoid pop ups, the best way is to use Mozilla or Firebox ! You can even block cookies from undesired websites as the ones given by SpyBot or Adaware. Try it and enjoy !

0

Mozilla or Firefox ! Not Firebox. Typo. Sorry ;-)

0

Alc, Mozilla Firefox looks like a killer app, thanks! :-) Added it in the Free killer apps for your HTPC... AVS Forum thread @ http://www.avsforum.com/avs-vb/showthread.php?s=ad267cbc6f3334bc194f06b79ac4660b&threadid=355128&perpage=20&pagenumber=1

0

Nice link Rayljr ! Thanks also.

0

Mozilla a killer app? You gotta be joking, have you tried AvantBrowser? Make sure you go to tools then Avant Browser settings first and that you edit the browser to your liking.

0

JayGee thanks, I'll add that in too! ;-) Right now I actually still use IE6 with Privoxy proxy web filter (blocks tons of banner ads too + you can customize just about anything that goes from the net to your screen). With SpywareBlaster... I rarely get spyware (using Spybot & Adaware), just a stray bad cookie now & then (add just block it in IE6 Tools/Privacy settings). But these other browsers should work even better. :-)

0

Does anyone know - is it possible to get rid of DSO Exploit and other infections (CleverIEHooker.Jeired by going back to a restore point in XP prior to infection?

0

Thanks for the help here! I've found this site extremely useful! I just installed a new hardrive on my computer; so I was surprised to find the DSO Exploit when running Spybot. I'm sure the exploit came in with the AOL Instant Messenger (my kids will surely shoot me if I uninstall it). Anyway, following the advice here, I edited my registry - and got a clean sweep from Spybot. What I'm wondering though is what's to keep the exploit from coming back (if it did enter with AIM). Now that I've deleted the key and created a new one, if it does return - will I be able to simply delete it -or will I have to create another key? Am I worrying about something that I shouldn't worry about? I have a broadband connection - and while I've got a firewall, virus checker, spybot, adaware - and everything else under the sun. I feel exceedingly vulnerable. My last hard-drive got fried - by, I'm sure, a malicious something-or-other.

0

I still have this DSO Exploit problem... I have winXP (with Norton Systemworks and Internet Security 2004, Ad-ware 6, Spybot....) and when I`m using Spybot -S&D I get DSO exploit (x5) warning.... I have tried: -Disabled Windows Recovery... -Removed messenger -Checked all runing processes with Norton Process Viewer (same as Task Manager, but shows paths also) there is no extra programs -dsostop2.exe -Manually change this registery value -> 3 and also deleted that key and created again... (Response Number 8) And still Spybot find DSO Exploits after reboot... What next....

0

Has this thing morphed? I've gone into the register and found that the value of "1004" (DWORD) was already 3. I keep running Spybot and removing the thing but it comes back without fail.

0

Well, I tried the fix to change the SZ entry to a DWORD entry and then enter a value of "3" and it worked beautifully. This spy-ware was the last in a series of them I spent all day trying to get rid of and the curious thing is that it only showed up in the Spy-Bot scan when I booted in safe mode. I don't know how you guys figure this stuff out but I'm sure thankful you're out there helping. I guess the plus side of all this is that I learned a lot more about my computer and the registry going through this. Thanks

0