Hi,
I have had that stupid DSO Exploit until 30 minutes ago. I ran Spybot & have managed to get rid of it by getting into regedit & replacing value in the folder 1004 from 0 to 3 (5 times, that is).
However, although they are all gone, I cannot get my Home page to remember my setting. It constantly goes to "about:blank" which is not even blank!
It displayes some some page with all non-operational links to all types of services.

Anyone, any idea how to fix this?

Thanks

I am about to cry??
I am in the registry folder Zones 0 (is this correct)
I have a whole list of numbers and names
1004 has a little AB next to it in red and under heading "data" is """ - now I have no idea what I am doing!! There is only one 1004 - must I delete this -- oh please help!!
Thanks

I have run the excellent instructions alicka has put forth numerous times, and Spybot no longer recognizes dso exploit. However, the about::blank homepage still pops up. I have no 1004 files anywhere in the registry. How do I get my homepage back for good. I have done the internet settings things so many times it is insane. Can anyone help? (sorry alicka if you are the only resident expert on this thing)

I read all the info on DSO probs and unfortunately my 'search and destroy' freezes up just as it finds the DSO. I did a search and located 10 DSO files, without the spybot search and destroy, how do I handle this?

I'm having the same problem as Maybach and rbtaylor with the "about:blank" thing... I've tried your suggestions Alicka (everything's current, tried the restarting thing) and it hasn't worked.  I've successfully removed DSO Exploit but can't get rid of this resetting itself as my homepage.  Any other suggestions? Please

;D alicka 8)

You have just restored peace to my mind (and my house ;))I've spent 3 days trying to figure out how to get rid of DSO.

5 minutes following your instructions and it's all gone cheers!

I have the same problem ran the spybot program on my computer (windows 98 se) One of the things it found was something called DSO Exploit. Says it's a registry change. The path is HKEY-users\default\software\microsoft\windows\current version\internet settings. There's a message about being a security hole in IE allowing websites to execute code.

I read your instructions but I am apparently too dense to get them :-[. Scared of screwing up the Registry - just reinstalled windows yesterday and started doing the critical updates but must not have installed all of them yet. Running 98SE and IE 6 with service pack .

I go into spybot and jump to location and it brings me to the 1004 folder in the Reg Editor but from there I am lost .

How do I open the folder or change values ?

Sorry but I need some toddler advice - the Registry is an area that I try not to tread in but I want this GONE !
THe PC was fresh for only a few hrs. and do not want to reformat again because that was a royal hassle .

I did see in the orignal post I searched for that there is a link to http://www.nsclean.com/dsostop.html.

Will this clean it up for me without me going into the Registry ? ( doubt it will be that easy :P)

Going back to see if there are any windows updates or patches I missed . THis is just dumb luck because I know people that never do any patches or updates or even run an AV program and they remain unscathed !
I try so hard to be diligent about this stuff and then this mess .

Thanks for your patience .

I am still struggling with the DSO EXPLOIT one that keeps coming back after each reboot even after all key entry numbers 0,1,2,3,4,5 have been cleared of 1004 in the Regedit areas.

I also wanted to know about TeaTimer in Spybot as it was not selected by default when installing the new version of Spybot 1.3.

Should this be enebaled and if so, how do we get back to it to enable it?

Poor Alicka! Hey I do have a question though. In the other thread about the DSO Exploit, two different people (newbies) suggested that if you had downloaded the most recent MS patches, you would be safe from the DSO exploit security hole. They then said that Spybot S&D had not updated their software to recognize the MS patch and that you could simply have Spybot ignore the DSO Exploit without risk.

No one seemed to counter this idea, is there any truth to it or is this just someone trying to screw with us?

jpinaz: You asked about whether you re safe if you just update Windows and leave DSO Exploit in yr comp. This topic has been hotly debated on other sites. People don't seem to have come to a consensus on this: e.g.

http://forums.windrivers.com/showthread.php?t=58851

http://forums.net-integration.net/index.php?s=8aece0ca35afdfeb2ab3e4e53b67ee53&showtopic=15308&st=15

I just finished watching the pretty old/good movie named HACKERS with angelina jolie in it... I used to have a really cool and skilled hacker friend named SHKBOBO now we never talk to each other... family problems... and I hung out with him practically like twice a day and I said he was my 3rd best friend in line when really if I thought about it he was first. And if you read this SHKBOBO I'm sorry and we should put out FAMILY problems aside... anyway when it finished I remembered that I had spy bot s&d and ad-aware programs and the funny thing was that evrytime I did a spybot check DSO EXPLOIT would pop up with 5 entries... and I run spy bot everyday and it doesn't go away!. when I run ad-aware it doesn't come up... help me with the DSO exploit problem please... I deleted spy bot because I thought dso was a glitch or something then when I read all the posts on it I was convinced it was real... and tell me if I should re install spybot or if there are any other good programs...

Oh ye... and how do people become junior experts and stuff like that?? I deleted spy bot... should I install it?? Or is there another program...

GOOD NIGHT 7/11/04 at 2.28 am
In ny

1st of all thanks alicka for sharing your brain.  

2nd, I read all of the posts on DSO and had a problem getting rid of it. I couldn't find a way to get to the correct file, until I read PH_Man's suggestion (on page 4) to go to the top of the tree and drill down through the directories to the '0' folder and there I found the 1004 key.  All done.  Didn't have 10 files just 5 (I think).  As a matter of fact the .Default folder didn't even have the 1004 key but was listed as a DSO folder on the S&D tool's list of problems.  What gives? And how do I find the other 5 or 6 DSO locations (DSO doesn't come up in S&D search anymore)?

On second thought - could the number of location where the 1004 key is present/or has been changed be different for different people depending on their system configs?  In which case it would make sense why different folks get different number of problems in their D&S search results. What say U?

3rd, I also keep getting the "about:blank" as my home page.  I've done all of the near-fixes you mentioned previously (update IE, update Symantec, latest S&D tool, reboot, etc... ) noting helps. Help?

NO ONE ANSWERED HOW TO ADVANCE TO JUNIOR EXPERT AND JUNK!!

... (no hard feeling to anyone)
Just love and hapiness lol ;D

No but really how do u become junior and stuff

rEEbok1312.

I fixed my DSO Exploit problem. There is a website where you can download a free program that does the regedit thing automatically. No fear of screwing anything else up. I did it and now my Spybot gives me a clean bill of health. The website is

http://www.nsclean.com/dsostop.html

Hope this helps some of you.

G'day all~

If you don't get rid of the problem with Bhales suggestion, which is good! try get the latest patches as micorsoft have pulled there finger out and fixed this vulnerable n unsecure loose thread. I'd advise ya's to get IE6, if you haven't already and the latest service pack 1a, which would put your version at 6.0.28...
The patches range are MS04-022 too -024.
There the main 1's

Chowl~

We recently installed ATT internet provider service to our computer. We were thinking of switching from AOL. Well once I did this, I started getting worms and lots of spyware. I use Mcafee and keep it current but some how I continue to get Korgo and Gadot worms. If you run mcafee in normal startup, it does not find them. I have to boot in safe mode and run mcafee in order to clean them. What I don't understand is why they keep returning. I have installed spybot and adware. Spybot is what aletered me to DSO Exploit. I have tired several things to get rid of it but it keeps returning. I even have DSOStop2.exe and it fixed it on my office computer but does not seem to be able to fix it on my home computer. Now If I have window XP Service pack 1, do I need to do Service pack 1A to fix this problem? Microsoft cautions you not to do 1A if you already have service pack 1? Thanks for any help you can give. I would like to spend less time cleaning my computer and more time using it.
Ellen

G'day, so if you've got sp1, you should be fine to get the latest sp, if you've gotten all the patches n stuff you'll be fine. But if you still have the DSO, or are getting browser probs try manually removing it. Here's the appropriate instructions. Read carefully if u choose to do this.

Step 1: Run SpyBot S &D and see if it picks up DSO Exploit? Now make sure your S&D is up to date or you won't be current in the programs scan engine.

Step 2: You should end up with 2 entries, 1 pointing to the file 1004 in folder
1st Dir.HKEY_USERS /.DEFAULT /Software /Microsoft / Windows/ CurrentVersion / Internet settings/ Zones/ 0/ 1004.

2nd Dir. And the other 1 pointing to the file 1004 in folders
HKEY_USERS / S-1-5-21-38542785-780010274-1008150880-2512 / Software / Microsoft/ Windows/ Currentversion/ Internet Settings/ Zones/ 0/1004.

Ok where I've indicated the second file is, is where the other hidden files I was talking about before are. As in the first Directory in the Zones folder there are 5 other folders named 0 to 4. And it's the same in the second 1. There's are 5 folders in that Zones folder, 0 to 4.

Step 3: Ok go into the first Directory, now go into the folder named '0', in the zones folder. Now delete the file 1004.

Step 4: Go into the next folder in the Zones folder which is the 1 named '1'. Delete the 1004 file. (Don't change the values in ne)

Step 5: Repeat process of deleting the 1004 file in the other folders left, '2','3' and '4' labelled folders.

Ok your half way there!

Step 6: Go into the 2nd Directory; HKEY_USERS / S-1-5-21-38542785-780010274-1008150880-2512 / Software / Microsoft/ Windows/ Currentversion/ Internet Settings/ Zones/ 0.

Step 7: You'll see in the folder named '0' there's also a file named 1004. This is the replicator. Don't worry if you don't understand just follow the instructions.
Delete the 1004. File.

Step 8: As before you'll see there are also folders in the zones folder named 0 to 4. Go into each folder and as before delete the 1004 files. There's only 1 file in each folder.

Step 9: Ok there you go you've removed the 10 files, now run SpyBot S&D.
You should get a congratulations from SpyBot, saying your system is clean.

Step 10: If there are multiple profiles on the computer (more then 1 user) then you'll have to log in as each user and repeat the removal process for each individual user.


Regards, your friendly alick alota~

Got to this site spywarehere is the link
http://www.spywareguide.com/txt_intro.php
They will run a on line spy check and they will get ride of all spyware on your PC

I mite just do that. Is it a cleaner or a spybot themselves? ONce you get the latest patches there's no need for ne spybot removal or cleaning because they can't execute anyway.

go to this site http://www.spywareguide.com/txt_intro.php
here they have a free spy ware and adware scan .
they use X-Cleaner this will take out all spyware and addware out. And they have all infor on all spyware

go to this site http://www.spywareguide.com/txt_intro.php
here they have a free spy ware and adware scan .
they use X-Cleaner this will take out all spyware and addware out. And they have all infor on all spyware

But why daddy?? ;D

Re: DSO Exploit
« Reply #11 on: May 22nd, 2004, 1:31pm » Quote Modify

--------------------------------------------------------------------------------
If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following:

1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.

This was posted by SUDBURY elsewhere in this forum and it works.

no it doesn't! I should know I created the exploit hahahahahahahahahahahahahahahahahahahahah ::) :-X ::) :-* ::) :o :P ;D :D

go to start button, go to run, type REGEDIT,  then Enter,
go to HKEY_USERS, go to .DEFAULT, go to the first (software) that appears, go to Microsoft, go to Windows, go to CurrentVersion, go to Internet Settings, go to Zones, click on ( 0 ), click on 1004 on right panal, now right click on 1004, go to Modify, now type the Value name/ type this:   REG_SZ, press OK, now right click on 1004, go to delete, now right click on right panal, go to new, type value name:  1004, right click again on 1004, change Value date to   3, the Base will be set on Hexadecimal.  You are now finished. This is how you fix the problem. By changing the value command, this is comp lang.

forgot to add select DWORD.

Well I googled into this DSO mess, you know, just to see if I could get rid of those pesky pop-ups, and I read all the fixes all the responses all the disses all the patronizing snooty high-brow remarks, the egoism, the nihilistic and vengeful approach and just downright rudeness that the double-stars hurl at each other and I'm done. I'll deal with the pop-ups. All you minces can go jump in the lake.

Beans

Hey I'm sorry you didn't understand, I guess some people just don't have the knowledge. And your one of them. Have a nice night,

Friends forever

Hey I'm sorry you didn't understand, I guess some people just don't have the knowledge. And your one of them. Have a nice night,

Friends forever

the patronizing snooty high-brow remarks, the egoism, the nihilistic and vengeful approach and just downright rudeness that the double-stars hurl at each other and I'm done. I'll deal with the pop-ups. All you minces can go jump in the lake.


For someone with such an admirable command of the English language, I'm surprised you had so much trouble reading a few words.

For the last time:
The DSO exploit is not a virus, trojan horse, worm, or portable CD player. It is an EXPLOIT. Look the word up, I'm sure you know how to use a dictionary. It does not CAUSE pop-ups. It has been PATCHED so If you have been patching you will have the patch.

Have a nice day.
:)

~psi42

OK senior Expert, lets see what you know.

What is the name of the patch?
When was the patch created?

If you can not answer these questions, then you don't even know if a patch was ever created.

I think you are just going off what other people said.

If not, here's you chance to school me.

Have a nice day!!

See microsoft's security bulletin MS02-015 (http://www.microsoft.com/technet/security/bulletin/MS02-015.mspx).

I apologize if I may have appeared hostile in my previous post. I am not an "expert," nor do I claim to be. The title, "Senior expert," appears because of my post count, and I can't change it.

I'm sure you have noticed there are many many DSO Exploit-related threads on this board, including one that is eleven pages long. This has been going on for a long time, and the root of the problem is that people don't read the entire thread and then start yelling about how pompous "us experts" are.


Now I'll admit flaming can be good for your health, especially when you get frustrated, but if I get flamed, I'm going to flame back--such is life. :)

Have a nice day.

~psi42

Thanks for getting back to me, I  appreciate it.
I APOLOGIZE for the rudeness. I'll make sure to investigate next time.

You have a nice day!

Does anyone have a solution that actually fixes the exploit? The registry change does not fix it. The patch mentioned above will not work with IE6 SP1 and SP1 does not address the exploit. If you have any doubts you can test your solutions effectiveness at the following website:

http://www.greymagic.com/security/advisories/gm001-ie/

I made the registry changes and updated Spybot S&D. Spybot S&D no longer detects the exploit, but the exploit remains...

Check it out...