Due to sum miss understanding I've removed all Fix's regarding DSO, any one with legit problems removing it or ne other area's can direct there questions here.

Regards~


Don't know what to do? Just ask.

Okay, I just saw this thread. I posted this on the five page thread that is scary to read.

Well, I've read all five pages and I'm still not sure I'm getting all of this. (I have ADD so please be kind.)

I too have DSO Exploit, 6 entries showing on Spybot. When I right click on DSO Exploit "more details" "jump to location" it then sends me to the Register Editor with an open folder named "settings" on the left side.

On the right side are six files with a little {ab} boxed before the following six names:
Default
Anchor color
Anchor color visited
Background color
Text color
Use anchor hover color

I don't see a folder called "zones" and I don't see this 1004 file you guys are talking about. Am I missing something here or am I misunderstanding what to do?

Any help would be appreciated. Thanks.

how you going mate, yea I posted a fix for DSO exploit before, but I took it off.

here it is:

Step 1: Run SpyBot S &D and see if it picks up DSO Exploit? Now make sure your S&D is up to date or you won't be current in the programs scan engine.

Step 2: You should end up with 2 entries, 1 pointing to the file 1004 in folder
1st Dir.HKEY_USERS /.DEFAULT /Software /Microsoft / Windows/ CurrentVersion / Internet settings/ Zones/ 0/ 1004.

2nd Dir. And the other 1 pointing to the file 1004 in folders
HKEY_USERS / S-1-5-21-38542785-780010274-1008150880-2512 / Software / Microsoft/ Windows/ Currentversion/ Internet Settings/ Zones/ 0/1004.

Ok where I've indicated the second file is, is where the other hidden files I was talking about before are. As in the first Directory in the Zones folder there are 5 other folders named 0 to 4. And it's the same in the second 1. There's are 5 folders in that Zones folder, 0 to 4.

Step 3: Ok go into the first Directory, now go into the folder named '0', in the zones folder. Now delete the file 1004.

Step 4: Go into the next folder in the Zones folder which is the 1 named '1'. Delete the 1004 file. (Don't change the values in ne)

Step 5: Repeat process of deleting the 1004 file in the other folders left, '2','3' and '4' labelled folders.

Ok your half way there!

Step 6: Go into the 2nd Directory; HKEY_USERS / S-1-5-21-38542785-780010274-1008150880-2512 / Software / Microsoft/ Windows/ Currentversion/ Internet Settings/ Zones/ 0.

Step 7: You'll see in the folder named '0' there's also a file named 1004. This is the replicator. Don't worry if you don't understand just follow the instructions.
Delete the 1004. File.

Step 8: As before you'll see there are also folders in the zones folder named 0 to 4. Go into each folder and as before delete the 1004 files. There's only 1 file in each folder.

Step 9: Ok there you go you've removed the 10 files, now run SpyBot S&D.
You should get a congratulations from SpyBot, saying your system is clean.

Step 10: If there are multiple profiles on the computer (more then 1 user) then you'll have to log in as each user and repeat the removal process for each individual user.

If you have any trouble with ne of the steps, just ask and il try n simplify it for. Good luck.

Regards, your friendly alick alota~ ;D

Step 10: If there are multiple profiles on the computer (more then 1 user) then you'll have to log in as each user and repeat the removal process for each individual user.

If you have any trouble with ne of the steps, just ask and il try n simplify it for. Good luck.

Regards, your friendly alick alota~

Thanks for the heads up about multiple users. Yeah, there are three using this computer. Bummer.

Hey, and thanks for the warm welcome. Is everyone here as friendly as you? (said blushingly)

Sheesh, and to think some people think geeks don't have it in them!

Good night, matey!
Live long and prosper!

Well, just to clear matters up--my comment was not meant as an insult.  It was meant as a form of flattery--a compliment.  I guess maybe to some, that word is not that flattering.  Me bad!  I certainly had no intentions to bite the hand that feeds me.

geek=very smart technical person

I wish I were one! I'd mostly rather be a feeder than a feedee.

how you going mate, yea I posted a fix for DSO exploit before, but I took it off.

And here I was thinking I was going blind. So many posts were thanking you for giving directions on how to fix the DSO Exploit... and no matter how carefully I looked, I just couldn't see what dozens of other people saw! :)

I do have a few minor differences with your instructions.




Step 2: You should end up with 2 entries, 1 pointing to the file 1004 in folder  
1st Dir.HKEY_USERS /.DEFAULT /Software /Microsoft / Windows/ CurrentVersion / Internet  settings/ Zones/ 0/ 1004.

     2nd Dir. And the other 1 pointing to the file 1004 in folders
     HKEY_USERS / S-1-5-21-38542785-780010274-1008150880-2512 / Software / Microsoft/ Windows/ Currentversion/ Internet Settings/ Zones/ 0/1004.



I ended up with 4 entries. The "Default" user along with "S-1-5-18", "S-1-5-19" and "S-1-5-20".

My registry doesn't even have a "HKEY_USERS / S-1-5-21-38542785-780010274-1008150880-2512 /" directory (much less the "Software, etc" subdirectory).

This last may be because I first tried DSO2STOP - and this caused the DSO Exploit count to go from 5 to 4.

BTW... as it happens, I did the "18", "19", and "20" directories before I even looked at the "Default" directory. As a result... the computer cleaned it up for me.

And - best of all - no "DSO Exploit" report!


THANK YOU!!

Glad to help!

I also didn't remember to let you all know, but when you jump to location in S&D, you don't go straight to the necessary file or location of the files you need to delete, it jumps to the last location/folder you were in.

Regards~

P.s wise reply spock ;)

Dear, dear Alicka~

After sitting here for a loooooong while, I think I finally found the folders you refer to to get rid of DSO.
However, the HKEY-USERS etc. numbers you list are not the ones I have listed... mine are:
1-5-21-1220945662-839522115-1060284298-1000\Software\Microsoft\Windoes\CurrentVersion\Int ernet Settings\Zones\0\1004!=W=3 (Does it really help you to know all that? )

Does it matter that my numbers are different??
Don't mean to be a ninny... I'm petrified I'm going to fry this computer. My hubby will have my head!
Counselor

G'day, yea I'm sorry to all as I wasn't very specific with some of the fix details. Where I've specified the file location is just a cut and past of my HKEY - folders, this doesn't mean u'l all have the same. Its mainly there as a reference to what the folder looks like. So don't grind them teeth of it! Ok now all you have to do is go into S&D and look at where it says the file is, it has the exact path to the files. So when you jump to location, go back to S&D and just double check your in the right folder, as it sometimes goes to the folder you were previously in.(this is referring to the regedit)
All just be aware that you are playing around with the systems(pc) working, the cogs as you mite say, so any changes in the regedit can have undesired results(pc s itself) figuratively speaking!


Any more probs, just post!
Regards~ ;D

Hey all just letting yous no I'm here, if you ne problems or questions, id be glad to help in anyway I can.

Peace 2 all, remember it's a good day if the sun is shining~
Regards~

I did a search at Microsoft site and found this posted

"The DSO exploit vulnerability was patched long ago by IE
Cumulative Update MS02-015, in March of 2002. If you've installed
This specific patch, or any subsequent IE Cumulative Updates, or
Service Pack 1, you're safe. It would appear that the latest version
Of Spybot S&D is only checking for Internet zone settings in the
Registry that could be used as work-around protection, and not for the
Presence of any corrective patches. Hopefully, the makers of Spybot
Will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
Vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
Fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs "

The links provided also include a site that can test if you are vulnerable to this.

Hope this helps