I've tried all the fixes and still get a DSO exploit popping up on Spybot S&D. However, I don't get the same locations of the exploit as you do. They are in the '0' folder but there are no 1004 files to delete. I have deleted them previously. The new location for the exploit is
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

No 1004 file is present in the file though. I'm getting really frustrated and any help you can lend would be great!

Thanks again!

Worked like a treat ;D

Just washed, rinse and repeated with the other user profiles and it was done like dinner!

Thanks for the assistance

Blairgowrie

Dear Alicka and whoever else,
I don't know if this is a relevant alternative, as I have no experience in this whatever, and I don't want to get anyone's back up, least of all saviour-alicka's, but if you highlight the DSO Exploit report notice in the Spybot results list and then click on the right hand side tab of Spybot it recommends going to http://security.greymagic.com/adv/gm001-ie/
This looks like it hasn't been updated since 2002, but back then the advice given was to change the value of 1004 (DWORD) to 3.
I have no idea if it is preferable to change this file rather than delete it. Is the file created by the DSO Exploit, or is it a normal file which has been changed by the DSO Exploit? If the latter, would it be better to change the value 1004 rather than delete the file? Has anyone tried this?

Like one of the other members who posted their probs on this site, my Spybot says DSO Exploit is in HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

Being a cautious chap, I like the idea of changing files rather than deleting them. If I tried changing the 1004 value to 3, should I replace the whole of 1004!=W=3 with just the number 3, or should I replace just the number 1004 with 3 so it ends up looking like this \3!=W=3
Does anyone know?

I've now seen very similar advice posted at http://forums.net-integration.net/in...ic=15308&st=15
This forum explains how to replace the value 3 in detail (some of which I don't follow), but generally advises downloading the Windows patches and waiting for Spybot to write a program which sorts the problem out automatically.
I don't know who you are Alicka Alota but very big thanks to you for giving your time to sort out our problems.

Cheers.

I wiped out every instance of the 1004 I saw in all Zones folders. I went through each of them. Hopefully this will work this time.

alicka, I sent you a PM regarding your post. Thank you for your assistance!

Dear Alicka et al,

Thanks for getting back on that question about whether it is OK to change the values. (Dunno what you mean by OMG alicka, is that tech-speak or text-speak?)

I did try changing the values from 1004 to 1003 in the 5 registry locations which Spybot was picking up DSO on. This now means that Spybot doesn't find DSO Exploit. But from what alicka says, it just means that DSO Exploit is still effectively in my registry but by changing the values I've made it impossible for Spybot to spot it, right?

If this is the case, then it's serious for a number of readers on other forum sites who are also trying to solve DSO Exploit. Maybe someone should copy alicka's comments to their sites. I have read a lot of different solutions to DSO Exploit, and none of them advise deleting the files like alicka advises. They all recommend changing the values rather than deleting them. I think none of them advise looking for 'hidden' registry changes like alicka advises: they mostly just tell you to deal with the ones Spybot picks up. If alicka is right and they are wrong, then there's going to be a lot of DSOs Exploiting people's computers which are no longer spotted by Spybot.

I'm using Windows XP and I'm up to date on updates. I followed the instructions a copy of which and the site I got it from appears at the bottom of this mail. Spybot no longer detects DSO Exploit (but see above for alicka saying that's not good enough). I've had a bit of trouble with IExplorer, but nothing too bad. My computer now hangs sometimes which it never did before. Don't know if this is cos of DSO Exploit, my amateur registry changes, or cos all the virus checkers I've downloaded are getting tangled with each other and having tussles in the back rooms of my hard disk.

One last thing: there are three threads running on DSO Exploit on this askmehelpdesk site. If you re new to the debate, read them all (or at least the two threads marked DSO Exploit fix and Complete DSO Exploit fix before contributing to avoid repetition).

This is the dead simple, but possibly erroneous advice given on the other site I mentioned.

http://forums.windrivers.com/showthread.php?t=58851
Instead of telling Spybot to ignore the DSO exploit, use the information Spybot gives you and get rid of it.
"
Disconnect your internet, reboot your computer (you don't have to go into safemode to do this just boot normally), run Spybot. Go into the registry by going to the start menu then run, type in the word regedit and hit the OK button. Now locate one by one all the registy entries that Spybot said it found the DSO exploit in. Rename the 1004 files to 1003 then exit regedit. Shut down your computer. Plug your computer back into the internet, and restart your computer. Run Spybot again and you will see it is no longer there. Congratulations it gone. pretty simple huh?
ITguy"

Saviour-alicka (or anyone else):

Can I ask you one more question? If you find time to answer it - this is it:

Now I've changed the registry value from 1004 to 1003 in the following locations

HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

HKEY_USERS\S-1-5-21-972xxxxxx-97xxx744-421xxxx017-1xx5\\Software\Microsoft\Windows\CurrentVersion\In ternet Settings\Zones\0\1004!=W=3

(I put x instead of some of those numbers in case it contains private info, but I guess you can see where its coming from).

Basically the locations are the Zone\0 folders in each of the folders S-1-5-18 to 21.

Since you say changing the values means DSO Exploit is still there: should I go back to those registry locations and delete the files 1003 which I changed? Or should I change it back to 1004 and then delete it. And do I still need to search around for other 1004 values in my registry in the places you mentioned in your other mails even though Spybot doesn't see them?

Presumably if I decide to wait for Spybot to write a program to sort the problem out, it won't sort out my problem as it is, cos I've changed the value to 1003 and it won't detect it (right?). So if I decide to wait for a Spybot update to sort it out, should I go back into the registry and change those registry values back to 1004 so Spybot can detect it (sounds ironic, right).

Apologies for asking you to answer questions which result from following someone else's fix.

I very much appreciate you're amazing help.

Yrs tris

ty for the info I looked on spybot for the addresses of the dso exploits and deleted the 1004 files it says no problems now and I got all the windows updates=)By the way I got it going on a cd key site accident.

alicka

G'day all sorry about the absence, been in cancun soaking up the sun as they say~

If anyone has ne questions id be glad to assist.
Also note don't take offence to ne other threads on the forum that mite sound like I'm having a go at you all but its at indivuals and they no who they are.
Sorry if you take offence to ne reference or remarks.


Regards~ your friendly alicka alota ;D

Alicka,

Hello I'm new to this in spybot s&d it keeps coming up with two things DSO EXPLOIT and CLEVERIEHOOKER.JEIRED, I entered in to Google DSO EXPLOIT and it came up with this forum I have been reading all about dso but simply can't get rid of it.

In the registry editor do I delete the 1004 thing or change its value?

I would like to get this sorted out asap because my mum is getting annoyed with her comp not being able to work properly.

other programs I have to detect spyware are Lavasofts No-Adware it hasn't helped much, and I've read about changing spybot to advanced but my mum doesn't want me to cos it might mess her comp up even more if your not care full.
please please help me!

Thunder

Thunder,
What OS are you currently running?i.e. windows 98, 2000,XP??
OK, you have too realise that Exploit's do exactly that. They Exploit insecure holes in IE, hence allowing code to execute. This is just how those bloody sites get there pop-ups to come up, but we now know what they're doing! ;D So, read this and take it in because no one else seems to:( , OK when you change the value of the 1004 key, you are just disabling it, but there is NO point. Because it has already done what it needs to do.
It just propagate's the hole, and once its done it you must remove all keys that are duplicates. This means you have to go into all zones folders, and all temp folders which can be 2 up to 5 other duplicate separate zones folders. This means, (THIS IS TO ALL) that there could be up to 10 to 30+ duplicates of the key! So the fix I've already posted, is just a guidance to what you have to do, it isn't an absolute fix.
Im rather busy rite now, so il get back to you all with more detail soon ;D

Regards~ alicka~

Hello anyone, I've had the DSO exploit problem, and I think I have fixed it by deleting the registry files entering a new DWORD file, and now spybot doesn't pick up the DSO exploits. BUT, what initially alerted me to this problem has not been fixed, so I'm not sure whether its something else or whether I haven't really managed to fix the DSO exploits. The thing that made me click something was up is that when I'm connected to the net via my home network through someone's computer, and I am not doing anything, (downloading browsing whatever) my sent and received columns are speeding up by about 1000 bytes a second, while the others on the network are stationary. Is this to do with the DSO exploit, and if it is or if it isn't does anybody have any ideas what's causing this? I've already chewed up close to a Gig a day on my internet account mainly due to this problem. Please someone help me PLLEEASEEEEEEEEEEE! :eek:

Hi,
Delete the 1004 value.
It works,, I did it with no problems.
Best wishes,
fredg

Yea, I did that and spybot no longer picks up the exploit, and I no longer get popups, BUT I'm still clcking 1000 bytes a second online while doing absolutely NOTHING. Could it be a virus, I've run several scans and nothing has been found. Thanks for replying though, much appreciated.

My computer has been saying it has DSO Exploit on it even though I've run all the standard detection and removal programs. However, I discovered something interesting. The computer may have been reading it from the Norton protected recycle bin files. When I emptied my trash now(something I've never done!) and reran Spybot, I got the first congrats message-no programs found ever! This may be the case with a lot of other people's pc's. Hope this helps.