I've been on vacation for a few days, so please excuse the belated reply.

Quote:

---

GTX, it seems like you're defending your position.  The problem is, no one is attacking it.

---

My position was attacked by one person, but I wasn't suggesting that you were doing it also. I was sincere in saying that I'm happy that you found a cure that satisfies you.

Quote:

---

]So...
1st, GTX and psi42, which one is it?  Do I check to see if IE recreated the key or do I go and recreate it myself?  Also, by recreating the key to it's default setting am I setting it to allow the same virus to enter my PC and start this cycle all over?  

---

To the best of my knowledge, Windows will not automatically recreate 1004. It may do it if you change your security settings as each user on your computer, but I don't know. Doing it in the registry is faster and a sure thing. The DSO Exploit is not a virus.
The DSO Exploit would probably create the key if it wasn't there, so that's no protection. If you have all your current Windows updates, you won't get this DSO Exploit again. This door has been closed and can't be exploited again.

Quote:

---

]2nd, I have a few viruses that are quarantined by Symantec AntiVirus but that are not showing up during the S&D search.

---

The programs shouldn't find the same problems. One is anti-virus, the other is anti- adware/spyware/malware.

Quote:

---

1. Open the 0 folder
2. In the right pane, right click on 1004 and delete it
3. Right click on the 0 folder and choose New then DWORD Value
4. A new DWORD key will appear named New Value #1. Rename it to 1004 and hit Enter
5. Hit Enter again (or double click 1004) to open your new 1004 DWORD
6. A dialog box will appear. The Name Value at the top will be 1004. On the left is a box to enter a Value data. Place a 3 in this box. On the right is a place to choose the BASE. Make sure hexadecimal is chosen
7. Click OK and close the registry

The next time you run spybot, the problem should be gone, and you don't have to tell spybot to ignore it.

---

I did this, ran Spybot, and it did not find DSO Exploit anymore :). This is easy fix, just delete one value, and add one. Thanks GTX for the tip.

I got to this forum because I did a search for "DSO," which is what spybot said I have. I think I effectively removed it following all previous instructions. Thanks. But, my problem still remains... When ever I open IE browser it is hijacked to http://ssearch.biz/?wmid=1010 and I can't use the forward or back buttons. Please help
THANKS IN ADVANCE

You might want to try running cwshredder which can be found here:
http://www.spywareinfo.com/~merijn/downloads.html

Thanks GTX. I tried that. No Luck though. I ran a program callede HIJACK THIS and I save the following log. Maybe someone can identify the culprit for me from the list.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll (file missing)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll (file missing)
O4 - HKLM\.. \Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\.. \Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\.. \RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\.. \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\.. \Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: AirFortress® Client.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: One-VA VPN Client.lnk.disabled
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab

Thanks for any help.

All right.. so I just spent the last hour reading all the replies to this DSO Exploit thing and don't have all the answers I need because so many different people have given different ways of fixing it. Can someone please give me answers to the following questions:

1) How can I completely delete it of my computer without harming anything or deleting anything of importance.

2) What is this DSO exploit anyway so many people have asked and there haven't been any answers... does anyone even know how harmful it is to my computer... Ive gone to the link that is apparently supposed to tell you what this thing is and it didn't explain anything.

Thanks ahead of time for the advice and sorry if you have to repeat yourself to tell me how to delete it, its just because I don't know who instructions to follow.

Katdaddi

Ssearch.biz is a hard one to get rid of.
Try Adware Away at this link:
http://www.adwareaway.com/ssearchbiz.htm

Thanks GTX. OUTSTANDING. It's gone and browser functions have returned. Truly grateful.

What site can I download spy bot from?

http://www.safer-networking.org/en/download/index.html

G'day all~
Well well well... Ok peeps n perps Microsoft have finally brought out some vulnerablity patches, these patches are for the OS security flaws and IE security flaws. That's it, all your problems rectified.


Réδ√röv¿╦ûΓÜ√○b!!   ;D ;D ;D

alicka,
So you say the problem can be fixed... awsome but how do I do it... sorry I'm allitle computer slow... so if you could explain that would be awsome. Thnxs! ;D

Hey matey, yea don't sweat your not slow your just lazy :P hehe, yea all you have to do is go to microsofts patch site and get the cumulative and vulnerablitly patches MS04-022,-023 ,-024. IF you haven't already got IE6 wiv service pack 1a, then plezzzz get it~


Um its not to hard to find the patches but if you do have trouble then get back to me and il show you the exacto mondo spot! Okiely dokiely

Regards~ ;D

Wow, THX Cellarius and all the other helpful techies! I fixed the DSO problem, and it seems my computer is going faster than it was a few minutes ago, or I might be hallucinating due to my extreme happiness of getting rid of that darned thing! Thanks again! ;D

THANK YOU "GTX Slotcar"! The information in your posts is priceless. After reading your posts I have a good understanding of DSO Exploit and why SpyBot kept detecting it even after I went through the necessary steps to remove it. After following your easy-to-follow, step-by-step instructions, I now finally receive the SpyBot congratulatory message "no immediate threats found". Thanks for taking the time to post!

Hello

Just run spybot s&d, dubble click on the problem, right mouse click on it, then details, go to location, then delete it in the register,

Greetz ::)

Why didn't I think of that! :o
On the rite track lad, but jumping to location doesn't always take you to the exact file you need to delete.
It usually goes to the last location you were in prior.

Doesn't sudbury's thing just ignore it? How do u GET RID of it?

Yes, it just ignores it. And hear I thought I was talking a nother language :D. The manual fix is in here, or you can just get the latest Service packs and patches for IE 6 preferably n The OS you are using.

Regards~

How are you doin'? 8) I'm new here, but that sure doesn't mean that I'm stupid or annything. I have the DSO problem( if you could call it a problem). OK, so I got Spybot, Ad-aware, McAfee. Well, I'm all good, except when I run Spybot I keep gettin' the 5 DSO Exploit errors. You know. Then I fix 'em, and everythin' is good again. Then the other day I scan again, and I get the DSO's AGAIN, I fix them AGAIN, and everything is good AGAIN. Then the other day, I scan AGAIN, I get DSO's AGAIN... you get the picture ;)
But what I am askin' about is - I DON"T HAVE ANY PROBLEMS with DSO's. I mean, everythin' works fine, I only get the DSO's in SpyBot every time. But that doesn't seem to harm me, you know? Do I still have to go to the registry and fix the problem? And if yes, then please tell me if I am right - I go there and delete the 1004 from those five files? Is that right?
Thanks guys. I really appreciate your help.

I think you're saying that you fix the DSO and a few days later you run Spybot and it's there again. Right?
If you've added the security updates to windows, it's not a problem. You won't get it again, even though spybot shows it.
Here's what happens. Run spybot and get rid of the DSO, then run it again, right away, and you'll see it's still there. But, it's really not. Spybot just thinks it is because things in the registry haven't been put back together correctly.
If you don't fix the registry, you'll never know whether you've actually got the DSO again or not because it'll always show up like it's there. (If you've added the security updates, it really won't matter.)


If you want to put everything back properly, you need to:
1. Open the 0 folder (s)
2. In the right pane, right click on 1004 and delete it
3. Right click on the 0 folder and choose New then DWORD Value
4. A new DWORD key will appear named New Value #1. Rename it to 1004 and hit Enter
5. Hit Enter again (or double click 1004) to open your new 1004 DWORD
6. A dialog box will appear. The Name Value at the top will be 1004. On the left is a box to enter a Value data. Place a 3 in this box. On the right is a place to choose the BASE. Make sure hexadecimal is chosen
7. Click OK and close the registry
The next time you run spybot, the DSO should be gone.

Gary

DSO Exploit

DSO Exploit is a glitch with spybot itself.
Here's hot to get rid of it.

1. Open Spybot and select "Advanced" mode.
2. Select "Setting" in left column.
3. Select "Ignore Product" on left.
4. Select "Security" Tab.
5. Put a checkmark in the little square beside DSO EXPLOIT.
6. Close Program.
7. Open Spybot and run a scan.

DSO Be Gone! :)

I turn first to the Internet. For instance, this week I have
Several questions about DSO Exploit. When I put that name in
Google (http://www.google.com), it returned 100 pages.
From them, I learned that DSO Exploit is actually a flaw in Internet
Explorer. It has been patched by Microsoft. However, according to
Several Web sites, a bug in Spybot Search and Destroy causes it to
Continually pop up. You should be OK, so long as Windows is updated.
Also, be sure Spybot is updated. You may be running an old version.

From Kim Komando Newsletter

Hope this helps!
Whiskey14

I'm surprised this thread is still going. I think all the misinformation is because people don't know what the DSO Exploit is.

1st, I wouldn't advise anyone to tell spybot to just ignore this. It only takes a few seconds to fix it right.

2nd, DSO's are part of Windows, much the same as dll's are (files with the .dll extension). They are Dynamic Shared Objects. You shouldn't say "DSO be Gone!", you should be saying "Exploit be Gone!"
DSO Exploit is not a flaw in Windows. There was a security flaw in this DSO (which is part of Windows) and someone has Exploited it (taken advantage of it). Now MS has patched it so that exploit can't happen on that DSO anymore.
Spybot gets rid of this exploit, but unless you do a security patch update on windows, you could get it again. Unfortunately, Spybot doesn't put the registry entry/entries back the correct way, so when you run spybot again, it thinks the exploit is still there and reports it again.
It only takes a short time to fix this the right way.

Gary

And the RIGHT way is... this, huh?
1. Open the 0 folder (s)
2. In the right pane, right click on 1004 and delete it
3. Right click on the 0 folder and choose New then DWORD Value
4. A new DWORD key will appear named New Value #1. Rename it to 1004 and hit Enter
5. Hit Enter again (or double click 1004) to open your new 1004 DWORD
6. A dialog box will appear. The Name Value at the top will be 1004. On the left is a box to enter a Value data. Place a 3 in this box. On the right is a place to choose the BASE. Make sure hexadecimal is chosen
7. Click OK and close the registry

And the RIGHT way is... 8) this, huh?
1. Open the 0 folder (s)
2. In the right pane, right click on 1004 and delete it
3. Right click on the 0 folder and choose New then DWORD Value
4. A new DWORD key will appear named New Value #1. Rename it to 1004 and hit Enter
5. Hit Enter again (or double click 1004) to open your new 1004 DWORD
6. A dialog box will appear. The Name Value at the top will be 1004. On the left is a box to enter a Value data. Place a 3 in this box. On the right is a place to choose the BASE. Make sure hexadecimal is chosen
7. Click OK and close the registry

Quote:

---

And the RIGHT way is... 8) this, huh?

---

Yes :D

Ok, there is one more thing. This isn't quite about DSO's. It's about Win Update, which is about DSO's. 8) So, I need to be up-to-date with my security, huh? But what if I got some burnt programs on my PC, like Musicmatch jukebox, burnt Microsoft XL, Word and Outlook, burnt RecordNow Max. Can an Update detect my burnt programs and do anything bad??

I don't know how it could, so I'll have to say "no".
The update only patches windows files. It doesn't look for other programs.

Cause, you see, I had a burnt Windows before (which I did not know :o) and I updated my PC through Win Update, and after that it began tellin' me to activate my Win Xp Home. I pressed the activation button, but it said that there was some kind of an error (well, duh, my Windows is burnt :-/), so I had to buy a new one, and all the previous programs were lost, so my friend gave me the copies of his programs. And, you know, after that, I'm afraid to update my system. My Word, my XL, my Outlook, my RecordNow Max, my Musicmatch Jukebox... If I lose those programs... Well... I think the Update is just not going to be worth it... :-/

Don't bother updating, if your using a pirate version of windows and are on the net they know. You not the first nor the last, but you're an amateur. Your breaking the law mate... your a smartie alrite ;D

Slot<stil giving advice good to see 8) , anyone seen my cain??

Yo, yo, yo. I just said: I had a pirated Windows BEFORE. I updated it. Next thing I know I got to buy a new Windows ;D. Yeah, so, you see, I'm paranoid now about updating :-/. Cause I still got some pirated programs on my PC. I'm afraid to lose 'em.

Quote:

---

Yo, yo, yo. I just said: I had a pirated Windows BEFORE. I updated it. Next thing I know I got to buy a new Windows ;D. Yeah, so, you see, I'm paranoid now about updating :-/. Cause I still got some pirated programs on my PC. I'm afraid to lose 'em.

---

Well AFAIK, Microsoft does not look for _other_ burnt programs on your system _yet_
I would think if you went to MS-office update, it would detect your office had a pirate cdkey... but I really doubt ms would go so far as to start deleting stuff _yet_

But you never know...

Just make sure to do a full backup... :)

Well, if that's the case, then which is the best program to do that? And where do I get it? Thanks.

Hi
I'm New here
And I too found this site by a Google search that brought me here because of the DSO Exploit.
I did all that was suggested here and get rid
Of the anoying DSO Exploit, also I switched my
Spybot program to the Advanced Mode.
But after I run a new scan with the Spybot
Program, it found me another problem
Called: Avenue A, Inc.
And when I pressed on the Plus that's what opend:
Tracking cookie (Internet Explorer: Atid) (Cookie, nothing done)

My Qustion is:
What it means??
And do I need to fix it??

Thanks in advance for any help.

Sudbury person from up there where all that cold air comes from. Your simple , easy to understand , cure
Worked like a charm. New at this site and illiterate on a computer. I appreciate your cure for the DSO problem. Tnx. Grady

Quote:

---

I finally got rid of DSO Exploit using "Spybot Search & Destroy" with the following method:

Have "Search & Destroy" look for problems the usual way and then (1) highlight one of the "Data source object exploit" items, (2) Right click the highlighted item to bring up the menu list and select "More details", (3) Now click "Jump to location", (4) You are now viewing the Registry and can use the path shown in the Search & Destroy window to get to the key shown, (5) I manually deleted each of 5 keys and no longer have it coming back.  I haven't noticed any change in performance so I trust that I did no harm but I am happy not to have the damned thing any more.

---

:-*

THIS REALLY GETS RID OF IT. If you follow the other posts and just IGNORE the product in Spybot, IT'S STILL THEREThanks for your good words Cellarius, hope to return the favour someday 8)

Hi all, yes I am a newbie. Boy, am I grateful about not being the only one in this situation. I thought I had done something wrong! :-[
When I found this website I tried Sudbury's fix and I am free of
Dso! Thank you, Thank you, Thank you!

Willowtree

Obviously these people who are happy with that fix haven't read all the posts.

Okay GTX, what am I looking forward to? I take by your answer this is not the fix.

Am I "Jumping the Gun."

Willow