Quote:

---

Am I "Jumping the Gun."

Willow

---

Yes.
And I hope you're not free of DSO, but free of the exploit. You might want to read pages 5 through 7 of this thread.

If Willowtree and Grady and countless others are happy with getting DSO Exploit off their screens with a minimum amount of fuss and bother that's fine with me. Check Spybot regularly for updates because they are going to issue a permanent fix soon.

Sudbury

I want to thank you both for your imput. I am not a super computer person. I am just learning as I go along. So, at this point I can use all the help I can get. All I am looking for is something that works and something even I can understand.
Take care,
Willow

Quote:

---

If Willowtree and Grady and countless others are happy with getting DSO Exploit off their screens with a minimum amount of fuss and bother that's fine with me.
Sudbury

---

I don't know if the others are 'countless', but it's fine with me, too. I think they should realize they're running without a security setting there doing it that way, but as long as they're happy...
Yes, spybot already has a fix for this. They had if for their last release, but it didn't make it in. It will be in their next release, soon, but we've been saying this since this thread began, April 16th.
I think people find this thread looking for help. Most of them start reading at the beginning, try stuff until something seems to work and never bother reading further.
If it really bothered me, I'd start a new thread ;)

Hold the phone.
Here is the real solution to the problem:
http://www.experts-exchange.com/Secu..._21054787.html

Disabling the DSO Exploit check is really silly advice.
By the same logic, you could just uninstall SpyBot and not get any notifications from it.

The DSO Exploit is an important security hole to know about. The other advice above describing the Exploit and steps to manually remove it by making changes in your registry are the right way to go. Read the registry change instructions carefully and everything will be fine.

I came here looking for help. If I have done something wrong, I need to know. I love my computer. It is not only a tool, it is a gateway to the world for me. The websites that have taught me so many things and lets me keep in touch with my family and friends at the touch of a keyboard.
Most of the things, you all talk about, I have never heard or know about.
Everything, so far, I have taught myself. So, I am open to anything that teaches me how to take better care of my computer.
Thank you all for your help.

Willow ;)

Quote:

---

Hold the phone.
Here is the real solution to the problem:
http://www.experts-exchange.com/Secu..._21054787.html

---

I find it rather amusing that the first post in that thread points right back to this mess...

;D

I don't suppose someone who has posted on the first page could edit their post to reflect the fix? That way maybe a few less people could do the Wrong Thing?

Do not go the above link for the experts exchange. You have to sign up to even read the forums, and get bombarded with scripts upon entering. It is sites like that which are half the problem and should be avoided. Any real solutions should be posted here for all to see freely. Could you post the answer from that site here? Also, I changed all the registry key values to 3 like suggested, and 2 entries still show up on spybot. Is this an issue with spybot or what?

Quote:

---

 Any real solutions should be posted here for all to see freely.  Could you post the answer from that site here?  

---

It is posted here.
I've posted this in 5 forums and this is the only one that still has activity on it. On those others, I didn't even go into detail about what a DSO is or how it's "Exploited", or why Spybot keeps identifying it when it's gone. I've checked my procedure with the "official spybot forum" and it's correct. I've even given the link to that forum.

In this thread, you have basically 3 opinions of what to do. One says to tell spybot to ignore the DSO Exploit once it's found it the first time. The other says to look up the DWORD in the registry and just delete it (actaully, at that point it's a String Value), and the other says to delete the String Value 1004 (each occurance) and create a DWORD 1004 (which is what it was before spybot mis-recreated it) because it's a security setting that shouldn't be ingored.
All of them say you should run Windows Update for the security patches so you won't get this exploit again.

Now it's up to you to decide which fix is right for you :)

Gary

Quote:

---

Do not go the above link for the experts exchange. You have to sign up to even read the forums, and get bombarded with scripts upon entering.

---

Um... I didn't have to sign up for anything..?



Now, I think it's time we really cleaned this thing up. This thread is 10 pages long because we have three conficting "solutions."

One is to ignore the problem
One is to fix the problem
One is to delete the 1004 key

Now, can somebody who deleted the key please go back into the registry, and see if it was recreated, and what value it holds? Then maybe we can see if deleting the String Value entirely fixes the problem, or if it doesn't. Obviously changing it to a DWORD with a value of 0x03 _does_ fix the problem, we've established that. Now let's try to break the confusion, and figure out just what happens when the 1004 String Value is deleted.
(I'd do it myself, but I haven't got a windows box handy at the moment ;D).

:)

~psi42

Anti DSO Exploit Manual Fix Locate DSO Exploit by Spybot - Search and Destroy

Mostly we recognise that infected by DSO Exploit when run SpyBot Search and Destroy.

To check if SpyBot not ignoring DSO proceed:



1)      Choose from Mode / Advanced Mode

2)      Enter Settings

3)      Ignore products

4)      Security

5)      Uncheck DSO Exploit if checked in box.

6)      GoTo Spybot-S&D

7)      Check for problems


Fix the problem manually in Registry

If you see DSO Exploit (usually 5) select if first and

Fix selected problems

Then do operation below



1)      Open regedit from run mode:

2)      GoTo:

HKEY_USERS/DEFAULT/Software/Microsoft/Windows/

CurrentVersion/Internet Settings/Zones/0

3)      See if 1004 is REG_SZ or REG_DWORD

Most likely its REG_SZ because of DSO Exploit.

4)      First delete 1004 Value - its wrong.

5)      Proceed to Zones/0 , right click 0 File and

add new DWORD Value. (New/DWORD Value)

6)      Change Name of this Value as 1004 ,

right click to 1004 and change Value Data from 0 to 3.

7)      Check if there is 1206 already exist.

8)      If not process same operation as for 1004

and leave Value Data of 1206 as 0.



This operation needs to be done in all of these files:



 I.      HKEY_USERS/DEFAULT/Software/Microsoft/

Windows/CurrentVersion/Internet Settings/Zones/0

II.      HKEY_USERS/S-1-5-18/Software/

Microsoft/Windows/CurrentVersion/Internet Settings/Zones/0

III.      HKEY_USERS/S-1-5-19/Software/

Microsoft/Windows/CurrentVersion/Internet Settings/Zones/0

IV.      HKEY_USERS/S-1-5-20/Software/

Microsoft/Windows/CurrentVersion/Internet Settings/Zones/0

V.      HKEY_USERS/S-1-5-21/Software/

Microsoft/Windows/CurrentVersion/Internet Settings/Zones/0

Check the result

When operation is done check the registry codes (should be as shown in picture beside) and run Spybot for final check up. Hope you won't see DSO Exploit anymore.

Spybot - Search and Destroy

If you don't have Spybot Search and Destroy (its COMPLETELLY FREE) you can download it just clicking on that link: [ftp]ftp://ftp.download.com/pub/win95/utilities/spybotsd13.exe[/ftp]

http://www.ramesses.8m.com/images/an...in_regedit.jpg

Enjoy your surf!

P.S. Also you can find it on http://www.ramesses.8m.com/custom.html

P.S. Thanks GTX for locating a mistake - I've wrote Explicit instead Exploit before. :)) Was very sleepy because didn't sleep for 30 hours to that moments. ;-)

I think it recreates some of them if you delete them, so they keep showing up again on spybot. It DOES stop showing up if you find each individual 1004 entry that remains, delete it, then recreate it with a value of 3, like GTX said. Use the pane on the left in the registry to find the DEFAULT, S-1-5-18 through -21 individually (or whatever keys spybot lists) and change the values to 3. I think those were the same 5 entries I kept getting, so I tried that and it worked! Thanks computer geeks. I am going to school to become one myself, but never worked with the registry much. They said not to mess with it unless you know exactly what you're doing, so only change those entries showing up on spybot- nothing else... Thanks again.

Air Scorpio, please change:
"Locate DSO Explicit by Spybot " to read "Locate DSO Exploit by Spybot". It may confuse the already confused. Thanks buddy.

I'm sorry I haven't had time to answer all the private messages and email (from those who were resourceful enough to look up my email address through Tweaks & Reviews).
I've reviewed Air_Scorpio's post and it reiterates what I've been saying. It even goes a step further and shows you how to make sure you haven't left spybot in a state where it ignores this DSO Exploit.
He's taken the time to give you the exact locations to look for the problem in the registry for those who can't follow it in spybot.
Follow his instructions or mine, whichever is easiest for you to understand.
Don't forget to UPDATE WINDOWS to get the new security patches. Do you want to go through this again?

Here are answers to the 2 most frequent questions I've been asked privately.

To open the registry, click your "Start" button and then click "Run". A dialog box opens. Type in the word regedit and click OK. It will open your registry.

The other one concerns changing the entry in 1004 to 3, but spybot continues to see it. You don't change the entry to 3. You delete 1004 (because it's a String Value and should be a DWORD) and create a new DWORD 1004 and give it a hex value of 3.

I'm going to try to make this my last post here. Please understand that I'm not out of patience, just out of time.

Gary

Hey all. I thought for one last effort and since he works in Seattle for Microsoft and thank the Lord he is my nephew, I woud give him a shot at this. I just now emailed him and when I get a reply I will be very happy to share it with everyone.
You all have been so helpful and kind. I want to thank you for that.
Take care. Will be back as soon as I can!
Thanks again,
Willow :D

hey guys/gurls~
Gezz this page still going! Well your all a bit late, because the problems been sorted... and to all newbies, don't take these guys advice to likely, they most likely are amateurs, and its not hard to see that when they are telling you to change values in the regedit.
If you knew what Exploit actually did, or has already done then you's would know(obviously you dont) that changing values does absolutely stuff all. These process Has done what it needs to do.

Don't try be something your not, you'll just make a fool of yaself! Oops to late ;D

~ Do not worry about doing ne of this, you'll just create more work for the guy(proberly me:P) who will have to fix it. (Your PC that is)

Regards~ alicka~
I love this place~~~~

Quote:

---

don't take these guys advice to likely, they most likely are amateurs, and its not hard to see that when they are telling you to change values in the regedit.
If you knew what Exploit actually did, or has already done then you's would know(obviously you dont) that changing values does absolutely stuff all. These process Has done what it needs to do.

---

And the online source that backs this up is... where?

Quote:

---

]
Don't try be something your not, you'll just make a fool of yaself! Oops to late ;D

---

Indeed.

To alicka & psi42...

You better tell people what should be done instead telling people that everything is wrong. You drive people nuts. If you know so much tell them what to do. Yes, we are newbies (at least I am) but at least we try to help people as we can, not like you just laughing and no help. And I think if you really knew what to do you would tell.

Regards ,
Scorp

Dear Air scorpio,
Your thread touched me! No really it did ;D, yes what am I thinking ::) well dearest scorpio if you've been here since the start you'd know that I've posted numerous Exploit Fixes on here, but do people listen! No, and I don't care. Well I do care but I only care about the people who are genuinely stuck in a pickle! Its just the regedit is not something you want to play around with if you don't know what you are doing.
And I don't know what these other guys here are doing, but where I am its my job. I work for government IT, so I think I'd know... <well that's for me to know and for you's to decide>


Regards~ alicka~
Deus t@ Am3n

And almost forgot, deffinitly take PSI's advice, if your using Internet Explorer, that's where half you problems come from! Get Mozilla and see the difference! :o ;D

Regards~ Alicka alota~

Quote:

---

To alicka & psi42...

You better tell people what should be done instead telling people that everything is wrong. You drive people nuts. If you know so much tell them what to do.

---

Well, it really looks like we are trying to do that. What's going on here is that there is rather a bit of a disagreement. The problem is, a few of you guys think there is some sort of war on or something ;D.

Quote:

---

]
Yes, we are newbies (at least I am) but at least we try to help people as we can, not like you just laughing and no help. And I think if you really knew what to do you would tell.

---

Okay, for the last time:

This vulnerability was patched by Microsoft a long time ago. It _does_ _not_ matter if you do anything about it or not at this point in time, as long as you've kept up with your security updates.

Will everyone please confirm the above statement so we can all agree on something?

So you _don't_ need to fuss _if_ you've been patching your system. If you haven't been patching your system, well, that's bad. :)

If you like to have everything just right just in case, then you're going to have to figure out on your own which "solution" you're going to follow.

Here, take a look at this site:
http://www.greymagic.com/security/advisories/gm001-ie/

Go to the very bottom, and try the "Demonstration." If the program it specifices runs on your system, then you are vulnerable.






Now a good flame war is always fun, but this isn't a very good one.

Oh, and alicka. You're pretty confident of your position, I respect that. Unfortunately, it seems that every source I've seen on the net rather disagrees with you.
Now if you posted a link to a nice piece of writing that backed up what you were saying, we could all be happy. :)

~psi42

I just wanted to say that for the "newbies" and I know I am one too... listen to what the "experts" have to say. Don't just insult them they are here to help and you are here to get some help. I know personally that Alicka has helped me a lot to clear things up even when he gave me a solution that I didn't really understand because I'm a little computer slow he took it a step further to explain things better to me. So in his defence which I'm sure he doesn't really need it... he is and expert and you are a newbie and if you were serious about getting rid of this thing you would either look at the post that he has made and get a solution for you or would ask him personaly so he could give you a hand. He has been a huge help to me and I'm sure if you would just stop and listen instead of being hard headed you would get a proper solution.

Thanks Mankilla, I appreciate your support.
If you need any help what so ever, I will be glad to give any assistance possible. And that's to all, I'm here to help, that's all~

PSI, I run the states regional Hospitals IT. Yes in government. If there's an exploit, I have to find it and kill it. I do this for a living mate. And no I can't give you ne links, they're all encrypted 1048, so good luck~

Regards~ alicka~

Quote:

---

If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following:

1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.

You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.

---

Well thank you for trying to help. I didn't bother to read all 10 pages of replies, but dude, if you did this carefully, you would have noticed that "Ignore" ignores it when it finds it on your computer, meaning that you told it that its okay when it runs over it. So what does this mean? Its still on your computer. Lets face the music kids, it keeps coming up because you can't get away from it.

Are you sure? Your not pulling our leg here??
Gezz you can tell this is an american forum ;D ::)

Such a smartie ::)

Quote:

---

]Well thank you for trying to help. I didn't bother to read all 10 pages of replies, but dude, if you did this carefully, you would have noticed that "Ignore" ignores it

---

ThisTastesNasty:
You don't think that others have noticed this therefor not done it. IF YOU HAD READ ALL THE 10 PAGES... then you would have noticed and been able to have done a better solution,, use your head here buddy. ;)

People, re the problem with the pop-ups Tickle IQ test and the Security Warning that seems to be associated with DSO Exploit and [deleted].com, I complained to [deleted].com today and they traced it to one of their clients, [deleted] who is responsible for these pop-ups. They told me to contact him at this email address:

[deleted]

Write and tell him that this crap was put onto your computer without your knowledge or permission and ask him to send you his adware remover.
Once you receive it, unzip it and install it but make sure you close all your Windows Explorer stuff first. It only took about one second to get rid of it.

Bunnyc

Sure mate ::) that's the biggest load of shait I've ever bloody heard. Get a life and stop wasting forum space tos-ser

Quote:

---

People, re the problem with the pop-ups Tickle IQ test and the Security Warning that seems to be associated with DSO Exploit and [deleted].com, I complained to [deleted].com today and they traced it to one of their clients, [deleted] who is responsible for these pop-ups. They told me to contact him at this email address:

[deleted]

Write and tell him that this crap was put onto your computer without your knowledge or permission and ask him to send you his adware remover.
Once you receive it, unzip it and install it but make sure you close all your Windows Explorer stuff first. It only took about one second to get rid of it.

Bunnyc

---

ROFL! What have you been smoking?

http://ask-leo.com/whats_a_dso_explo...rid_of_it.html


As I told you a week or so ago, I have a nephew that works at Microsoft. He said this site is our best bet. You can do whatever you think is best!

We are waiting to see what Hurricane Frances has in store for us. (Not looking forward to this)! But anyway, take it easy all... Willowtree

ROFL!  What have you been smoking?[/quote]

What's that smart remark supposed to mean?? I was a first-time poster who thought a solution to the problem would be welcome on here. I didn't expect to be spat on. Did any of you 'experts' find a solution except for advising what I consider risky measures for a newbie, to change the register?
Never joined a forum before where you get treated like crap first time around. You know what you can do!!

Quote:

---

What's that smart remark supposed to mean?? I was a first-time poster who thought a solution to the problem would be welcome on here. I didn't expect to be spat on. Did any of you 'experts' find a solution except for advising what I consider risky measures for a newbie, to change the register?
Never joined a forum before where you get treated like crap first time around. You know what you can do!!

---

Bunnyc, if you are really giving what you believe to be honest information here, I thoroughly apologize.

That said, let me explain my "smart remark." Although feeding trolls is rather fun, I'm really going to do this for the benefit of others. Now then:

Quote:

---

People, re the problem with the pop-ups Tickle IQ test and the Security Warning that seems to be associated with DSO Exploit

---

re? Re what?

Quote:

---

[deleted].com

---

[deleted].com is an advertising site, so far so good. Although what that has to do with the DSO expoit is a little fuzzy...

Quote:

---

I complained to [deleted].com today and they traced it to one of their clients, [deleted] who is responsible for these pop-ups. They told me to contact him at this email address:

---

What pop-ups? What does this have to do with the DSO exploit?

Quote:

---

[deleted]

Write and tell him that this crap was put onto your computer without your knowledge or permission and ask him to send you his adware remover.
Once you receive it, unzip it and install it but make sure you close all your Windows Explorer stuff first. It only took about one second to get rid of it.

---

Um, okay. So you are advising people to e-mail the guy who supposedly has been sending them pop-ups, get a binary executable from said unsavory character, and run it? If "[deleted]" is in fact putting spyware on your computer, he will probably just bundle a trojan with his "remover." How about that for "risky measures for a newbie?"

Second of all, the DSO exploit is not a virus. It is an exploit. It was not put on your computer by anybody but Microsoft.

So it all boils down to one of the following:
a) You didn't read the thread, which is bad
b) You didn't follow the links in the thread, which is bad
c) You are trolling, and in very poor taste, so it's a bad troll, which is bad


~psi42

Here here!

So damn true!

Hi all..

I was having the same problem with DSO Exploit showing up after I deleted it with Spybot.. I did what Sudbury said in his/her post and it has worked for me so far.. just wanted to let others know so they could try it...
Thanks for the help.. ;D

Oh. My. God. ::)

Good for you, Miissty.

You can leave it like that until Spybot releases the permanent fix (which they say is ready) and if all your Windows critical updates are installed you have nothing to worry about.

Sudbury

Quote:

---

I'm getting the same DSO exploit message after running Spy Bot.   I tried to get rid of it.  I even ran the Shredder and it still comes back.  Does anyone have a fix?

---

YES!
Problem:
Spybot S&D does have a bug relating to a false positive report of a "DSO Exploit." The "DSO exploit" is a trick that takes advantage of an old security hole in IE. However if your copy of IE is up to date, it will have long been patched for this weakness.
Thus it can safely be ignored during the search for Malware.
This Spybot "DSO Exploit" false-positive bug has been identified and will be corrected in the next update to Spybot. Meanwhile here is a manual workaround for SpyBot's over-reporting.
Eliminate this nuisance by doing the following:

Solution:
1) Open Spybot and select 'advanced' mode.
2) Select 'settings' in the left column.
3) Select 'ignore product' in the left column.
4) Select 'security' tab.
5) Place check mark in box beside DSO Exploit.
6) Close program
7) Open Spybot and run a scan.

After a new scan this “DSO Exploit” will not reappear. Assuming the scanned PC does not harbour any other spyware/malware, then a brief congratulatory message will appear.
Voilà

I am new at this I got DSO Eploit. I have tried spybot and its not working. Can someone please help me?

I am confused in trying to follow the instructions on how to get rid of this. If anyone can help someone who is NOT a computer expert, please let me know.

Thanks

Update ;)