 |
Well guess I read your post to fast thought you were talking about XP's recovery not Spybots but re-checked myself and yes what you replied was there and did work,thanks, but does it take care of the ones in regedit to, have my doubts, so with both solutions I would imagine this should take care of any DSO problem for good if they have their pc's updated all the way around!
Thaks for the advice hef, but I don't know really what you mean :(
I know nothing about regedit and the lst thing I want to do is screw my computer up myself. I need to be told in baby steps how to get rid of this. Here's my original post again:
--------------------------------------------------------------------------------
I've had dso exploit for a couple weeks now and I want to get rid of it.
I did a windows update. I have norton's updated and ad-aware updated-both which don't show any problems.
But, spybot finds 5 entries of DSO exploit. I can "fix" the problem but spybots finds it again after I restart my computer.
I don't want to go into my registry and change anything.
Basically, I'm hoping someone can give me the best instructions for getting rid of this thing.
I've read all th eother fixes listed around here, but there are so many , so I'm hoping to hear from someone who can fix this good.
Thank you very much
DSO is simply a URL or address placed in the registry by a site you have visited. It relays information from your computer back to advertising sites.
It is NOT a virus. But, if you don't want to be used by advertisers, then get rid of it.
It will come back; by going to certain sites... and you never know which one will place it back in your registery. It is NOT harmful, like a virus or Trojan.
There are 2 great free programs, that you can scan your computer with, then safely delete everything they find.
If interested, here are links to both:
http://www.security-related.com/download2.htm
Download: SpyBot Search & Destroy; 1.3
AdAware at:
www.lavasoftusa.com
Best wishes,
fredg
Earlier post with spybot and ad-aware have been used and no luck but with the post I posted the DSO problem was cured but you still need to use spybot and ad-aware anyway just in case any spyware period gets in so the best bet is always stay updated you are never going to get away from spyware its like a virus and trogan you just have to keep cleaning them out and watch were you go and stay updated,there is a post from someone about changing your ad-aware settings to,that would be a good idea,yes DSO is nothing major but its just the idea that its there and no one should be in your pc but you but if you can get away from I.E. that would help to as of yet havent had the DSO problem again but have techs on the look out for one that is infected so if and when we get another one we'll try the spybot recovery first and see if that does it then if not go with the regedit way one of the two should do it!
This wont help with the DSO problem but another program to try out is the X-Cleaner it along with Spybot and Ad-Aware and all updates for everything such as windows to should help you out.
Is this adware BS Exploit crap even legal? I mean, it most definitely shouldn't be. :mad: :mad: :mad:
Ah spyware the only thing you can do for spyware is 1. never turn your pc on again or 2. keep your pc cleaned out and updated because there aint anyway around it they find new ways to slip it in everyday so all ya can do is keep it updated and as far as legal whose got the money to fight em if ya catch em.
A very good tutorial is found here. It did for me what spybot S&R was unable to do so. Every time I ran S&D, although it did find DSO Exploit, and removed it, the next it showed up again. This requires work with the registry settings. Good Luck
http://www.pchell.com/support/dsoexploit.shtml
Good someone did have this problem listed online but earlier post we have posted covered that problem they talk about so both ways will take care of the problem so thanks for the link though!
The recurring dso exploit is a bug otherwise known as a glitch with spybot and it is nothing to worry about. If you have windows service pack 2 or the most recent updates for windows you are fine. The spybot program displays this regardless if you have'nt noticed from the rest of the reports in this forum. My email [email protected]
Well another point that as we all know already the DSO problem is a I.E. problem so the steps that have been posted already do the job and not everyone is happy with XP-SP2, best way there re-install Windows then load XP-SP2 (FIRST) but it depends on what software people have on there pcs not all software works with it so the I think the post pretty much cover the problem unless you know were you got the DSO in the first place then stay away from it.
I'm sorry I don't have the patience to read everything about DSO exploit. It seems a very hot issue. I am just getting to it... The other night I peaked in and read this and it sounded good until I went to do it...
Written by user name: Sudbury
Re: DSO Exploit
« Reply #11 on: May 22nd, 2004, 1:31pm » Quote Modify
--------------------------------------------------------------------------------
If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following:
1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.
You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.
It occurred to me that I was asking the program to ignore DSO Exploi, not fit it, thereby telling Spybot to act as though it doesn't exist rather than eliminating it. IS this thing benign anyway?? Can we just ignore it?
Okay, I tried username: Cellarius, suggestion:
I finally got rid of DSO Exploit using "Spybot Search & Destroy" with the following method:
Have "Search & Destroy" look for problems the usual way and then (1) highlight one of the "Data source object exploit" items, (2) Right click the highlighted item to bring up the menu list and select "More details", (3) Now click "Jump to location", (4) You are now viewing the Registry and can use the path shown in the Search & Destroy window to get to the key shown, (5) I manually deleted each of 5 keys and no longer have it coming back. I haven't noticed any change in performance so I trust that I did no harm but I am happy not to have the damned thing any more.
... and it didn't work. It would not give me the option of delete on the folders and I could not highlight and press the delete button. If I manually broke down the files, I could, somewhat, not the folders, just the files, and it was hit and miss, but there are TOO many files and it wasn't working that great.
DSO Expolit There is now a download on Major Geeks to rectify this DSO Exploit. You must have the latest progrmme od Spy bot . I have downloaded it I do not get any more DSO Explot now when I run Spy Bot
I ran Spy Bot and Adware a couple of days ago and have had mega problems since (this is being sent on my laptop!) I can still access my email but cannot access the web using IE, although I can access a bank account direct, but apparently nothing else direct. The computer is running very slowly as well. I use XP home and Broadband. I have tried to restore to pre Spy Bot without luck. Any ideas what's gone on?
I recently installed the 131tx update, exploit doesn't show up anymore, I get congratulatory message now. Great, right? But...
is 131tx just a disguise for DSO Exploit? Is it still there? If it is am I vulnerable?
The reason I ask all this...
Before I installed 131tx I kept getting the exploit after running Spybot. I then downloaded 131tx, ran Spybot and it was gone. So out of curiosity and to make sure 131tx wasn't just a disguise I deleted 131tx and then uninstalled Spybot, restarted my CPU, reinstalled Spybot and I continued to not get the DSO Exploit. What's going on? Since I deleted the 131tx fix, uninstalled and reinstalled Spybot shouldn't I then get the DSO Exploit again? I did all this within minutes apart of each other. I also tried to use all of my browsers (IE, NS, and MF) to try to get the exploit back but it never did come back. I first discovered the exploit using IE but no matter if I use it now I don't get the exloit. I haven't upgraded IE during any of this either.
I also went to http://www.greymagic.com/security/advisories/gm001-ie/ and ran the calculator test. It says:
Executing arbitrary commands without Active Scripting or ActiveX
Running "c:/winnt/system32/calc.exe"..
I don't see a calculator so I'm guessing it's not running and I'm safe, right? I went to greymagic before I installed 131tx and I think I ran the test and got the same result I mentioned above. But in all the confusion I'm not really sure if I ran the test to be honest.
Does any of what I'm saying make sense? Anybody? Suggestions? Answers? Please? Going crazy!
PS. I'm stating right now for the record that I did not mess with the registry and change any or delete any values for the DSO Exploit just in case anyone thinks I may have screwed something up there.
Also...
I read this advice in another forum...
"download and install spyware blaster, from the immunize page of spybot, and configure it with maximum protection.
go to tools then custom blocking. click the add button and follow the on-screen directions.
type in the name: dso exploit
type in the following clsid:
S-1-5-21-220523388-152049171-854245389-1001\Softw are\Microsoft\Windows\Current Version|internet settings\Zones\0\1004!=W=3
this is the address where the hack lives.
check the box next to the name and click "protect against checked items".
now run spybot and there you have it ~ GONE!"
I haven't tried it yet. Will this advice work?
The reason you _never_ saw the calculator was this: The DSO exploit is an old problem that was patched by Microsoft a long time ago. So if you have been current with your patching, the issue was fixed on your system long before you started wrangling with the spybot problem.Quote:
Originally Posted by stallion4
Spybot scans for the DSO Exploit by looking at a few registry keys that are supposed to be set to the numerical value 3. Even after installing the Microsoft patch, these keys still hold the incorrect value. Spybot tries to fix them "just in case" you haven't been patching.
So it looks at these keys, sees they are not set to 3, and tries to fix them. But due to the now-infamous spybot bug, it sets them to 1003 instead of 3. So on the next scan, spybot sees they are still not set to 3, causing it to report the problem again.
I am assuming the spybot update causes spybot to properly set the value to 3. So even after reverting to the old spybot version, spybot will scan the key, see that it is really set to 3, and not report a problem.
Bottom line, if you have been patching, you are fine as far as the DSO exploit is concerned. Period. Worry about the bofra virus. :)
~psi42
I have all the critical Microsoft updates(I have XP:Home), Spybot is fully updated and I still get the same DSO Exploit problem. I don't want to ignore it by doing this:
1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.
I want it eradicated
So is there something I can do to remove it?
If you have all updates, then the DSO exploit is not a thread.
****
If you want to get rid of it, you will have to edit the registry:
1) Make a note of the location of the exploit shown in Spybot, something similar to:
HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3
2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor
3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title
4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and go to modify, give it the Hex Value of 3, Click OK.
If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.
5) Close the Registry Editor and reboot your computer
This was copied from:
http://www.pchell.com/support/dsoexploit.shtml
Many other sites carry this information.
I went through Regedit, and deleted the 1004's. I then ADDED new 1004's and made the value 3. It worked perfectly, and I have no more "DSO Exploit".
YOU GUYS ROCK>
(I did need help with the registry, from a bud who knows a little more than I do. He had it too. We followed the thread together, and got it, no problem)
Thanks again!!
Using Spybot Search & Destroy look for the DSO Exploit and then:
1) First, click the DSO Exploit Fix.
2) Disconnect your internet connection
3) Reboot your computer the standard way
4) Run Spy bot
5) Enter the registry by clicking on the start menu, then run, type regedit and choose OK
6) Now locate each one of the registy entries that Spy Bot said it found the DSO exploit in.
7) Rename the 1004 files to 1003 then exit regedit
8) Shut down your computer
9) Reconnect your internet connection
10)Restart your computer
11)Run Spy Bot again to verify the DSO Exploit has been removed
:) Wot's the problem and I am no techie?
I have just reinstalled my W2K Pro et al - 5hrs lateredi! - had trouble going online and found DSO Exploit when I ran SpyBot. Scoured web, found this erudite site, read all of 12 months worth of postings, did what Alicka Alota advised...
:p Flash, bang, wallop - I'm a photographer! - problem solved. Checked with SpyBot and been on/off line 10 times to make sure it was OK.
;) She knows what she's talking about - for some reason the thread it came up in was DSO- Porn- casino- *Someone pls help - and if you follow her destructions faithfully, you won't go wrong. Remember to do the regedit clearout for each user on the machine! Fortunately, I only had 2 to contend with. Something tells me that Alicka said her destructions are for W2K only but the idea is the same for other OSs..
:confused: How DSO got in beats me as all MS SPs for everything were loaded but I suppose it doesn't take much of a loophole for these little mites to sneak in.. Jesus H. Christ, how do these people know all this ess aitch one tee, anyhow..
BIG thanks to Alicka, Petrujczech.
Hi,
I used Cellarius's method for removing the DSO Exploit. IT WORKS!,
Without harming the computer.
THANK YOU, Cellarius.
fredg
:confused: I recently solved this problem by following the recommendations made by Alicka Alota and all is well, SpyBot scans clear. I have been trawling through previously missed items and found a suggestion made by the Moderator, to a "kat555lady" posting of 16 April 2004, leading to a PC Hell site for resolution; www.pchell.com/support/dsoexploit.shtm.
:eek: In addition to the 2 registry locations listed by Alicka, I found a third one at HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current Version/Internet Settings/Zones-0, -1, -2, -3, -4. All zones have a file 1004.
:( The PC Hell advice is at variance with Alicka's. Can they both be correct?
Does the third location found by me need modifying?
:) Suggestions appreciated; I have a copy of the original Registry.
Cheers, Petrujczech.
Hmm. What really actually matters is the value of the 1004 DWORD. It should be 3. If it is 3, you are fine.Quote:
Originally Posted by Petrujczech
If Spybot doesn't pick it up, either the value is set to 3 already, or you found a bug in spybot.
Either way, it essentially doesn't matter what you do, because as long as you are current with your MS patches, this exploit will be patched on your system.
Hallo psi42.
:) Thanks for info.
I am not 100% savvy on computers let alone Registry matters. I follow the premise of what one fool can do, so can another... I have yet to understand the mysteries of the Registry and why it can create such mayhem.
Is the file "value" you mention, the same item as the "Data", please?
The Zone 1004 file "Data" in the location listed to-day, are as follows:
Zone 0 0x00000000 (0)
Zone 1 0x00000003 (3)
Zone 2 0x00000001 (1)
Zone 3 0x00000003 (3)
Zone 4 0x00000003 (3)
What does it mean, please?
Cheers.
:o OK, now I know what a Registry "Value" file is, having scanned the Registry and found 32 assorted file values 1004! I assume that they cannot all be trouble.
:confused:
Question 1/. What is "DSO Exploit" and what is it exploiting? In fact, what is one looking for?
Question 2/. In addition to the 10 deleted 1004 REG_DWORD files as advised by Alicka, my Registry contains a further 11 similar, on one User Profile alone. That is they are all linked variously to Internet Settings/Zones. Do these need to be deleted?
My OS is W2K Pro, with SpyBot and SpyBlaster and everything is updated regularly.
Any ideas anyone, please?
Hi,
Cellarius's answer WORKS!
In more wording, here is how to get rid of it:
The following editing the Registry is the ONLY way to get rid of DSO Exploit. Be VERY CAREFUL when editing the Registry; your computer might not re-boot. So first, shut down the computer, then turn it back on. Windows will back up your registry for you.
1. Run the SpyBot scan as usual.
2. When finished, left click on the + sign to the left of DSO Exploit, to expand it. There may be more than one listing of pathways. If you have more than one listing, you will have to do the same below for each separately.
3. Left click on one of the "Data Source Object Exploit" to highlight it. Then write down the full path; such as, HKEY_Users/Default/Software/Microsoft/Windows/Current Version/Internet Settings/Zones/O/1004, etc.
4. Right click anywhere on the highlighted area, and Left click on "More Details", then on "Jump to Locations". This takes you to the Registry.
5. Now, keep Left clicking on the + signs to the left of the pathway folders, until you get to the folder 0.
6. Left click on the folder 0, to highlight it.
7. On the right hand side, look for 1004 under the heading "Name", and Left click on 1004 to highlight it.
8. Right click on the highlighted area, and Left click on "Delete", then on "Yes".
9. At the top, Left click on Registry, and Exit.
10. Re-boot.
The DSO Exploit should now be gone. Run SpyBot again to prove it to yourself!
Best wishes,
fredg
PS; The DSO Exploit is a flaw in Internet Explorer 6; it allows advertising to run from and to your computer. If you downloaded the Cumulative Security Patch for IE, it will take care of it. OR, you can use the method above.
Ys, Ihave found a way to patch that DSO exploit. Here's what you need to do and this works.
1. Download a program called DSO Stop - url to follow
2. Install program, this only patches but will not get rid of exploit.
3. Download Spybot update v1.3TX
4. Install v1.3TX
5. Run Spybot - DSO will show after 14,000 items scanned but only 4 items
6. Run Spybot 1 more time
7. It will fix all DSO items after 3rd scan.
This works, I have done it 27 times on different PC's and the Exploit does not come back. e-mail me if you want if you have any question or can not find the downloads. [B]When this works pass it around.
ebyte
Whew long thread. I found my fix by combining Clueless's Post #65 and GTX Post #71. (I needed step by step all the way) :D
Needless to say I pursued a lot of junk along the way. It would help if someone would pick the correct fix, eliminate all the continued chatter and just post the fix and close the thread. I noticed that the are threads in other forums going down the same road as well. :eek:
A big thank you to Clueless and GTX Slotcar.
Along the way I found MS-AntiSpyware Beta 1 anyone running Windows should look at this, it is rich in features and seems to roll up all the small utilities into one. Download free at MS downloads. I find it works great on my machine. However it does not remove the existing DSO Exploit, I would think this is because MS plugged that particular hole and it just ignores it.
It did find several cases of spyware that the latest versions of Spybot, AD-Aware and CWshedder did not.
Nuf Said, Thanks to All
JohnD :D
I did. Notice the very first post in this thread, it has been edited. That was in December. :)Quote:
Originally Posted by JohnD
I haven't closed the thread, in case anyone had something else to contribute...
:eek: Whoops my apologies. A search engine threw me in somewhere in the miiddle of an older forum page actually, that thread ended in July/04 it had 13 pages it has grown to 24?
It would be interesting to know if MS-Spyware would remove the ESO Exploit on a machine that had not been tampered with other utilities like Spybot or suchlike.
:)
Hi All,
Ran MS Spyware and then Spybot Search and Destroy on another computer.
Ran MS Spyware: It cleaned up a bunch of spyware but did not report DSO Exploit
Ran Spybot S&D: Found 24 instances of Spyware that MS Spyware missed and reported 5 DSO Exploit instances.
So MS spyware does not report or remove DSO Exploit.
Also given the reverse order of running the Antispyware programs and they both found spyware that each had missed, although Spybot found more than MS(lets also bear in mind that it was 2 computers that could have had different spyware in them) I for one will run more than one spyware program on my computers.
Regards,
JohnD
Quote:
Originally Posted by psi42
Hallo psi42.
:o Posted a thanks and a couple more postings since your advice but forgot to "quote" you.
So thanks again!
Any more ideas on subsequent items, please?
Cheers.
Quote:
Originally Posted by fredg
Hallo fredg.
:) Thanks for the info but I have already removed DSO Exploit via the Alicka Alota route as stated in in my previous posting on 17 January. SpyBot is clear.
:confused: Being curious, I scanned the Registry again and came up with the results listed in subsequent postings. The machine runs OK, I simply wondered what the significance of these findings was if any and if someone was able to throw any light on them.
:cool: I am running W2K Pro, SpyBot and SpyBlaster along with McAfee ViruScan and Firewall; everything is fully updated, regularly.
Cheers and thanks again.
The free ware at http://www.nsclean.com/dsostop.html DOES work! Use it
http://www.answersthatwork.com/Taskl...s/tasklist.htm <-------List all windows processes for Windows 95/98/ME/NT4/2000/XP/2003
I don't know if ti's appropriate for this thread, but I feel more complete being able to look up processes.
Whiskey14
Junior Expert wrote:
By all means, let Spybot get rid of it for you, you don't want it on the computer. Have you seen a web page with a name like CoolSearch, or somethng similar? If yes, you will want to download CWShredder from:
My question is this. Every time I run Spybot it detects DSO Exploit with 5 entries. I tell Spybot to fix it. Spybot tells me it is fixed. When I run it again, the same thing happens. I'm leery about changing registry. I have Windows XP and the Windows XP Service Pack 2. Do I need to be anymore updated than that. Can I just ignore the DSO Exploit?
Thanks!
Robert
Yes...Quote:
Originally Posted by rmanthey56
Quote:
Originally Posted by psi42
Yes, I am updated enough, or yes, I can ignore the DSO threats, or both? I have told Spybot to ignore it. I did run the DSO Stop software you or someone mentioned, and it fized one of the five DSO threats, and one non DSO threat, but it wouldn't do anything to the other 4 DSO's. I told Spybot to just ignore them, but when I ran it again, they showed up, the remaining 4. Anyway, I do use FireFox, and since have mabe one or 2 spyware found during a scan as opposed to literally hundreds when I was using IE. Things seem to be fine.
Thanks, Robert
Hi,
Here are steps for getting rid of the DSO Exploit. This Exploit is part of Internet Explorer that allows advertising signals to be sent back and forth to your computer.
The following editing the Registry is the ONLY way to get rid of DSO Exploit. Be VERY CAREFUL when editing the Registry; your computer might not re-boot. So first, shut down the computer, then turn it back on. Windows will back up your registry for you.
1. Run the SpyBot scan as usual.
2. When finished, left click on the + sign to the left of DSO Exploit, to expand it. There may be more than one listing of pathways. If you have more than one listing, you will have to do the same below for each separately.
3. Left click on one of the "Data Source Object Exploit" to highlight it. Then write down the full path; such as, HKEY_Users/Default/Software/Microsoft/Windows/Current Version/Internet Settings/Zones/O/1004, etc.
4. Right click anywhere on the highlighted area, and Left click on "More Details", then on "Jump to Locations". This takes you to the Registry.
5. Now, keep Left clicking on the + signs to the left of the pathway folders, until you get to the folder 0.
6. Left click on the folder 0, to highlight it.
7. On the right hand side, look for 1004 under the heading "Name", and Left click on 1004 to highlight it.
8. Right click on the highlighted area, and Left click on "Delete", then on "Yes".
9. At the top, Left click on Registry, and Exit.
10. Re-boot.
The DSO Exploit should now be gone. Run SpyBot again to prove it to yourself!
Best wishes,
fredg
| All times are GMT -7. The time now is 06:28 AM. |