Ask Me Help Desk - DSO Exploit, IE doesn't start, Saving my settings freezes comp...

Hello, I've multiple issues going on that were not happening before. I run Win XP SP2 with two firewalls, NAV 2005 - never had any issues until this started happening while I left comp on for 2 hours without watching. If you can help, I would greatly appreciate it. Here are the symptompts:
- Clicking on Internet Explorer just starts an hourglass for 2 seconds but the program never starts (it does run in the task manager though)
- IE does start in Safe Mode but Windows Update yields error 0x8007043C and I cannot run it
- Norton AV 2005 does open but with blank screen, I cannot take any action except closing it
- Gurunet does get put in the taskbar but I cannot start it
- Shutting down my computer stops at Saving my settings... then I have to shut it physically which I never had to do before
- Spybot finds 5 key entries defined as DSO Exploit, all of them in the Zone directory.

I believe these are all related, I've tried all kinds of things to fix them on and off line. I ran Adaware, Spybot, HijackThis (nothing found there), NAV in Safe Mode (nothing), and was able to run Firefox light without any issues (no win update though).

Any help is greatly appreciated. THANK YOU!!

Hi,
To get rid of the DSO Expoit, do this:

The following editing the Registry is the ONLY way to get rid of DSO Exploit. Be VERY CAREFUL when editing the Registry; your computer might not re-boot. So first, shut down the computer, then turn it back on. Windows will back up your registry for you.
1. Run the SpyBot scan as usual.
2. When finished, left click on the + sign to the left of DSO Exploit, to expand it. There may be more than one listing of pathways. If you have more than one listing, you will have to do the same below for each separately.
3. Left click on one of the "Data Source Object Exploit" to highlight it. Then write down the full path; such as, HKEY_Users/Default/Software/Microsoft/Windows/Current Version/Internet Settings/Zones/O/1004, etc.
4. Right click anywhere on the highlighted area, and Left click on "More Details", then on "Jump to Locations". This takes you to the Registry.
5. Now, keep Left clicking on the + signs to the left of the pathway folders, until you get to the folder 0.
6. Left click on the folder 0, to highlight it.
7. On the right hand side, look for 1004 under the heading "Name", and Left click on 1004 to highlight it.
8. Right click on the highlighted area, and Left click on "Delete", then on "Yes".
9. At the top, Left click on Registry, and Exit.
10. Re-boot.

The DSO Exploit should now be gone.
Best wishes,
fredg

Will do, I've read somewhere that I should change the values of the registry keys to 3 but that didn't help. One question, would you feel comfortable saying that the DSO is responsible for my other problems stated above? Thanks

I did get rid of the exploit but the other problems remain. Anybody any thoughts?

Hi,
I'm sure you have run some Spyware programs, but here is a list with suggestions on how to run them, in SafeMode.

If you think you already have Spyware/Advertising Ware in your computer, run these as follows:

http://www.security-related.com/download2.htm
Download: SpyBot Search & Destroy; 1.3
(If you use the Spyware Blaster free program, then don't set SpyBot to the Immunization feature)

AdAware at:
http://www.lavasoftusa.com
Download: AdAware_SE

CWShredder at:
http://www.intermute.com/products/cwshredder.html
(CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder".

All 3 of the above programs run better and much faster when run in SafeMode.

To get into SafeMode:
Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad.
When the options show on the screen, use the up and down arrow keys on the keyboard to select
"Safe Mode".
Press Enter

It's best to run the AdAware scan first; 3 times; then re-boot.
Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder.
Re- Boot.
Reason for running so many times:
Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
Running multiple times deletes most of it the first
Time.

If you wish to have a great program, after you clean out Spyware/Advertising Ware:
SpyWare Blaster 3.3

http://www.javacoolsoftware.com/sbdownload.html

It's possible, that if you do have Spyware, it is re-building itself cause it's not being run in safe mode, at least 2 or 3 times.
Best of luck,
fredg

Also, getting rid of any Norton products you have an replacing them with something better is definitely recommended. :D

I heard all kinds of stories about NAV 2005, anyway, I restored the Windows to previous state and am fine now. Not knowing though what was going on is bugging me though...

Its obvious that the dos exploit had a hand in the problem if that's what you found, and also, perhaps a hacker attempted to enter your system or you received a trojan or other virus, you may never know, so why let it bother you, I have encountered so many problems on my computer as I do so much on it, that I spend half my time fixing it, and the problems I encounter.

Why use 2 firewalls, why use any at all.

I surf the net, I download things endlessly, I download programs to try new ones out all the time from everywhere, I get countless email, I maintain 2 websites, so much here its crazy, chat programs, etc.

I have found the best safe guards to be, no firewall, it seems that firewalls these days, show hackers, you may have something worth hiding, is all I can figure, ever since I went firewall free, I have hardly any problems to speak of or at least ones my Spyware and anti virus progs, can't solve, so no more firewalls for me.

And why do you need SP2, I tried it and it caused nothing but problems.

I too have heard some people say "dont use a firewall",especially Windows Firewall,which is activated automatically with Service Pack 2.According to certain 'techie' friends of mine it is,to use their words "crap!",as it only protects incoming data and not outgoing.For this reason,and for many years I have been using Zone Alarm.Not to use any firewall is just asking for trouble.Dont do it.

As for Spybot and the DSO exploit,go to http://www.majorgeeks.com/downloads31.html and download the Spybot exploit patch.It is towards the bottom of the page.

You should be bothered if a virus,nasty,or hacker has tried to comprise your hard cash saved PC.Leaving your system open to chance is like leaving your front and back doors open for anyone to exploit.Keep your system up to date at all times.

I have things to hide from hackers such as my music downloads,holiday pictures,family media,and my personal mail contacts.

Nez.

My most sincere apologies, but for the benefit of any readers, I'm going to have to tear this one apart. Please don't take it personally. :)

Quote:

Originally Posted by Wendy225

Its obvious that the dos exploit had a hand in the problem if that's what you found,

No. The DSO exploit is not responsible for this unless it has been _exploited_ by something else. As we have stated many times before, even when spybot detects this vulnerability (that's what it is, not malware), it does not mean the system is vulnerable, because it was patched by Microsoft a long time ago.

Quote:

And also, perhaps a hacker attempted to enter your system or you received a trojan or other virus, you may never know, so why let it bother you,

Excuse me? If someone had broken into my house and went through my belongings, I'd be pissed. This situation is no different, in many ways it is _literally_ the same.

Quote:

I have encountered so many problems on my computer as I do so much on it, that I spend half my time fixing it, and the problems I encounter.

Have you considered this might be a consequence of your consciously oblivious attitude toward network security?

Quote:

Why use 2 firewalls, why use any at all.

The idea of a packet filter is to filter packets. Hence the name. If someone tries to exploit a vulnerable service running on your machine, and your firewall just drops their incoming packets, they certainly aren't going to succeed.

Quote:

I surf the net, I download things endlessly, I download programs to try new ones out all the time from everywhere, I get countless email, I maintain 2 websites, so much here its crazy, chat programs, etc.

Yeah, but you may never know, so why let it bother you?

For all you know, you could be running a compromised machine that is serving pirate copies of Windows Server on IRC.

Quote:

I have found the best safe guards to be, no firewall, it seems that firewalls these days, show hackers, you may have something worth hiding, is all I can figure,

You're on crack. Not running a firewall on a home network shows "hackers" (read: crackers) that you are _ignorant_ and therefore a very good target.
Granted, there are reasons for not running a firewall, but in a home network case I can't think of one.

Quote:

Ever since I went firewall free, I have hardly any problems to speak of or at least ones my Spyware and anti virus progs, can't solve, so no more firewalls for me.

Hey! What a great idea! Instead of blocking the virus with a firewall, let's just allow it to compromise our network and get rid of it later!

:)
~psi42