 |
|
| Browse | Ask | Answer | Search | Join/Login |
|
|
||||
|
Dso Exploit
Using Spybot Search & Destroy look for the DSO Exploit and then:
1) First, click the DSO Exploit Fix. 2) Disconnect your internet connection 3) Reboot your computer the standard way 4) Run Spy bot 5) Enter the registry by clicking on the start menu, then run, type regedit and choose OK 6) Now locate each one of the registy entries that Spy Bot said it found the DSO exploit in. 7) Rename the 1004 files to 1003 then exit regedit 8) Shut down your computer 9) Reconnect your internet connection 10)Restart your computer 11)Run Spy Bot again to verify the DSO Exploit has been removed |
||||
|
||||
|
DSO Exploit Alicka Alota a lot a cred
:) Wot's the problem and I am no techie?
I have just reinstalled my W2K Pro et al - 5hrs lateredi! - had trouble going online and found DSO Exploit when I ran SpyBot. Scoured web, found this erudite site, read all of 12 months worth of postings, did what Alicka Alota advised... :p Flash, bang, wallop - I'm a photographer! - problem solved. Checked with SpyBot and been on/off line 10 times to make sure it was OK. ;) She knows what she's talking about - for some reason the thread it came up in was DSO- Porn- casino- *Someone pls help - and if you follow her destructions faithfully, you won't go wrong. Remember to do the regedit clearout for each user on the machine! Fortunately, I only had 2 to contend with. Something tells me that Alicka said her destructions are for W2K only but the idea is the same for other OSs.. :confused: How DSO got in beats me as all MS SPs for everything were loaded but I suppose it doesn't take much of a loophole for these little mites to sneak in.. Jesus H. Christ, how do these people know all this ess aitch one tee, anyhow.. BIG thanks to Alicka, Petrujczech. |
||||
|
||||
|
DSO Exploit - The saga continues
:confused: I recently solved this problem by following the recommendations made by Alicka Alota and all is well, SpyBot scans clear. I have been trawling through previously missed items and found a suggestion made by the Moderator, to a "kat555lady" posting of 16 April 2004, leading to a PC Hell site for resolution; www.pchell.com/support/dsoexploit.shtm.
:eek: In addition to the 2 registry locations listed by Alicka, I found a third one at HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current Version/Internet Settings/Zones-0, -1, -2, -3, -4. All zones have a file 1004. :( The PC Hell advice is at variance with Alicka's. Can they both be correct? Does the third location found by me need modifying? :) Suggestions appreciated; I have a copy of the original Registry. Cheers, Petrujczech. |
||||
|
||||
 Originally Posted by Petrujczech
If Spybot doesn't pick it up, either the value is set to 3 already, or you found a bug in spybot. Either way, it essentially doesn't matter what you do, because as long as you are current with your MS patches, this exploit will be patched on your system. |
||||
|
||||
|
DSO Exploit - The saga continues
Hallo psi42.
:) Thanks for info. I am not 100% savvy on computers let alone Registry matters. I follow the premise of what one fool can do, so can another... I have yet to understand the mysteries of the Registry and why it can create such mayhem. Is the file "value" you mention, the same item as the "Data", please? The Zone 1004 file "Data" in the location listed to-day, are as follows: Zone 0 0x00000000 (0) Zone 1 0x00000003 (3) Zone 2 0x00000001 (1) Zone 3 0x00000003 (3) Zone 4 0x00000003 (3) What does it mean, please? Cheers. |
||||
|
||||
|
DSO Exploit - Live & learn
:o OK, now I know what a Registry "Value" file is, having scanned the Registry and found 32 assorted file values 1004! I assume that they cannot all be trouble.
:confused: Question 1/. What is "DSO Exploit" and what is it exploiting? In fact, what is one looking for? Question 2/. In addition to the 10 deleted 1004 REG_DWORD files as advised by Alicka, my Registry contains a further 11 similar, on one User Profile alone. That is they are all linked variously to Internet Settings/Zones. Do these need to be deleted? My OS is W2K Pro, with SpyBot and SpyBlaster and everything is updated regularly. Any ideas anyone, please? |
||||
|
||||
|
DSO Exploit
Hi,
Cellarius's answer WORKS! In more wording, here is how to get rid of it: The following editing the Registry is the ONLY way to get rid of DSO Exploit. Be VERY CAREFUL when editing the Registry; your computer might not re-boot. So first, shut down the computer, then turn it back on. Windows will back up your registry for you. 1. Run the SpyBot scan as usual. 2. When finished, left click on the + sign to the left of DSO Exploit, to expand it. There may be more than one listing of pathways. If you have more than one listing, you will have to do the same below for each separately. 3. Left click on one of the "Data Source Object Exploit" to highlight it. Then write down the full path; such as, HKEY_Users/Default/Software/Microsoft/Windows/Current Version/Internet Settings/Zones/O/1004, etc. 4. Right click anywhere on the highlighted area, and Left click on "More Details", then on "Jump to Locations". This takes you to the Registry. 5. Now, keep Left clicking on the + signs to the left of the pathway folders, until you get to the folder 0. 6. Left click on the folder 0, to highlight it. 7. On the right hand side, look for 1004 under the heading "Name", and Left click on 1004 to highlight it. 8. Right click on the highlighted area, and Left click on "Delete", then on "Yes". 9. At the top, Left click on Registry, and Exit. 10. Re-boot. The DSO Exploit should now be gone. Run SpyBot again to prove it to yourself! Best wishes, fredg PS; The DSO Exploit is a flaw in Internet Explorer 6; it allows advertising to run from and to your computer. If you downloaded the Cumulative Security Patch for IE, it will take care of it. OR, you can use the method above. |
||||
|
||||
|
Ys, Ihave found a way to patch that DSO exploit. Here's what you need to do and this works.
1. Download a program called DSO Stop - url to follow 2. Install program, this only patches but will not get rid of exploit. 3. Download Spybot update v1.3TX 4. Install v1.3TX 5. Run Spybot - DSO will show after 14,000 items scanned but only 4 items 6. Run Spybot 1 more time 7. It will fix all DSO items after 3rd scan. This works, I have done it 27 times on different PC's and the Exploit does not come back. e-mail me if you want if you have any question or can not find the downloads. [B]When this works pass it around. ebyte |
||||
|
||||
|
Whew long thread. I found my fix by combining Clueless's Post #65 and GTX Post #71. (I needed step by step all the way) :D
Needless to say I pursued a lot of junk along the way. It would help if someone would pick the correct fix, eliminate all the continued chatter and just post the fix and close the thread. I noticed that the are threads in other forums going down the same road as well. :eek: A big thank you to Clueless and GTX Slotcar. Along the way I found MS-AntiSpyware Beta 1 anyone running Windows should look at this, it is rich in features and seems to roll up all the small utilities into one. Download free at MS downloads. I find it works great on my machine. However it does not remove the existing DSO Exploit, I would think this is because MS plugged that particular hole and it just ignores it. It did find several cases of spyware that the latest versions of Spybot, AD-Aware and CWshedder did not. Nuf Said, Thanks to All JohnD :D |
||||
|
||||
|
MS-AntiSpyware Beta1 & Spybot Search & Destroy
:eek: Whoops my apologies. A search engine threw me in somewhere in the miiddle of an older forum page actually, that thread ended in July/04 it had 13 pages it has grown to 24?
It would be interesting to know if MS-Spyware would remove the ESO Exploit on a machine that had not been tampered with other utilities like Spybot or suchlike. :) Hi All, Ran MS Spyware and then Spybot Search and Destroy on another computer. Ran MS Spyware: It cleaned up a bunch of spyware but did not report DSO Exploit Ran Spybot S&D: Found 24 instances of Spyware that MS Spyware missed and reported 5 DSO Exploit instances. So MS spyware does not report or remove DSO Exploit. Also given the reverse order of running the Antispyware programs and they both found spyware that each had missed, although Spybot found more than MS(lets also bear in mind that it was 2 computers that could have had different spyware in them) I for one will run more than one spyware program on my computers. Regards, JohnD |
||||
|
||||
|
Originally Posted by fredg
Hallo fredg. :) Thanks for the info but I have already removed DSO Exploit via the Alicka Alota route as stated in in my previous posting on 17 January. SpyBot is clear. :confused: Being curious, I scanned the Registry again and came up with the results listed in subsequent postings. The machine runs OK, I simply wondered what the significance of these findings was if any and if someone was able to throw any light on them. :cool: I am running W2K Pro, SpyBot and SpyBlaster along with McAfee ViruScan and Firewall; everything is fully updated, regularly. Cheers and thanks again. |
||||
|
||||
|
This freeware works!!
The free ware at http://www.nsclean.com/dsostop.html DOES work! Use it
|
||||
|
||||
|
Know your windows processes
http://www.answersthatwork.com/Taskl...s/tasklist.htm <-------List all windows processes for Windows 95/98/ME/NT4/2000/XP/2003
I don't know if ti's appropriate for this thread, but I feel more complete being able to look up processes. |
||||
|
||||
|
DSO Exploit
Whiskey14
Junior Expert wrote: By all means, let Spybot get rid of it for you, you don't want it on the computer. Have you seen a web page with a name like CoolSearch, or somethng similar? If yes, you will want to download CWShredder from: My question is this. Every time I run Spybot it detects DSO Exploit with 5 entries. I tell Spybot to fix it. Spybot tells me it is fixed. When I run it again, the same thing happens. I'm leery about changing registry. I have Windows XP and the Windows XP Service Pack 2. Do I need to be anymore updated than that. Can I just ignore the DSO Exploit? Thanks! Robert |
||||
|
||||
|
DSO Exploit
Originally Posted by psi42
Yes, I am updated enough, or yes, I can ignore the DSO threats, or both? I have told Spybot to ignore it. I did run the DSO Stop software you or someone mentioned, and it fized one of the five DSO threats, and one non DSO threat, but it wouldn't do anything to the other 4 DSO's. I told Spybot to just ignore them, but when I ran it again, they showed up, the remaining 4. Anyway, I do use FireFox, and since have mabe one or 2 spyware found during a scan as opposed to literally hundreds when I was using IE. Things seem to be fine. Thanks, Robert |
||||
|
||||
|
Dso exploit
Hi,
Here are steps for getting rid of the DSO Exploit. This Exploit is part of Internet Explorer that allows advertising signals to be sent back and forth to your computer. The following editing the Registry is the ONLY way to get rid of DSO Exploit. Be VERY CAREFUL when editing the Registry; your computer might not re-boot. So first, shut down the computer, then turn it back on. Windows will back up your registry for you. 1. Run the SpyBot scan as usual. 2. When finished, left click on the + sign to the left of DSO Exploit, to expand it. There may be more than one listing of pathways. If you have more than one listing, you will have to do the same below for each separately. 3. Left click on one of the "Data Source Object Exploit" to highlight it. Then write down the full path; such as, HKEY_Users/Default/Software/Microsoft/Windows/Current Version/Internet Settings/Zones/O/1004, etc. 4. Right click anywhere on the highlighted area, and Left click on "More Details", then on "Jump to Locations". This takes you to the Registry. 5. Now, keep Left clicking on the + signs to the left of the pathway folders, until you get to the folder 0. 6. Left click on the folder 0, to highlight it. 7. On the right hand side, look for 1004 under the heading "Name", and Left click on 1004 to highlight it. 8. Right click on the highlighted area, and Left click on "Delete", then on "Yes". 9. At the top, Left click on Registry, and Exit. 10. Re-boot. The DSO Exploit should now be gone. Run SpyBot again to prove it to yourself! Best wishes, fredg |
||||
Not your question?
Ask your question
View similar questions
| Question Tools | Search this Question |
Add your answer here.
Check out some similar questions!
DSO Exploit
[ 6 Answers ]
My computer (XP) switched off automatically. After running spypot; I found out the computer was infected by DSO Exploit. I treid all kind off salutions but without any succes. At last I decided to run the recoverydisc. During recovery the PC allso keeps switching of. Now my PC cannot run XP...
DSO Exploit
[ 6 Answers ]
Since a few month my computer (XP homeedition) switches of power unexpectely. Especially when info is transferred from one to another place. Like editing films, watching DVD etc. After running Spybot I found out the PC is infected with DSO Exploit. I treid allmost everything but the PC kept...
DOS Exploit
[ 10 Answers ]
I ran spybot and came up with DOS exploit. I've tried a few of the tips previous users gave but it is still showing up. I have the CWShredder but I have no idea what to do with it. The computer guys at my school installed all these items and didn't explain what they do. I don't want to do...
View more questions Search
|
