DSO Exploit

Discussion in 'Computer Support' started by Ken Doughty, Nov 14, 2004.

  1. Ken Doughty

    Ken Doughty Guest

    Hi - this particular nasty is a well known one and on my machine
    re-appears immediately. Some months ago I looked at solutions posted on
    the web and was put off by the blurred instructions for Registry
    changes.
    I would also appreciate any info on this.

    Thanks


    In message <DcNld.7951$>, Gerald
    <> writes
    >I use Spybot search and destroy v.1.0, and it found 5 DSO exploit entries.
    >they are all data source object exploits, registry changes, and the problem
    >starts with hkey_users\s-1-5-18..., hkey_users\s-1-5-19...;
    >hkey_users\s-1-5-21...; hkey_users\s-1-5-20...; and hkey_users\default...
    >they all have to do with internet settings as well. is it safe to delete
    >them? sorry if its too much or too little information, it is the first time
    >I've ever posted on a newsgroup.
    >
    >thanks!
    >
    >


    --
    Ken
     
    Ken Doughty, Nov 14, 2004
    #1
    1. Advertising

  2. Ken Doughty

    Toolman Tim Guest

    It isn't really an issue - I clipped the following from Spybot's FAQs:

    Why does DSO Exploit return?
    DSO-Exploit is a security gap in Internet Explorer, Outlook and Outlook
    Express. Microsoft did already close this gap with security updates, so with
    current Windows updates and patches installed, it will no longer be a threat
    to your system.
    Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for
    good, it will unfortunately again set an invalid value. Therefore it will
    again be found with every scan. This little bug in Spybot-S&D has already
    been repaired and the respective fix will soon be available as a program
    update.

    "Ken Doughty" <> wrote in message
    news:...
    | Hi - this particular nasty is a well known one and on my machine
    | re-appears immediately. Some months ago I looked at solutions posted on
    | the web and was put off by the blurred instructions for Registry
    | changes.
    | I would also appreciate any info on this.
    |
    | Thanks
    |
    |
    | In message <DcNld.7951$>, Gerald
    | <> writes
    | >I use Spybot search and destroy v.1.0, and it found 5 DSO exploit
    entries.
    | >they are all data source object exploits, registry changes, and the
    problem
    | >starts with hkey_users\s-1-5-18..., hkey_users\s-1-5-19...;
    | >hkey_users\s-1-5-21...; hkey_users\s-1-5-20...; and hkey_users\default...
    | >they all have to do with internet settings as well. is it safe to delete
    | >them? sorry if its too much or too little information, it is the first
    time
    | >I've ever posted on a newsgroup.
    | >
    | >thanks!
    | >
    | >
    |
    | --
    | Ken
    |
    |
     
    Toolman Tim, Nov 14, 2004
    #2
    1. Advertising

  3. Ken Doughty

    Gerald Guest

    I use Spybot search and destroy v.1.0, and it found 5 DSO exploit entries.
    they are all data source object exploits, registry changes, and the problem
    starts with hkey_users\s-1-5-18..., hkey_users\s-1-5-19...;
    hkey_users\s-1-5-21...; hkey_users\s-1-5-20...; and hkey_users\default...
    they all have to do with internet settings as well. is it safe to delete
    them? sorry if its too much or too little information, it is the first time
    I've ever posted on a newsgroup.

    thanks!
     
    Gerald, Nov 14, 2004
    #3
  4. Ken Doughty

    PJB Guest

    "Gerald" <> wrote in message
    news:DcNld.7951$...
    > I use Spybot search and destroy v.1.0, and it found 5 DSO exploit entries.
    > they are all data source object exploits, registry changes, and the

    problem
    > starts with hkey_users\s-1-5-18..., hkey_users\s-1-5-19...;
    > hkey_users\s-1-5-21...; hkey_users\s-1-5-20...; and hkey_users\default...
    > they all have to do with internet settings as well. is it safe to delete
    > them? sorry if its too much or too little information, it is the first

    time
    > I've ever posted on a newsgroup.


    I think it's a bug in S & D's detection routines, since I get the same 5 DSO
    entries. They appear every time the prog runs.

    Wouldn't worry about it..

    P.
     
    PJB, Nov 14, 2004
    #4
  5. Ken Doughty

    Scraggy Guest

    Gerald wrote:
    > I use Spybot search and destroy v.1.0, and it found 5 DSO exploit
    > entries. they are all data source object exploits, registry changes,
    > and the problem starts with hkey_users\s-1-5-18...,
    > hkey_users\s-1-5-19...; hkey_users\s-1-5-21...;
    > hkey_users\s-1-5-20...; and hkey_users\default... they all have to do
    > with internet settings as well. is it safe to delete them? sorry if
    > its too much or too little information, it is the first time I've
    > ever posted on a newsgroup.
    >
    > thanks!


    First thing you should do is update to version 1.3 and THEN update that.
    --
    The right to bear arms is slightly less ludicrous than the right to
    arm bears. -- Chris Addison
     
    Scraggy, Nov 14, 2004
    #5
  6. Ken Doughty

    PJB Guest

    "Scraggy" <> wrote in message
    news:...
    > Gerald wrote:
    > > I use Spybot search and destroy v.1.0, and it found 5 DSO exploit
    > > entries. they are all data source object exploits, registry changes,
    > > and the problem starts with hkey_users\s-1-5-18...,
    > > hkey_users\s-1-5-19...; hkey_users\s-1-5-21...;
    > > hkey_users\s-1-5-20...; and hkey_users\default... they all have to do
    > > with internet settings as well. is it safe to delete them? sorry if
    > > its too much or too little information, it is the first time I've
    > > ever posted on a newsgroup.
    > >
    > > thanks!

    >
    > First thing you should do is update to version 1.3 and THEN update that.


    Bin there, done that, makes no difference, for me at least ;-)

    P.
     
    PJB, Nov 14, 2004
    #6
  7. Ken Doughty

    °Mike° Guest

    The DSO exploit issue was due to a bug in SpyBot S&D,
    which has recently been fixed. Update to the latest
    version (1.3.1).


    On Sun, 14 Nov 2004 12:10:44 -0800, in
    <DcNld.7951$>
    Gerald scrawled:

    >I use Spybot search and destroy v.1.0, and it found 5 DSO exploit entries.
    >they are all data source object exploits, registry changes, and the problem
    >starts with hkey_users\s-1-5-18..., hkey_users\s-1-5-19...;
    >hkey_users\s-1-5-21...; hkey_users\s-1-5-20...; and hkey_users\default...
    >they all have to do with internet settings as well. is it safe to delete
    >them? sorry if its too much or too little information, it is the first time
    >I've ever posted on a newsgroup.
    >
    >thanks!
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Nov 14, 2004
    #7
  8. Ken Doughty

    Gary Danaher Guest

    Search the web and you'll find instructions on how to manually edit the
    registry after running Search and Destroy. There are some registry
    entries which need to be deleted. I fixed mine some time ago. The
    current version of s&d still doesn't fix the problem,. but I recall
    reading tht version 1.3.1 will do the job. In the mean time, this might
    not be a big problem. Look for the other nasties to clean.

    Gerald wrote:
    > I use Spybot search and destroy v.1.0, and it found 5 DSO exploit entries.
    > they are all data source object exploits, registry changes, and the problem
    > starts with hkey_users\s-1-5-18..., hkey_users\s-1-5-19...;
    > hkey_users\s-1-5-21...; hkey_users\s-1-5-20...; and hkey_users\default...
    > they all have to do with internet settings as well. is it safe to delete
    > them? sorry if its too much or too little information, it is the first time
    > I've ever posted on a newsgroup.
    >
    > thanks!
    >
    >
     
    Gary Danaher, Nov 14, 2004
    #8
  9. Howdy!

    "Scraggy" <> wrote in message
    news:...
    > Gerald wrote:
    > > I use Spybot search and destroy v.1.0, and it found 5 DSO exploit
    > > entries. they are all data source object exploits, registry changes,
    > > and the problem starts with hkey_users\s-1-5-18...,
    > > hkey_users\s-1-5-19...; hkey_users\s-1-5-21...;
    > > hkey_users\s-1-5-20...; and hkey_users\default... they all have to do
    > > with internet settings as well. is it safe to delete them? sorry if
    > > its too much or too little information, it is the first time I've
    > > ever posted on a newsgroup.
    > >
    > > thanks!

    >
    > First thing you should do is update to version 1.3 and THEN update that.


    Actually, version 1.3.1TX ...

    One link is at http://www.majorgeeks.com/download4392.html .

    Download and install SpyBot S&D 1.3 - then, before you run it,
    install the 1.3.1TX updater.

    Problem with DSO Exploit fixed!

    RwP
     
    Ralph W. Phillips, Nov 15, 2004
    #9
  10. Ken Doughty

    Ken Doughty Guest

    Hi - I appreciate all the info and I was already at v. 1.3 so I will
    download the DSO fix.

    Thanks

    Ken Doughty

    In message <4197f8e0_1@127.0.0.1>, Ralph W. Phillips <>
    writes
    >Howdy!
    >
    >"Scraggy" <> wrote in message
    >news:...
    >> Gerald wrote:
    >> > I use Spybot search and destroy v.1.0, and it found 5 DSO exploit
    >> > entries. they are all data source object exploits, registry changes,
    >> > and the problem starts with hkey_users\s-1-5-18...,
    >> > hkey_users\s-1-5-19...; hkey_users\s-1-5-21...;
    >> > hkey_users\s-1-5-20...; and hkey_users\default... they all have to do
    >> > with internet settings as well. is it safe to delete them? sorry if
    >> > its too much or too little information, it is the first time I've
    >> > ever posted on a newsgroup.
    >> >
    >> > thanks!

    >>
    >> First thing you should do is update to version 1.3 and THEN update that.

    >
    > Actually, version 1.3.1TX ...
    >
    > One link is at http://www.majorgeeks.com/download4392.html .
    >
    > Download and install SpyBot S&D 1.3 - then, before you run it,
    >install the 1.3.1TX updater.
    >
    > Problem with DSO Exploit fixed!
    >
    > RwP
    >
    >


    --
    Ken
     
    Ken Doughty, Nov 15, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. EricP

    DSO Exploit terror!!

    EricP, Aug 5, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    518
    °Mike°
    Aug 5, 2004
  2. joevan

    DSO Exploit

    joevan, Aug 10, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    534
    Bob B
    Aug 10, 2004
  3. bernard montgomery

    DSO Exploit???

    bernard montgomery, Aug 21, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    513
  4. News

    What is DSO Exploit.

    News, Aug 24, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    759
  5. William Matthewson

    DSO Exploit

    William Matthewson, Oct 30, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    586
    °Mike°
    Oct 30, 2004
Loading...

Share This Page