January 31st, 2005, 07:46 PM
Spybot and the DSO_Exploit..
Hi all!!! Its been along time since my last aparition. I was having all sort of problems, and finaly i decided it would be best to put some money aside and buy another box for a proper linux/testing machine, leaving the actual XP for work, cause yes, were still M$ slaves in one or other way .
Also i must ad that i was really sad for some lame dude has caught my nick "Owmen" and its been using it in other forums (not related with OS/Security etc.. but with emulation) and doing some very lame activities and recking my nick completly :/, a guy leaves the net for a while and surprises come downhill like Giant Snowballs! well..i wont change my nick over some stupid lame romkiddie.
Well, i spent the last couple hours reading some posts and trying to catch up the most important things, and i tought for my first time, to make a litle post that is not a "help-me please" one but a "here is something i hope is usefull to anyone"..now lets leave the crap behind and go for it.
The DSO_Expoit "issue" when people run a scan with Spyboot.
Iv been asked by some friends, whats rong with Spyboot? or what else can they do about the "issue" cause "they did everything possible" and still it appears over and over again even when they choose to "fix the problem".
First let me say, that this is not a problem with Spyboot, but a security flaw with the I.E. The latest SP2 update for XP already corrects the flaw (just has the rest of the I.E updates for other M$ 9x OSīs should also do), because it changes the registry keys values to 3.
Well, it can also be done by you if you dont have afraid to mess around with the regedit.exe .
Take note of the registry keys that appear on the Spyboot final scan results, then go to Start/Run and type regedit. (i will place here the registry keys to make it easier for you to find)
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 REG_SZ
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 REG_SZ
- HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 REG_SZ
- HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 REG_SZ
- HKEY_USERS\S-1-5-21-1060284298-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 REG_SZ
All you have to do now is delete the key 1004 REG_SZ and add a new DWORD key (right mouse click, new/DWORD value) with the same name "1004" and typing 3 has it hexdacimal value.
Do it for all the above keys, and no longer the Spyboot will detect the DSO_Exploit. This will fix the security flaws.
Other than doing all this if you dont feel like doing all that at a time, you can simply let spyboot not to detect the DSO_Exploit by going to the Advanced Mode (inside the menu "mode") and select settings (on the left options bar) and inside that one choose "Ignore Products" and click on the Security mark and activate the DSO_Exploit option.
Later on if you do fix it, turn the option back on to let it detect other similar flaws.
There is also a free program that can do this for you, its the DSOstop2, you can get it here:
Download it and just click on "Protect Internet Explorer".
Hope this is usefull in some way to anyone.
Cheers to u all!!
January 31st, 2005, 08:11 PM
Spybot for whatever reason likes to point out the DSO exploits in MSIE. If you expand to get more info on these, the help refers you to a website where it's all explained more thoroughly. It's down a t the bottom if you scroll down past the MS links. I think the reason they do this is for those who can code for windows so they might code a fix...
You can see the site it refers you to here:
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
January 31st, 2005, 09:45 PM
How exactly does the DSO exploit work? It seems to be pretty popular. Every machine I've ever had to clean had DSO on it. I thought it was a spybot bug, but I had to make sure.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
January 31st, 2005, 09:49 PM
The DSO exploit in question is only a problem in Un-Patched windoze boxes.., the problem is that Spybot SnD dosent seem to be able to tell the difference between Fully patched and Un-patched
There is another Version of Spybot that does not have the DSO exploit problem.. it is a Beta release.. Spybot search and destroy V1.3 tx (this is a beta version V1.31tx )
try this link.. http://www.majorgeeks.com/download.php?det=4392
NOTE: I mean FULLY PATCHED when refering to it as a bug.. also with the non TX Version..as with any spyware removal prog, your best to always run the prog as ADMIN, otherwise most of your efforts will be wasted
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
January 31st, 2005, 09:58 PM
You can also upgrade to the most recent Beta version (1.4 Beta 2) by either setting you Updates to include Beta releases, or you can download it directly from Softpedia. This update also contains a number of other features such as cleaning up cookies, log files, MRUs, etc. much like Ad-aware SE does.