If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
DSO Exploit Registry change
I found in registry
HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected Exploit script and the hackers are going nuts trying to get me with viruses and trying to destroy my fire wall and anti virus program. I was able to stop it but I cant fix the registry. If anyone knows how please post. Thank You, CB |
Ads |
#2
|
|||
|
|||
DSO Exploit Registry change
Are you fully patched? Have you updated all *critical* Windows Updates?
wrote in message ... I found in registry HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected Exploit script and the hackers are going nuts trying to get me with viruses and trying to destroy my fire wall and anti virus program. I was able to stop it but I cant fix the registry. If anyone knows how please post. Thank You, CB |
#3
|
|||
|
|||
DSO Exploit Registry change
-----Original Message----- Are you fully patched? Have you updated all *critical* Windows Updates? wrote in message ... I found in registry HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected Exploit script and the hackers are going nuts trying to get me with viruses and trying to destroy my fire wall and anti virus program. I was able to stop it but I cant fix the registry. If anyone knows how please post. Thank You, CB .I have all updates and xp sp2. But it do not help it I need to find something that will fix the registry back to the correct settings and get rid of the Exploit. I stop it from sending out info to the net but its sill changing other reg. files. CB |
#4
|
|||
|
|||
DSO Exploit Registry change
Can someone pls help-
I am using Spybot software/XP SP2 and keep getting following : DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1417001 etc etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1417001 etc etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3 Appreciate any advice how to fix.... Brgds MF ------------------------------------ " wrote: -----Original Message----- Are you fully patched? Have you updated all *critical* Windows Updates? wrote in message ... I found in registry HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected Exploit script and the hackers are going nuts trying to get me with viruses and trying to destroy my fire wall and anti virus program. I was able to stop it but I cant fix the registry. If anyone knows how please post. Thank You, CB .I have all updates and xp sp2. But it do not help it I need to find something that will fix the registry back to the correct settings and get rid of the Exploit. I stop it from sending out info to the net but its sill changing other reg. files. CB |
#5
|
|||
|
|||
DSO Exploit Registry change
It is a known error in Spybot and will be fixed soon...right click the
result and tell SB to ignore in future. See: http://www.safer-networking.org/en/faq/36.html -- Peter. Toronto, Canada. XP Home SP2. P4 Dual HT @ 3.0ghz, 160gb HD, 1.0gb DDR. "MF" wrote in message ... Can someone pls help- I am using Spybot software/XP SP2 and keep getting following : DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1417001 etc etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1417001 etc etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3 Appreciate any advice how to fix.... Brgds MF ------------------------------------ " wrote: -----Original Message----- Are you fully patched? Have you updated all *critical* Windows Updates? wrote in message ... I found in registry HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected Exploit script and the hackers are going nuts trying to get me with viruses and trying to destroy my fire wall and anti virus program. I was able to stop it but I cant fix the registry. If anyone knows how please post. Thank You, CB .I have all updates and xp sp2. But it do not help it I need to find something that will fix the registry back to the correct settings and get rid of the Exploit. I stop it from sending out info to the net but its sill changing other reg. files. CB |
#6
|
|||
|
|||
DSO Exploit Registry change
MF wrote:
Can someone pls help- I am using Spybot software/XP SP2 and keep getting following : DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1417001 etc etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-1417001 etc etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3 Appreciate any advice how to fix.... Brgds MF ------------------------------------ Other SpyBot S&D, there's really nothing to "fix." The DSO exploit was patched long ago by IE Cumulative Update MS02-015, in March of 2002. If you've installed this specific patch, or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP SP2, you're safe. It would appear that the latest version of SpyBot S&D is only checking for Internet zone settings in the registry that could be used as work-around protection, and not for the presence of any corrective patches. Hopefully, the makers of SpyBot will soon fix this bug. MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer http://support.microsoft.com/default...b;EN-US;319182 If you like, you can test your system for this particular vulnerability at this web site: http://www.grey.com/security/advisories/gm001-ie/ The makers of SpyBot S&D have acknowledged the problem and will fix it on their next update: http://www.safer-networking.org/inde...il=currentfaqs In the meantime, in SpyBot S&D, click Mode Advanced Settings Ignore Products Security DSO Exploit, to turn off the false alarm. Some people have reported that the SpyBot Detection rules dated 30 Aug 04, or newer, when used with SpyBot S&D 1.3, will fix this problem. However, I've had inconsistent results with that particular detection update; sometimes it reads clean, then later it will once again find the DSO problem, and then it will read clean again, all on the same machine, with no other changes made. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH |
#7
|
|||
|
|||
DSO Exploit Registry change
Hi,
I had the DSO exploit problem. I was up to date with my windows update. Spybot was still able to detect DSO Exploit, even after fixing the problem with spybot and rebooting. Someone told me to remove the problematic entry in the registry and I did it. Now it seems that internet explorer is unsafe for some sites. How could I put back the entry with the registry editor and what is the correct reading of it? Thank you |
#8
|
|||
|
|||
DSO Exploit Registry change
DSO-Exploit was a security issue in Internet Explorer, Outlook
and Outlook Express. Microsoft has already corrected this issue with security updates, so with current Windows updates and patches installed, it will no longer be a threat to your system. Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for good, it will unfortunately again set an invalid value. Therefore it will again be found with every scan. This little "bug in Spybot-S&D" has already been repaired and the respective fix will soon be available as a program update. Why does DSO Exploit return? http://www.safer-networking.org/en/faq/36.html -- Carey Frisch Microsoft MVP Windows XP - Shell/User Microsoft Newsgroups Be Smart! Protect Your PC! http://www.microsoft.com/athome/secu...t/default.mspx ------------------------------------------------------------------------------ "Olivier" wrote: | Hi, | I had the DSO exploit problem. I was up to date with my windows update. | Spybot was still able to detect DSO Exploit, even after fixing the problem | with spybot and rebooting. Someone told me to remove the problematic entry in | the registry and I did it. Now it seems that internet explorer is unsafe for | some sites. How could I put back the entry with the registry editor and what | is the correct reading of it? | Thank you |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Registry cleaner | Just Me | General XP issues or comments | 21 | December 14th 04 01:31 AM |
WINDOWS XP Professional Registry permission change - Problem please help | Chavan Koya | General XP issues or comments | 1 | August 2nd 04 08:11 PM |
Can't get to registry and some explorer settings | William Lugg | General XP issues or comments | 1 | August 2nd 04 07:06 AM |
Registry problem | Herschel Hochman | General XP issues or comments | 1 | July 20th 04 09:47 PM |