DSO Exploit Registry change

I found in registry
HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT
VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected
Exploit script and the hackers are going nuts trying to
get me with viruses and trying to destroy my fire wall and
anti virus program. I was able to stop it but I cant fix
the registry. If anyone knows how please post. Thank You,
CB

Are you fully patched? Have you updated all *critical* Windows Updates?

wrote in message
...
I found in registry
HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT
VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a detected
Exploit script and the hackers are going nuts trying to
get me with viruses and trying to destroy my fire wall and
anti virus program. I was able to stop it but I cant fix
the registry. If anyone knows how please post. Thank You,
CB

-----Original Message-----
Are you fully patched? Have you updated all *critical*
Windows Updates?

wrote in message
...
I found in registry
HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT
VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a
detected
Exploit script and the hackers are going nuts trying to
get me with viruses and trying to destroy my fire wall
and
anti virus program. I was able to stop it but I cant fix
the registry. If anyone knows how please post. Thank
You,
CB


.I have all updates and xp sp2. But it do not help it I
need to find something that will fix the registry
back to the correct settings and get rid of the Exploit.
I stop it from sending out info to the net but its sill
changing other reg. files. CB

Can someone pls help-
I am using Spybot software/XP SP2 and keep getting following :

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1417001 etc
etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1417001 etc
etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet
Settings\Zones\0\1004!=W=3

Appreciate any advice how to fix....
Brgds MF
------------------------------------


" wrote:


-----Original Message-----
Are you fully patched? Have you updated all *critical*
Windows Updates?

wrote in message
...
I found in registry
HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT
VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a
detected
Exploit script and the hackers are going nuts trying to
get me with viruses and trying to destroy my fire wall
and
anti virus program. I was able to stop it but I cant fix
the registry. If anyone knows how please post. Thank
You,
CB


.I have all updates and xp sp2. But it do not help it I
need to find something that will fix the registry
back to the correct settings and get rid of the Exploit.
I stop it from sending out info to the net but its sill
changing other reg. files. CB

It is a known error in Spybot and will be fixed soon...right click the
result and tell SB to ignore in future. See:
http://www.safer-networking.org/en/faq/36.html

--
Peter.
Toronto, Canada.
XP Home SP2.
P4 Dual HT @ 3.0ghz, 160gb HD, 1.0gb DDR.
"MF" wrote in message
...
Can someone pls help-
I am using Spybot software/XP SP2 and keep getting following :

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1417001 etc
etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1417001 etc
etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet
Settings\Zones\0\1004!=W=3

Appreciate any advice how to fix....
Brgds MF
------------------------------------


" wrote:


-----Original Message-----
Are you fully patched? Have you updated all *critical*
Windows Updates?

wrote in message
...
I found in registry
HKEY_USER\DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRE NT
VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3 as a
detected
Exploit script and the hackers are going nuts trying to
get me with viruses and trying to destroy my fire wall
and
anti virus program. I was able to stop it but I cant fix
the registry. If anyone knows how please post. Thank
You,
CB


.I have all updates and xp sp2. But it do not help it I
need to find something that will fix the registry
back to the correct settings and get rid of the Exploit.
I stop it from sending out info to the net but its sill
changing other reg. files. CB

MF wrote:
Can someone pls help-
I am using Spybot software/XP SP2 and keep getting following :

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1417001 etc
etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1417001 etc
etc\Software\Microsoft\Windows\CurrentVersion\Inte rnet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet
Settings\Zones\0\1004!=W=3

Appreciate any advice how to fix....
Brgds MF
------------------------------------



Other SpyBot S&D, there's really nothing to "fix."

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, IE Service Pack 1, or WinXP
SP2, you're safe. It would appear that the latest version of SpyBot
S&D is only checking for Internet zone settings in the registry that
could be used as work-around protection, and not for the presence of
any corrective patches. Hopefully, the makers of SpyBot will soon fix
this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default...b;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.grey.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/inde...il=currentfaqs

In the meantime, in SpyBot S&D, click Mode Advanced Settings
Ignore Products Security DSO Exploit, to turn off the false alarm.

Some people have reported that the SpyBot Detection rules dated 30
Aug 04, or newer, when used with SpyBot S&D 1.3, will fix this
problem. However, I've had inconsistent results with that particular
detection update; sometimes it reads clean, then later it will once
again find the DSO problem, and then it will read clean again, all on
the same machine, with no other changes made.



--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

Hi,
I had the DSO exploit problem. I was up to date with my windows update.
Spybot was still able to detect DSO Exploit, even after fixing the problem
with spybot and rebooting. Someone told me to remove the problematic entry in
the registry and I did it. Now it seems that internet explorer is unsafe for
some sites. How could I put back the entry with the registry editor and what
is the correct reading of it?
Thank you

DSO-Exploit was a security issue in Internet Explorer, Outlook
and Outlook Express. Microsoft has already corrected this issue
with security updates, so with current Windows updates and
patches installed, it will no longer be a threat to your system.

Spybot-S&D will still detect the DSO-Exploit, but instead of
fixing it for good, it will unfortunately again set an invalid value.
Therefore it will again be found with every scan.
This little "bug in Spybot-S&D" has already been repaired and the
respective fix will soon be available as a program update.

Why does DSO Exploit return?
http://www.safer-networking.org/en/faq/36.html

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/secu...t/default.mspx

------------------------------------------------------------------------------

"Olivier" wrote:

| Hi,
| I had the DSO exploit problem. I was up to date with my windows update.
| Spybot was still able to detect DSO Exploit, even after fixing the problem
| with spybot and rebooting. Someone told me to remove the problematic entry in
| the registry and I did it. Now it seems that internet explorer is unsafe for
| some sites. How could I put back the entry with the registry editor and what
| is the correct reading of it?
| Thank you