First I would like to say, after a week vaction it sure feels good to be back.

I ran Sypbot on my new compter and it found this: DSO Exploit: Data source object exploit (Registry change)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3


I have no idea what this is. Any one know? By the way it's a dell.

-{ Quote: " quoting: notageek link=board=20;threadid=7562;start=0#49781 date=1046228376]
First I would like to say, after a week vaction it sure feels good to be back.

I ran Sypbot on my new compter and it found this: DSO Exploit: Data source object exploit (Registry change)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3


I have no idea what this is. Any one know? By the way it's a dell.
" }-

Hey notageek,

Welcome back.

I too came up with the DSO exploit while running Spybot a while ago.

I assumed it had something to do with what is written about here by Greymagic. (http://security.greymagic.com/adv/gm001-ie/)

When I ran greymagic's test on their page which explains the exploit, whatever was supposed to happen - did not happen. Not sure if it was because of the change made by SS&D or my proxo settings...

Looks like it was proxo picking it off initially - I see a selected classid lighting up

proxo was killing some pretty interesting stuff on that test, also noticed when I lighten up on proxo settings, my AV picks off a bug, I'm sure if I let the bug go maybe the SS&D change would plug the gap, maybe not so just in case think I'll download & run DSO stop just to be sure.

whatever the exploit, it was not able to execute on my pc ;)

also check here:

http://www.nsclean.com/dsostop.html

& here:

http://www.wilders.org/securing_your_pc.htm

Thanks Peakaboo.

Hey Peakaboo do you know if Proxo works with WinXP?

-{ Quote: " quoting: peakaboo link=board=20;threadid=7562;start=0#49793 date=1046232439]

... I too came up with the DSO exploit while running Spybot a while ago.

I assumed it had something to do with what is written about here by Greymagic. (http://security.greymagic.com/adv/gm001-ie/)
" }-

Looks like this was not a good assumption.

-{ Quote: "
Looks like it was proxo picking it off initially - I see a selected classid lighting up

... also noticed when I lighten up on proxo settings, my AV picks off a bug,

... just in case think I'll download & run DSO stop just to be sure.

" }-

Glad I ran DSO stop as my pc was still vulnerable but for proxo picking off the test stuff.

After running DSO stop, I ran the test again with proxo bypassed. Great result, total defeat of this exploit. ;)

dwnld DSO stop here:

http://www.nsclean.com/dsostop.html

more info. here:

http://www.wilders.org/securing_your_pc.htm

notageek, I would think proxo would work with XP, I visited the proxo site and the author states:

"It works with most any browser (not just the big two)"

http://home.arcor.de/six/index.html

Thanks Peakaboo. I'll try Proxo with XP.