Does anyone know what this is (a spybot s&d finding)

Discussion in 'other anti-malware software' started by notageek, Feb 25, 2003.

Thread Status:
Not open for further replies.
  1. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    First I would like to say, after a week vaction it sure feels good to be back.

    I ran Sypbot on my new compter and it found this: DSO Exploit: Data source object exploit (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3


    I have no idea what this is. Any one know? By the way it's a dell.
     
  2. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hey notageek,

    Welcome back.

    I too came up with the DSO exploit while running Spybot a while ago.

    I assumed it had something to do with what is written about here by Greymagic.

    When I ran greymagic's test on their page which explains the exploit, whatever was supposed to happen - did not happen. Not sure if it was because of the change made by SS&D or my proxo settings...

    Looks like it was proxo picking it off initially - I see a selected classid lighting up

    proxo was killing some pretty interesting stuff on that test, also noticed when I lighten up on proxo settings, my AV picks off a bug, I'm sure if I let the bug go maybe the SS&D change would plug the gap, maybe not so just in case think I'll download & run DSO stop just to be sure.

    whatever the exploit, it was not able to execute on my pc ;)

    also check here:

    http://www.nsclean.com/dsostop.html

    & here:

    http://www.wilders.org/securing_your_pc.htm
     
  3. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks Peakaboo.

    Hey Peakaboo do you know if Proxo works with WinXP?
     
  4. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Looks like this was not a good assumption.

    Glad I ran DSO stop as my pc was still vulnerable but for proxo picking off the test stuff.

    After running DSO stop, I ran the test again with proxo bypassed. Great result, total defeat of this exploit. ;)

    dwnld DSO stop here:

    http://www.nsclean.com/dsostop.html

    more info. here:

    http://www.wilders.org/securing_your_pc.htm

    notageek, I would think proxo would work with XP, I visited the proxo site and the author states:

    "It works with most any browser (not just the big two)"

    http://home.arcor.de/six/index.html
     
  5. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks Peakaboo. I'll try Proxo with XP.
     
Loading...
Thread Status:
Not open for further replies.