Spybot DSO Exploit bug is back....

Just to clarify this some... Apparantly a recent update of Spybot detections, when run in Spybot S&D v1.4, has reenabled the detection and repair of the registry setting associated with the DSO Expolit. At this time, Spybot 1.4 with current definitions will both detect and 'fix' the DSO Exploit if: 1. your version of Spybot is not set to ignore the DSO Exploit (which many people's are since that was for a long time the recommendation made to people - ie. set Spybot to ignore this detection), and 2. you actually have the registry setting on your system that triggers this detection.

When Spybot v1.3 came out, the most common question that was asked by people was: "Why is Spybot detecting "DSO Exploit" (usually several) on my system, and even when I tell it to fix it, it says it does but the next scan finds it again?" Well, the reason was that there was a bug in Spybot 1.3 that prevented it from applying the fix properly. That is fully documented in this Spybot/Net-Integration thread:

http://forums.net-integration.net/index.php?showtopic=15308

Later, a special version of Spybot 1.3 (called the TX version) did fix the bug in Spybot that prevented the program from properly fixing this when detected and instructed to fix it. Many people used that version and finally had the setting "fixed" on their system. (So, none of these people, those who successfully "fixed" it, will have it detect again unless they rebuild their Windows in a way that changes the involved setting again.)

With Spybot 1.4, they fixed the programs ability to "fix" this setting as well, but at some point the definitions used for Spybot disabled the detection of "DSO Exploit" altogether. I don't know exactly why they stopped detecting it. Now, they appear to have reenabled the detection again and since Spybot 1.4 can fix it, those people with the setting that triggers detection, who are using Spybot 1.4 with these defs, who aren't "ignoring" that detection... they can detect it fix it properly now.

Some images...

This is the registry key involved. Any value other then "3" in that one key will cause Spybot to "detect" what it calls "DSO Exploit".



If you want to play with this, then go into Spybot's File Sets menu, (you need to be in advanced mode under mode menu), and untick everything but Security. (Doing this means you can scan your system very fast, over and over, as you play with the DSO Exploit setting values, rather then having to wait as Spybot scans your system for every possible spyware detection.)



If you have Spybot 1.4 fix the DSO Exploit, it will change the value of that above key to this:



Notes: Be sure that you are using Spybot 1.4 with current definitions. Be sure that the Ignore list in Spybot is not set to Ignore DSO Exploit detection. If you go into regedit to play with this, take serious precautions as any manipulation of the registry is done solely at your own risk. Registry backups are recommended before doing anything like this.

There has been a lot of confusion over "DSO Exploit" because of how Spybot flags it and all the issues with the bug in Spybot 1.3, being unable to "fix" it. And more interestingly, there may never have been all that serious an issue with this. I'm not sure anyone has ever put an exploit out into the wilds of the Internet taking advantage of this supposed hole. And finally, since the true fix for DSO Exploit was a patch Microsoft put out probably 3 years ago now, most people's systems aren't even exploitable anyway.