Does anyone know what this is (a spybot s&d finding)

Discussion in 'other anti-malware software' started by notageek, Feb 25, 2003.

Thread Status:
Not open for further replies.
  1. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    First I would like to say, after a week vaction it sure feels good to be back.

    I ran Sypbot on my new compter and it found this: DSO Exploit: Data source object exploit (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3


    I have no idea what this is. Any one know? By the way it's a dell.
     
  2. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hey notageek,

    Welcome back.

    I too came up with the DSO exploit while running Spybot a while ago.

    I assumed it had something to do with what is written about here by Greymagic.

    When I ran greymagic's test on their page which explains the exploit, whatever was supposed to happen - did not happen. Not sure if it was because of the change made by SS&D or my proxo settings...

    Looks like it was proxo picking it off initially - I see a selected classid lighting up

    proxo was killing some pretty interesting stuff on that test, also noticed when I lighten up on proxo settings, my AV picks off a bug, I'm sure if I let the bug go maybe the SS&D change would plug the gap, maybe not so just in case think I'll download & run DSO stop just to be sure.

    whatever the exploit, it was not able to execute on my pc ;)

    also check here:

    http://www.nsclean.com/dsostop.html

    & here:

    http://www.wilders.org/securing_your_pc.htm
     
  3. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks Peakaboo.

    Hey Peakaboo do you know if Proxo works with WinXP?
     
  4. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Looks like this was not a good assumption.

    Glad I ran DSO stop as my pc was still vulnerable but for proxo picking off the test stuff.

    After running DSO stop, I ran the test again with proxo bypassed. Great result, total defeat of this exploit. ;)

    dwnld DSO stop here:

    http://www.nsclean.com/dsostop.html

    more info. here:

    http://www.wilders.org/securing_your_pc.htm

    notageek, I would think proxo would work with XP, I visited the proxo site and the author states:

    "It works with most any browser (not just the big two)"

    http://home.arcor.de/six/index.html
     
  5. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Thanks Peakaboo. I'll try Proxo with XP.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.