Registry Changes that won't go away (DSO Exploit)

Discussion in 'privacy problems' started by hinds8is2020, Jul 20, 2004.

Thread Status:
Not open for further replies.
  1. hinds8is2020

    hinds8is2020 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    3
    I will tell you a little about myself before I go into my problem. I recently restored my computer to factory settings to get rid of 4 registry changes that would not go away. I tried Spybot, Spywareblaster, Spysubtract, and cwshredder. The only one that found any problems was Spybot. I would fix the problems, and then erase the back-up files that the program created. Now those three "unknowns" are no longer my problem. I now have 5 registry changes that I don't know how to get rid of. They come back as soon as they are deleted. I have scanned for viruses, searched for spyware. I honestly don't know that much about computers other than spyware isn't wanted. The name of the registry changes now are called DSO Exploit. I don't know if I posted this in the correct area, so if not, please forgive me. If you could help I would appreciate it 150%.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Re: Registry Changes that won't go away

    DSO Exploit is not actually an infection of any type. It is merely a finding made by Spybot S&D regarding a specific security setting in Internet Explorer. When the setting in question is not set to the recommended value, Spybot alerts on it. The big problem with this is that when you tell Spybot to fix it, a bug in Spybot prevents it from doing the fix properly, even though it reports that it did it successfully.

    There are a lot of threads on this here and at Spybot's home forum. Take a look here and follow the different thread links for more information:

    https://www.wilderssecurity.com/showthread.php?t=41203
     
  3. hinds8is2020

    hinds8is2020 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    3
    Thank you.. It never even occurred to me to use the search option. :rolleyes: But thank you so very much. My computer is new, and I thought that I completely updated everything that I could. I will check it again. Again thank you for your quick reply. (Even though it seems that you have answered this question more times than you would have like to :) )

    *edit* Do you know what setting it is? I looked on my security settings on Internet Explorer and found that everything was set. There were no unfilled sections.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    It's actually the setting for "Download unsigned ActiveX controls" in the hidden security zone within IE called the "My Computer" zone. Only people who have specifically un-hidden it through a tweak can see the zone within the IE Security tab. I explained a little about that zone here:

    https://www.wilderssecurity.com/showthread.php?p=177946
     
  5. hinds8is2020

    hinds8is2020 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    3
    Okay, I still don't really understand. But, I think that this is the same as the one pictured in the link. If it isn't, I don't know where else to find it. o_O
     

    Attached Files:

  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Edit> I see you added an image. But, "what zone" were you looking at when you took that screen image? The settings differ in every IE security zone.

    If you go into Internet Explorer > Tools menu > Internet Options... > Security tab, you should only see four zones: Internet, Local Intranet, Trusted and Restricted. The zone that the DSO Exploit applies to is actually a hidden one called the "My Computer" zone. If you don't have a "My Computer" zone in that screen, then you can't set the value yourself via IE.

    If you do have a My Computer zone showing in the IE Security screen, then you can set the "Download unsigned ActiveX controls" in that zone to Disable in order to do what Spybot intended to do.

    Otherwise, you would have to do the registry hack that I show in the image in that thread.

    For much more detail, look in that thread for a link to the net-integration forums. That's actually where I first posted that information. The thread there is like 8 pages long now and has a massive amount of information on this.

    However, the key thing is that this is not an infection. It's just an exploit that was discovered and patched two years ago, which you can ignore if you generally stay up to date with Microsoft Windows Updates.
     
Loading...
Thread Status:
Not open for further replies.