SpyBot DSO Entries ??

Discussion in 'other anti-malware software' started by unholyone, Nov 29, 2004.

Thread Status:
Not open for further replies.
  1. unholyone

    unholyone Registered Member

    Joined:
    Jan 30, 2004
    Posts:
    28
    Hi,

    I just installed, updated and ran SpyBot 1.3 on my XP system.

    It came up with 4 DSO Exploit Registry Items. I am not sure if these should be removed or if they are needed for Windows.

    One reason I wonder is because I noticed a new item in my startup called "dumprep 0 -k" in the %systemroot%\system32\ directory that was not there before.

    I uploaded a jpg of the entries. I am not sure if it will be shown as I have never uploaded files here before.

    Any help would be appreciated.
     

    Attached Files:

    Last edited: Nov 29, 2004
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    What Spybot flags as DSO Exploit is simply a security setting in Internet Explorer related to "Downloading unsigned ActiveX controls" within the hidden "My Computer" security zone in IE.

    Spybot's v1.3 release is actually unable to "fix" this setting because there is a bug in that version. If you were to tell it to fix those, they would turn up again in the very next Spybot scan, so it is best to just ignore those.

    Also note that they are not a sign of any type of infection or spyware problem on your system. If you patched your XP system at the Microsoft Windows Update site in the last two to three years, your system won't even by vulnerable to that specific exploit any more. (It's really a non-issue.) There's more on this here:

    https://www.wilderssecurity.com/showthread.php?t=45842

    https://www.wilderssecurity.com/showthread.php?t=41203
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    "dumprep 0 -k"... is not related to DSO Exploit, and is explained some here:

    http://www.windowsstartup.com/wso/detail.php?id=1384

    Basically, following the first "Blue screen" crash of an XP system, that entry is put in startup to prep for crash dump analysis. You can leave that entry or remove it, either way is fine as you'll probably never have a crash dump file analyzed anyway. Almost no one ever does. If you remove it and have another crash, that entry will return again.
     
  5. unholyone

    unholyone Registered Member

    Joined:
    Jan 30, 2004
    Posts:
    28
    Thanks thoses posts are a big help.
     
  6. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    if you really wanted to you could get the 1.3.1TX ver. of spybot. alot of places wont reccomend it cuz its not really supposed to be released but many people i talk to did get it including myself and it does stop the dso exploits. again though, some places dont recommend it but it does work.
     
Thread Status:
Not open for further replies.