Spybot DSO Exploit bug is back....

Discussion in 'other anti-malware software' started by bigbuck, Aug 20, 2005.

Thread Status:
Not open for further replies.
  1. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    It was a glitch in 1.3 wasn't it? It was fixed, but now it's back....
    Anyone else getting it?
     
  2. akshay_k72

    akshay_k72 Registered Member

    Joined:
    Jul 2, 2005
    Posts:
    79
    Location:
    New Delhi, India
    Yes I got the same alert today. Never knew it was a glitch. What should I do?
     
  3. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    I just used to ignore it...
    It was no prob, provided you were fully patched. There are fixes around, but I never bothered...
    just wondering why it's happening again...must have come down with the latest update?
     
  4. akshay_k72

    akshay_k72 Registered Member

    Joined:
    Jul 2, 2005
    Posts:
    79
    Location:
    New Delhi, India
    Well I removed them. Should I undo the changes?
     
  5. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Just updated and scanned. Nothing here guys. :) :D


    snowbound
     
  7. akshay_k72

    akshay_k72 Registered Member

    Joined:
    Jul 2, 2005
    Posts:
    79
    Location:
    New Delhi, India
    I restored the changes from the recovery and scanned again. This time no threats were detected o_O
     
  8. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
  9. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Fixed it and it stayed fixed....
    We'll see what happens after a reboot.
     
  10. hadi

    hadi Guest

    did the same. and no threats were detected before and after a restart. does this mean any thing
     
  11. dog

    dog Guest

    It's not a bug or a false postive, have Spybot fix this item ;) ... It's finding an entry in the hidden 'my computer' zone

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 = 1004

    O = equals the 'my computer' zone

    1004 Flag = Download unsigned ActiveX controls

    The Dword Values equal - O = not set/allow, 1 = prompt, 3 = block

    The value should be 3 :) Spybot will correctly change this value

    For more info on this key and these flags/values see See http://support.microsoft.com/default.aspx?scid=kb;en-us;182569

    BTW if you want to un-hide the my computer zone ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 ... change the flags value to Decimal Values 71 or hexadecimal 47 to SHOW The default for the my computer zone is = Decimal Values 33 or Hexadecimal 21 = Do NOT show

    More Info - http://support.microsoft.com/default.aspx?scid=kb;en-us;315933

    HTH;

    Steve
     
  12. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks Steve!
     
  13. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I found this on a scan after the recent update as well.

    I had just figured it was another glitch so I cleaned it and didn't think anything of it.

    Glad to hear the update steve, I'll do that.

    Thanks :)
     
  14. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    thanks steve,

    also false positive for NoAdware application as per attached image
     

    Attached Files:

  15. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Well, Spybot didn't find it on my computer. Of course, I upgraded from 1.3TX version which fixed it for good.

    Spy bot did find that I have the MS key for that registry item that allowed us to not have SP2 forcibly installed for four months last fall. I don't think Spybot should be finding stuff like that. It has nothing whatsoever to do with spyware.
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I got it also. It was a glitch in 1.3. Was supposidly fixed in 1.4 so why isn't it a glitch now? I excluded it from further searches.
     
    Last edited: Aug 20, 2005
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have win2000pro.
    I ran Spybot v1.4 with the latest updatings and got this message.

    "Congratulations!
    No immediate threats were found" (only an idiot believes that)

    I got the DSO exploit in the past like everybody else, but not this time.
    So it must be caused by something very specific.
     
  18. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Just to clarify this some... Apparantly a recent update of Spybot detections, when run in Spybot S&D v1.4, has reenabled the detection and repair of the registry setting associated with the DSO Expolit. At this time, Spybot 1.4 with current definitions will both detect and 'fix' the DSO Exploit if: 1. your version of Spybot is not set to ignore the DSO Exploit (which many people's are since that was for a long time the recommendation made to people - ie. set Spybot to ignore this detection), and 2. you actually have the registry setting on your system that triggers this detection.

    When Spybot v1.3 came out, the most common question that was asked by people was: "Why is Spybot detecting "DSO Exploit" (usually several) on my system, and even when I tell it to fix it, it says it does but the next scan finds it again?" Well, the reason was that there was a bug in Spybot 1.3 that prevented it from applying the fix properly. That is fully documented in this Spybot/Net-Integration thread:

    http://forums.net-integration.net/index.php?showtopic=15308

    Later, a special version of Spybot 1.3 (called the TX version) did fix the bug in Spybot that prevented the program from properly fixing this when detected and instructed to fix it. Many people used that version and finally had the setting "fixed" on their system. (So, none of these people, those who successfully "fixed" it, will have it detect again unless they rebuild their Windows in a way that changes the involved setting again.)

    With Spybot 1.4, they fixed the programs ability to "fix" this setting as well, but at some point the definitions used for Spybot disabled the detection of "DSO Exploit" altogether. I don't know exactly why they stopped detecting it. Now, they appear to have reenabled the detection again and since Spybot 1.4 can fix it, those people with the setting that triggers detection, who are using Spybot 1.4 with these defs, who aren't "ignoring" that detection... they can detect it fix it properly now.

    Some images...

    This is the registry key involved. Any value other then "3" in that one key will cause Spybot to "detect" what it calls "DSO Exploit".

    [​IMG]

    If you want to play with this, then go into Spybot's File Sets menu, (you need to be in advanced mode under mode menu), and untick everything but Security. (Doing this means you can scan your system very fast, over and over, as you play with the DSO Exploit setting values, rather then having to wait as Spybot scans your system for every possible spyware detection.)

    [​IMG]

    If you have Spybot 1.4 fix the DSO Exploit, it will change the value of that above key to this:

    [​IMG]

    Notes: Be sure that you are using Spybot 1.4 with current definitions. Be sure that the Ignore list in Spybot is not set to Ignore DSO Exploit detection. If you go into regedit to play with this, take serious precautions as any manipulation of the registry is done solely at your own risk. Registry backups are recommended before doing anything like this.

    There has been a lot of confusion over "DSO Exploit" because of how Spybot flags it and all the issues with the bug in Spybot 1.3, being unable to "fix" it. And more interestingly, there may never have been all that serious an issue with this. I'm not sure anyone has ever put an exploit out into the wilds of the Internet taking advantage of this supposed hole. And finally, since the true fix for DSO Exploit was a patch Microsoft put out probably 3 years ago now, most people's systems aren't even exploitable anyway.
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I removed it from the Ignore list and allowed it to be fixed.
     
Loading...
Thread Status:
Not open for further replies.