Discussion in 'other anti-malware software' started by bigbuck, Aug 20, 2005.
It was a glitch in 1.3 wasn't it? It was fixed, but now it's back....
Anyone else getting it?
Yes I got the same alert today. Never knew it was a glitch. What should I do?
I just used to ignore it...
It was no prob, provided you were fully patched. There are fixes around, but I never bothered...
just wondering why it's happening again...must have come down with the latest update?
Well I removed them. Should I undo the changes?
Won't make any difference, it'll keep coming back, if it's like last time...
There was about ten zillion threads on it last time...
Just updated and scanned. Nothing here guys.
I restored the changes from the recovery and scanned again. This time no threats were detected
Thread over here;
Fixed it and it stayed fixed....
We'll see what happens after a reboot.
did the same. and no threats were detected before and after a restart. does this mean any thing
It's not a bug or a false postive, have Spybot fix this item ... It's finding an entry in the hidden 'my computer' zone
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 = 1004
O = equals the 'my computer' zone
1004 Flag = Download unsigned ActiveX controls
The Dword Values equal - O = not set/allow, 1 = prompt, 3 = block
The value should be 3 Spybot will correctly change this value
For more info on this key and these flags/values see See http://support.microsoft.com/default.aspx?scid=kb;en-us;182569
BTW if you want to un-hide the my computer zone ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 ... change the flags value to Decimal Values 71 or hexadecimal 47 to SHOW The default for the my computer zone is = Decimal Values 33 or Hexadecimal 21 = Do NOT show
More Info - http://support.microsoft.com/default.aspx?scid=kb;en-us;315933
I found this on a scan after the recent update as well.
I had just figured it was another glitch so I cleaned it and didn't think anything of it.
Glad to hear the update steve, I'll do that.
also false positive for NoAdware application as per attached image
Well, Spybot didn't find it on my computer. Of course, I upgraded from 1.3TX version which fixed it for good.
Spy bot did find that I have the MS key for that registry item that allowed us to not have SP2 forcibly installed for four months last fall. I don't think Spybot should be finding stuff like that. It has nothing whatsoever to do with spyware.
I got it also. It was a glitch in 1.3. Was supposidly fixed in 1.4 so why isn't it a glitch now? I excluded it from further searches.
I have win2000pro.
I ran Spybot v1.4 with the latest updatings and got this message.
No immediate threats were found" (only an idiot believes that)
I got the DSO exploit in the past like everybody else, but not this time.
So it must be caused by something very specific.
Just to clarify this some... Apparantly a recent update of Spybot detections, when run in Spybot S&D v1.4, has reenabled the detection and repair of the registry setting associated with the DSO Expolit. At this time, Spybot 1.4 with current definitions will both detect and 'fix' the DSO Exploit if: 1. your version of Spybot is not set to ignore the DSO Exploit (which many people's are since that was for a long time the recommendation made to people - ie. set Spybot to ignore this detection), and 2. you actually have the registry setting on your system that triggers this detection.
When Spybot v1.3 came out, the most common question that was asked by people was: "Why is Spybot detecting "DSO Exploit" (usually several) on my system, and even when I tell it to fix it, it says it does but the next scan finds it again?" Well, the reason was that there was a bug in Spybot 1.3 that prevented it from applying the fix properly. That is fully documented in this Spybot/Net-Integration thread:
Later, a special version of Spybot 1.3 (called the TX version) did fix the bug in Spybot that prevented the program from properly fixing this when detected and instructed to fix it. Many people used that version and finally had the setting "fixed" on their system. (So, none of these people, those who successfully "fixed" it, will have it detect again unless they rebuild their Windows in a way that changes the involved setting again.)
With Spybot 1.4, they fixed the programs ability to "fix" this setting as well, but at some point the definitions used for Spybot disabled the detection of "DSO Exploit" altogether. I don't know exactly why they stopped detecting it. Now, they appear to have reenabled the detection again and since Spybot 1.4 can fix it, those people with the setting that triggers detection, who are using Spybot 1.4 with these defs, who aren't "ignoring" that detection... they can detect it fix it properly now.
This is the registry key involved. Any value other then "3" in that one key will cause Spybot to "detect" what it calls "DSO Exploit".
If you want to play with this, then go into Spybot's File Sets menu, (you need to be in advanced mode under mode menu), and untick everything but Security. (Doing this means you can scan your system very fast, over and over, as you play with the DSO Exploit setting values, rather then having to wait as Spybot scans your system for every possible spyware detection.)
If you have Spybot 1.4 fix the DSO Exploit, it will change the value of that above key to this:
Notes: Be sure that you are using Spybot 1.4 with current definitions. Be sure that the Ignore list in Spybot is not set to Ignore DSO Exploit detection. If you go into regedit to play with this, take serious precautions as any manipulation of the registry is done solely at your own risk. Registry backups are recommended before doing anything like this.
There has been a lot of confusion over "DSO Exploit" because of how Spybot flags it and all the issues with the bug in Spybot 1.3, being unable to "fix" it. And more interestingly, there may never have been all that serious an issue with this. I'm not sure anyone has ever put an exploit out into the wilds of the Internet taking advantage of this supposed hole. And finally, since the true fix for DSO Exploit was a patch Microsoft put out probably 3 years ago now, most people's systems aren't even exploitable anyway.
I removed it from the Ignore list and allowed it to be fixed.
Separate names with a comma.