What's a 'DSO exploit' and how do I get rid of it?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

tks for the info

This one of the best thing I have found on my PC.I done just what you said to do, and got rid of DSO Exoloit. I tryed every thing I could, and could not get it off my PC. But this really worked.I will us this all the time now. Thank you very much. To all you people out there in PC land, use this site. Thanks again.

Leo, My brotherinlaw's son, Kevin Goodier told me you were the best at this. This question has nothing to do with DSO. Today I tried to install SP2, with my Windows XP home edition. It failed to install. It downloaded fine. But failed at the end.I have done everything it has told me to do.(Wizard). Got any advice on this one.....? I appreciate your help in advance....Thanks, Linda

Depends on how it failed. Any error messages?

To fix this probelem please follow the steps below. As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

Right click the error found in spybot and select "more details","jump to location". This will open registry editor and go to the correct registry entry to modify. Sometime Spybot doesn't do the jump the first time for some reason, just do it again to kick it into action.

You will see it has focused on an entry which is 1004 of the type "reg_sz", this should actually be a "reg_dword".

You will need to delete the 1004 entry.

Create a new DWORD called 1004 by right clicking on the folder which contained this entry (normally "0"), select New, DWORD value. The default value it's given is "0"

Double click 1004 and change "0" to "3".

This will need to be done for every DSO exploit entry that Spybot has found.

As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

As stated in the article, there is no need to do that. All you need do is make sure IE is up to date, and then ignore the warning in SpyBot, until SpyBot is updated to fix it.

Question for Leo...
What harm would it do to simply delete the DSO exploit,(1004) as suggested by L9Ron in a previous post. I have done just that, with no ill effects. If deleting the 1004 entry can cause problems, what would those problems be? Could you please give the exact details of any problems this has caused for you, or others, that you know of? I am confident that you have the answer for this querry. Thanks for your time, and I am looking forward to a comprehensive explanation.
John Smith ;)

I never said it would harm anything. Only that if IE is up to date, it's simply not neccessary to take those steps - you can safely ignore the DSO exploit warnings in Spybot.

Hi John,

As Leo says, as long as you are fully patched there is no need to concern yourself with the DSO exploit.

The entry "1004" that this relates to is in the "My Computer Zone" and is the setting for "Allow download of unsigned ActiveX control". When set to a DWord value of 3, this setting is disabled.

When it was not disabled on unpatched PC's, it was possible for malicious code to be run on your PC without your consent.

Microsoft released a patch some time ago addressing the problem which was also included in Service Pack 1 (As well as Service pack 2). When you are patched, you can't be "unpatched". It other words this exploit cannot happen as your machine can't become vulnerable again to this particular problem.

From my understanding, whether disabled or not, or if you have even deleted this entry, as long as you are patched there will be no adverse affect to your PC.

Again, as Leo says, as long as you are patched, you can safely choose to ignore the error. If it annoys you to see it turn up in the scan, tell the scan to ignore it or modify the registry to correct the problem manually, but there is really no need.

Thanks Leo and Jim...
As I mentioned before, I had already deleted the 1004 entry from the registry, and was hoping I hadn't harmed my computer in some way that I am not yet aware of. If there is anything that you know of, or that you find out in the future, that could cause a problem as a result of deleting the 1004 entry, could you please post it here and let me know. Thanks again, John :-)

BTW, You might want to consider taking the ad for "Spyware Nuker" off of your site... it has "Gator" and a Keylogger in it.

To post a comment on "What's a 'DSO exploit' and how do I get rid of it?", please return to that article's main page.