What's a 'DSO exploit' and how do I get rid of it?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

i have found one sure fire way to end this dso... once & for all. i bought a mac!

conventional wisdom is that scumbags that write this stuff do not do so for mac & unix. don't know how true that is but i have been running netscape 7.2 on os 10 & have yet to experience any problems

All this advice of not to worry is complete junk!
Do not tell me not to worry about DSO Exploit when I can see things happening to my system. If you can't be bothered to offer advice not tainted with the Microsoft company line then just don't bother at all. Are you in a relationship with Bill? DSO Exploit is a problem for anyone whom thinks it is! Stop posting patronising advice and just deal with it or go talk about something else. Example how great you think Bill and his rubbish IE really is.
Leo poor show!

Sorry you feel that way. I think you've misunderstood what I'm saying, though.

To clarify for subsequent readers:

DSO *is* something you want to fix. Just make sure that you have all the latest Internet Explorer Patches installed, and you're done.

After updating IE to the latest set of patches, folks using Spybot Search and Destroy may continue to see reports of the DSO Exploit as being a vulnerability on their machine. This is an acknowledged bug in Spybot Search and Destroy. Check out the link to the Net Integration Forums listed with the article above.

So to summarize:
- If your IE is NOT up to date with patches: get it up to date.
- If your IE *is* up to date with patches, and spybot reports DSO exploit, you may safely ignore Spybot's report.

Or, as others have suggested you can use another browser. I'm fairly happy with Firefox these days.

For those asking about IE patches: http://www.windowsupdate.com is where you want to go. It's the only site I use IE to visit any longer.

CoolWebSearch is one of the nastiest pieces of software written to date and it's author(s) really should be jailed.

CoolWebShredder does a fair job at removing most versions:
http://www.spychecker.com/program/coolwebshredder.html

About.Buster does a good job of fixing About.blank or RES:// hijacks:
http://www.malwarebytes.biz/

However, my best advice matches the comment Leo made - switch to Mozilla or Firefox. Both can be obtained from http://www.mozilla.org. I happen to use the Mozilla suite as I use it for email as well as browsing, and Mozilla has a Quick Launch feature that makes it open browser windows even faster than IE (because it preloads like IE does - a feature not yet available in Firefox.) Mozilla browsers can not be affected by spyware (yet...I wouldn't put it past these spyware autors to try if Mozzie gets more popular), have a built-in popup blocker that actually WORKS, and built-in junk mail filter.

If only I could give my customers this advice, I'd be a happy man. (I work as a tech support agent for MSN. I deal with spyware calls for at least 10 hours a week - and CoolWebSearch is the nastiest one of all.)

Folks,

I have all my ie patches installed and up to date running XP and IE. BUT this week I started getting popups. This seems related to an 'automatic update' from microsoft which popped up this week for KB833989. I stupidly installed it, even though I always manually go to the windowsupdate page, and since then i've been getting the popups. Oddly enough this exact same set of circumstances happened to a coworker this week. Anyone have any thoughts?

Maybe this was actually a bit of spyware that looked like an MS update?

Joe

An interestingly riveting read. I just got my cable internet installed with Cox. I talked with the guy who installed it about this exact subject. He said that it was a supposedly unbeatable program that no one could erase. Of course I had my suspicions because I knew that there is no such thing as an unbeatable piece of software. So I looked up DSO Exploit and found this site. Of course I've been watching the Screen Savers for a while, and the staff always solved all of my problems when other people called about them, so I trust everyone there.

My point is (if there is one), is that I can see why people are scared of this exploit. It's because there is a sort of confusion even amongst some professionals. Either that or the cable guy was pulling stuff out of his butt. I don't know.

THank you all. THIs has helped me imensly. I need not now worry about the reported DSO exploit. THanks again.

ok, originally i had 5 entires of dso exploit when i searched under spybot, and when i tried to delete them, it would delete it and then would come back next search. then i found sme stps involving chaning some number from 1004 to 3 perfectly, and then i downloaded dsostop and it says its activated and prevents any dso exploit, but that doesnt do any good, because now when i use spybot it picks up 4 instead of 5 entires for dso exploit. when i search for it regularly on my comp it finds NOTHING. even in hidden and compressed files, also, i "immunized" my system because it recommended it using one of anti-spyware sofwares, and now every time i sign online i hear 3 "drops" and if i do a spybot search, it picks up 3 new pieces of spyware, 2 from advertising.com and 1 from avenue a, along with my original 4 dso exploit entries, i can delete these 3 and when i research it wont pick them up, UNTIL i restart my internet connection, and then i search and theyre back. it was not like this befor

Hey, Leo, I must give you a massive congratulation on your response. Not so much to content as the tone. It would have been easy to respond by telling Bridie to pull her/his head in and you may well have been justified in doing so, it appears to me. However you clearly and calmly restated your advice and did so without rising to the bait. (Although your last note that you use firefox may have had the slightest tinge of "so there" about it, but I certainly can't begrudge you that. I don't know that my repsonse in a similar situation would have been anywhere near to gracious!!) Anyway, congrats!

Ive been on hloiday and come back to a host of spywhere programms do u know how 2 get rid of 180ax???

To post a comment on "What's a 'DSO exploit' and how do I get rid of it?", please return to that article's main page.