Comments for What's a 'DSO exploit' and how do I get rid of it?

Comment from Neil on 2007-04-23

2007-04-23T15:47:00Z

I have found DSO Exploit does prevent certain Web pages from loading - eg Oracle Forms applications (doesn't affect Mozilla Firefox).

Going to try editing the registry - is this going to remove DSO exploit for good (Spybot removes it but it returns)

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Harborsidefx on 2005-12-16

2005-12-16T19:43:42Z

1) Make a note of the location of the exploit shown in Spybot, something similar to:
HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor
3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title
4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.
If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.
5) Close the Registry Editor and Reboot your computer
6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from matt on 2005-11-22

2005-11-22T11:14:36Z

I've followed the directions for updating the registry to fix the DSO Exploit problem, and yet the Exploit continues to return. It hasn't worked for me. Exploit continues to cause IE to attempt to connect at start-up. Any other suggestions?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Duffy on 2005-11-21

2005-11-21T18:21:26Z

dso found by spybot. dso shown up by McAfee.. but ist still ther in zipped files. Anyone knopw if I can put them thru the McAfee shredder with a hope of success Or will it hide them and let them operate

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from John Susi on 2005-09-14

2005-09-14T16:05:32Z

Dso canot be removed with spyware programs.the reason is that it comes with a Dll.
you must edit the regestry. henkey users/software
microsoft/internet settings/ zones.

if you leave dso in your registry you may begin
have a problem with your internet.Spybot will find
dso but will not remove it.Dso may remain on a
disk that you may copyfrom a program.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Chris.g on 2005-08-26

2005-08-27T04:27:50Z

get someone help me get rid of this plz:

Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ .

ive used the following programs to get rid of them with no luck:

Search and destroy
Spyware doctor
ad-adware se personal
spywareblaster

and yet i still have these dialers!!! im usuing Panda active scan
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

and it keeps telling me i have these two dialers... plz help!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rich E on 2005-08-25

2005-08-26T04:02:40Z

I have many protections on my computer, they are: Spybot search&destroy
Spyware Blaster
Microsofts antispyware beta
Adaware
Winpatrol
Spyware doctor
All of these programs are kept updated. A few days ago my browser became hijacked, so I ran several scans and discovered a nasty trojan and a variant of cws. Worse thing is they keep returning. I have my windows updates turned on, so I should be up to date. During a routine scan Dso exploit came up.
Can you help me?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from bubba on 2005-08-25

2005-08-25T21:47:32Z

try this:

http://www.pchell.com/support/dsoexploit.shtml

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2005-07-02

2005-07-03T04:43:29Z

Definitely sounds like spyware. I'd try another spyware program like Microsoft's AntiSpyware scanner.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Thierry on 2005-07-02

2005-07-02T17:46:24Z

i have spybot updated and there is nothong that removes the blue tool bar at the bottom of my screen, it appears every time i open internet explorer and the bar doesn't respond anymore.
--> i'll describe it to u so u can see if u've seen it before : there is 6 links : 1.Make Money,2.Music,3.Casino,4.Investing,5.Travel,6.Mortgage, then 6 scroll bar -->DAting,Travel , Careeres, Credit, Computer and insurance. After, there is a search space were u can write somthing. It has the skin of Windows XP and the little 'x' to close the window is inactive... Can someone help?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2005-05-27

2005-05-28T03:24:38Z

That program is unnessary. As the article clearly states, ALL you have to do is keep Internet Explorer up to date. That's all.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Insolado on 2005-05-25

2005-05-25T22:31:28Z

Hola!
I might be wrong, but you can't get rid of a DSO Exploit. As I understand it, it is a Data Source Object vulnerability in Internet Explorer, Outlook and Outlook Express (something like a security hole that spyware uses). These types of spyware can be difficult to remove, and if removal is successful, it often returns soon after. Even when ActiveX controls have been disabled, a DSO Exploit is capable of operating and invading a PC. Even if you are up to date on your Microsoft Patches, like I am, programs like Spybot Search and Destroy will keep reporting it.
To fix the problem (which is the vulnerability, not getting rid of the exploit) I used a small program, which is a freebie, by the name DSO Stop 2. It will patch the hole and you will never see the red lettering "DSO" after you run Spybot.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rebecca on 2005-05-24

2005-05-25T05:07:08Z

thanks soo much for the help! I've finally removed DSO!!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2005-02-19

2005-02-19T17:06:50Z

I'd start with a spyware scan: http://ask-leo.com/spyware_how_do_i_remove_and_avoid_spyware.html

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from kareme on 2005-02-18

2005-02-18T19:56:27Z

Their is this ugly searh bar at the bottom of my computer screen and its so annoying i cant get rid of it please help me.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2005-02-17

2005-02-18T04:29:17Z

No, and yes. You still have Internet Explorer on your machine, and it's used by certain applications, and is required for things like Windows Update. So you should still make sure that it's fully up to date, after which you need no longer worry about DSO exploit.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Elliott on 2005-02-17

2005-02-17T15:17:55Z

"The short answer: it's a bug in Internet Explorer . . ."

I use Mozilla Firefox for my browser, and Thunderbird for news-email. Does this mean that I don't have to worry about the DSO Exploit?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Joe on 2005-02-16

2005-02-17T03:53:48Z

Leo, I'm not sure if this new spybot down load is real or not. I upgraged the spybot and did a new search and it did not find the DSO EXPLOIT instead it showed all clear congratulations but it never asked me to fix the problem.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Flash on 2005-02-13

2005-02-14T06:04:54Z

I found that my computer has "DSO exploit" and i thoought "no biggy" till it never went away and i was forced into a mess of spayware popups i get 20-30 a day of these little things that clam i have "spyware on your computer" and such at first i didnt belive it because it told me to go to some gay site named something like "www.Fixyman.com" or "www.Fixyurboxnow.com" and such till one day it asked me to increase my ..body part and my mother found it and freaked out now i must get rid of this thing because my mom now thinks i look up mas amounts of porn. i have tried as much as i can have reformated at least 20 times this year because of this thuing and im now grabbing the power of the internet to lend me a hand to kill it...any pointers?

-thanks flash

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Steve on 2005-02-11

2005-02-11T23:55:18Z

Leo, Thanks for the information. I have been trying to get this darn thing off of my registry for the past few days. Have done everything that I know of. Thanks for the information that it may in fact now not be a problem. Thanks again. Steve

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Marina on 2005-02-06

2005-02-06T20:06:27Z

I dont know what causes the DSO exploit. But if you go to Major Geeks downloads, there in the spyware section there is a download that will fix it. you must have the latest programme of spybot installed for it to work.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from John Doe on 2005-02-05

2005-02-05T23:17:44Z

You can find the solution to your DSO Exploit problems here http://www.icervasoftware.ca/Home/DSOExploit.asp

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Anne on 2005-02-05

2005-02-05T20:57:28Z

I regularly check for and update (weekly) all Microsoft patches/updates along with any updates for spybot version 1.3. These products are right up to date. However, I continue to get the DSO Exploit in a number of registries when I run Search & Destroy. Thanks to all your information, I know I can safely ignore as I am up to date with all my updates etc. However,it is still very annoying. I thought the problem with the Spybot Search & Destroy program had been solved with a fix in one of its updates? Is this in fact, not the case? Am I missing something somewhere?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Larry on 2005-01-10

2005-01-10T23:38:17Z

Is the new exploit going to be a problem.
Internet Explorer has become an even bigger security risk -- even on Windows XP SP2 -- with the publication of a new and extensive exploit. Security researchers have warned that the exploit -- which takes advantage of known loopholes in SP2 -- could allow an attacker to run script code on a user's system via a specially crafted Web page. The holes involved have been known publicly for more than two months, but previous exploit techniques required the user to take actions such as dragging an image from one part of a Web page to another. The new exploit is fully automated, requiring the user only to visit a Web page in Explorer. Other browsers and operating systems aren't affected. Microsoft has warned users to turn off IE's "Drag and drop or copy and paste files" option as a partial solution. The danger can also be lessened by setting security levels to high for the "Internet" zone or, as several security firms pointed out, using another browser. Researchers have identified three separate, but related issues in IE. The first problem can be avoided by disabling the "Drag and drop or copy and paste files" option, but the new exploit doesn't rely on this particular bug

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from audrey on 2004-12-04

2004-12-04T18:30:52Z

i've run spy bot several times and it keeps finding dso exploit AND my internet doesn't work. iexplorer just goes to res:shdoclc.dll/dnserror.htm and doesn't find the page or reverts to wtn-eto.comhp.htm2id=632 and mozilla will allow me to access one page and then it stops trying to build new pages and outlook can't reach the server.
i've recently installed xp and installed updates so don't know what else to do.
plese help.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from nigel on 2004-12-04

2004-12-04T14:17:12Z

Read all the articles, I have noted experts comments and spent hours surfing, I do have all the patches updates sp2 etc however it took a manual edit to remove this pest, It is all very well saying keep updated or ignore it but why should we? microsoft has a patch i read, or its not a problem, as Im a gentleman I wont swear! I have spybot adaware spysweeper etc the list goes on and on, speaking as a relative necomer to xp It is no longer a pleasure to use my pc . sick of having to research and pay for software etc I do not really want a pc crammed with anti this and that! Im of two minds to pull the plug reinstall my system to its virgin state and not venture onto the net except via the public library , why cant some one write a simple program to automatically correct the registry error, I had to pay 20 pound to get mine done then I promptly backed up my pc so if it comes back i can sort it out, sp2 was supposed to be great solve most things NOT SO It should be made a criminal offence

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from on 2004-12-01

2004-12-02T02:01:50Z

Is it just me or has Spybot not fixed??? I have version 1.3 of Spybot and have updated it several times so the definitions should be up to date - and the DSO exploit message keeps coming back! My IE updates are up to date so I am not worrying.

Thanks.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Roxanne on 2004-11-29

2004-11-29T20:42:59Z

Okay, probably I'm being an idiot, here, but... I'm using Firefox, but I still have IE on my machine because sometimes I have to use it since it has so many hooks into windows. I'm on crappy dialup and it takes forEVER to download patches, so I'd rather not if I don't have to. Must I do this if I never use IE unless I am forced and I have Zone Alarm running constantly? A further comment... I was going to remove DSO Exploit from my machine manually, but the location is so long that SpyBot doesn't display the whole thing. Am I missing some simple command to show the entire location?

many thanks

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from maureen on 2004-11-26

2004-11-27T07:47:09Z

Hi Leo;

Tkx sooo much for your help with my question above - It gives me peace of mind to know that by doing the windows updates I don't have to worry about DSO Exploit - have a good one. )))))

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-11-26

2004-11-27T07:28:24Z

Yes, exactly. Make sure you have all the latest windows updates and all should be well.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from maureen on 2004-11-26

2004-11-27T07:12:15Z

Hi;

How do I fully patch Internet Explorer?? I have done the lastest windows updates, is that one in the same?? Sorry I am new user, not overly technical but I also have the DSO Exploit coming up when I run Spybot Search & Destroy. Any help you could provide would be appreciated. Tkx!!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-11-26

2004-11-26T23:49:23Z

I'll keep saying it, as I said in the article: as long as your Internet Explorer has been fully patched, you may safely ignore DSO Exploit warnings.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Anonymous on 2004-11-26

2004-11-26T23:47:47Z

Ignoring the DSO Exploit will not get rid of the problem. It will just "ignore it". I suggest googling for a solution as it does require registry key editing to fix. Computing.net has an answer for this problem which is an IE exploit that allows programs to be run on your computer without your permission. It's probably not a big deal if you use firefox, but the solution is simple enough.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Lavender on 2004-11-24

2004-11-24T14:23:13Z

Hi,
DSO exploit pops up when I do a Spybot scan, only it says and there is also something written in another language.
Would appreciate any advice.
Thankyou,
Lavender!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from wayne on 2004-11-23

2004-11-23T18:02:12Z

The latest version of Spybot (11-23-04) finds DSO and says it has removed it but if you scan again it finds it again and again. In my case in 5 places each time.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from nat on 2004-11-12

2004-11-12T11:18:02Z

dale edens you said

"
Select 'ignore product' in the left column."

but wont that jsut simply igbore the DSO?...

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from j. ron on 2004-11-11

2004-11-11T17:11:33Z

i'm running firefox and i tend to get the dso exploit reappearing contstantly. patches for ie are up to date, but i like firefox better. is there a weakness in firefox? why does dso exploit appear on every scan with spybot?

thanks for your help,

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-11-06

2004-11-06T17:39:43Z

SPYBOT is reported to be fixed. I've updated the article accordingly.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Dale Edens on 2004-11-06

2004-11-06T12:40:07Z

I got rid of 'DSO' exploit my doing the following.
Open Spybot and select'advanced' mode.
Select 'settings' in the left column.
Select 'ignore product' in the left column.
Select 'security' tab.
Place check mark in box beside DSO exploit.
Close program.
Open Spybot and run a scan.

You will find that 'DSO' exploit has been eliminated.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-10-31

2004-11-01T04:45:57Z

I found this thread on othersearch: http://ask-leo.com/d-41031a

This thread is a specific situation that clears up a number of infestations, including worldsex. I'm not sure if it will help you specifically, but it may, and if not the forum there is a good resource.

In general, file sharing programs like Kazaa seem to be the biggest source of these parasites. Avoid installing those types of programs if at all possible.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Mike on 2004-10-31

2004-10-31T19:06:28Z

hi leo!
I have this problem where i cannot change my homepage for more than a day. There are two sites that like to be fighting over which one is my homepage and they are:
- www.othersearch.com
- www.worldsex.co.yu
Its the worldsex which is the worst because when u start up explorer is begins recieving exploit viruses which are annoying to remove. I also have this annoying search toolbar that keeps on appearing after its been uninstalled.
I hope u can help cause no spyware program can find anything!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Billy D. Shaw on 2004-10-27

2004-10-28T01:09:51Z

Hi Leo, have followed you for a couple of years now and think you are the WIZ. I got the SP2 disk since I only have dial-up capability's. I d/l'ed a prog. from MS that told me I need MS 042-038 or close to that and when I d/led it my machine went heywire. Any thoughts thundermoon

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from on 2004-10-26

2004-10-26T13:22:13Z

Great Help !

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Sharon on 2004-10-13

2004-10-14T04:34:06Z

Hi, Leo,
Thanks for the link, but 'wow,' they suggest a lot of updates. Many of them are once added/cannot remove types. Should I be concerned about how much space these updates will take?

Also, is it correct to assume I don't have to uninstall anything these update are updating? I ask because when I 'updated' my security to the '04 version, I had some problems and was told I was supposed to have removed the old '03 version first. I had thought an update meant they were working from the same basic material and were only tweaking it.

Thanks for any further help.

Sharon

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-10-11

2004-10-12T01:14:00Z

"Do I have to update IE in order for SpyBot to stop reporting the DOS exploit."

As the article states, Spybot has a bug which will continue to report DSO exploit, even after you've updated IE.

"If I never use IE would the DOS exploit still be a threat."

IF IE has not been updated, then yes, it could still be a threat. Even though you use firefox, other applications often use core IE components and could be vulnerable. Also, some sites only work with IE (most notably Windows Update), so you'll be firing up IE at some point anyway.

My best advice: update IE.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Tsaeler on 2004-10-11

2004-10-11T23:09:26Z

My browser is firefox and I also use Mozilla.
Internet explorer may be somewhwere on my computer.
I use 98lite.
Updates to MS stuff causes me more pain than needed.
SpyBot reports the dos exploit on reboot.
Do I have to update IE in order for SpyBot to stop reporting the DOS exploit.
If I never use IE would the DOS exploit still be a threat. I was not always confused (well Uh maybe).

T(om)

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-10-07

2004-10-07T17:11:44Z

Visit Windows Update (This'll get you there: http://ask-leo.com/d-winupdate ) and follow the instructions to scan, and then possibly install, any critical updates.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Sharon on 2004-10-07

2004-10-07T16:52:45Z

I've never consciously done anything with IE. How can I know if I'm up-to-date?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-10-05

2004-10-05T19:38:47Z

Get one (or more) of several good spyware scanners and run 'em. Recommendations here: http://ask-leo.com/d-recommend

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Hugh on 2004-10-04

2004-10-04T21:33:23Z

Ive been on hloiday and come back to a host of spywhere programms do u know how 2 get rid of 180ax???

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Grahame Gould on 2004-10-01

2004-10-01T09:33:30Z

Hey, Leo, I must give you a massive congratulation on your response. Not so much to content as the tone. It would have been easy to respond by telling Bridie to pull her/his head in and you may well have been justified in doing so, it appears to me. However you clearly and calmly restated your advice and did so without rising to the bait. (Although your last note that you use firefox may have had the slightest tinge of "so there" about it, but I certainly can't begrudge you that. I don't know that my repsonse in a similar situation would have been anywhere near to gracious!!) Anyway, congrats!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from chris on 2004-09-27

2004-09-27T21:43:18Z

ok, originally i had 5 entires of dso exploit when i searched under spybot, and when i tried to delete them, it would delete it and then would come back next search. then i found sme stps involving chaning some number from 1004 to 3 perfectly, and then i downloaded dsostop and it says its activated and prevents any dso exploit, but that doesnt do any good, because now when i use spybot it picks up 4 instead of 5 entires for dso exploit. when i search for it regularly on my comp it finds NOTHING. even in hidden and compressed files, also, i "immunized" my system because it recommended it using one of anti-spyware sofwares, and now every time i sign online i hear 3 "drops" and if i do a spybot search, it picks up 3 new pieces of spyware, 2 from advertising.com and 1 from avenue a, along with my original 4 dso exploit entries, i can delete these 3 and when i research it wont pick them up, UNTIL i restart my internet connection, and then i search and theyre back. it was not like this befor

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Mike on 2004-09-26

2004-09-26T18:12:32Z

THank you all. THIs has helped me imensly. I need not now worry about the reported DSO exploit. THanks again.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ray on 2004-09-25

2004-09-26T06:52:31Z

An interestingly riveting read. I just got my cable internet installed with Cox. I talked with the guy who installed it about this exact subject. He said that it was a supposedly unbeatable program that no one could erase. Of course I had my suspicions because I knew that there is no such thing as an unbeatable piece of software. So I looked up DSO Exploit and found this site. Of course I've been watching the Screen Savers for a while, and the staff always solved all of my problems when other people called about them, so I trust everyone there.

My point is (if there is one), is that I can see why people are scared of this exploit. It's because there is a sort of confusion even amongst some professionals. Either that or the cable guy was pulling stuff out of his butt. I don't know.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Joe on 2004-09-24

2004-09-24T14:30:14Z

Folks,

I have all my ie patches installed and up to date running XP and IE. BUT this week I started getting popups. This seems related to an 'automatic update' from microsoft which popped up this week for KB833989. I stupidly installed it, even though I always manually go to the windowsupdate page, and since then i've been getting the popups. Oddly enough this exact same set of circumstances happened to a coworker this week. Anyone have any thoughts?

Maybe this was actually a bit of spyware that looked like an MS update?

Joe

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Dave on 2004-09-22

2004-09-22T19:28:18Z

For those asking about IE patches: http://www.windowsupdate.com is where you want to go. It's the only site I use IE to visit any longer.

CoolWebSearch is one of the nastiest pieces of software written to date and it's author(s) really should be jailed.

CoolWebShredder does a fair job at removing most versions:
http://www.spychecker.com/program/coolwebshredder.html

About.Buster does a good job of fixing About.blank or RES:// hijacks:
http://www.malwarebytes.biz/

However, my best advice matches the comment Leo made - switch to Mozilla or Firefox. Both can be obtained from http://www.mozilla.org. I happen to use the Mozilla suite as I use it for email as well as browsing, and Mozilla has a Quick Launch feature that makes it open browser windows even faster than IE (because it preloads like IE does - a feature not yet available in Firefox.) Mozilla browsers can not be affected by spyware (yet...I wouldn't put it past these spyware autors to try if Mozzie gets more popular), have a built-in popup blocker that actually WORKS, and built-in junk mail filter.

If only I could give my customers this advice, I'd be a happy man. (I work as a tech support agent for MSN. I deal with spyware calls for at least 10 hours a week - and CoolWebSearch is the nastiest one of all.)

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-09-22

2004-09-22T17:48:52Z

Sorry you feel that way. I think you've misunderstood what I'm saying, though.

To clarify for subsequent readers:

DSO *is* something you want to fix. Just make sure that you have all the latest Internet Explorer Patches installed, and you're done.

After updating IE to the latest set of patches, folks using Spybot Search and Destroy may continue to see reports of the DSO Exploit as being a vulnerability on their machine. This is an acknowledged bug in Spybot Search and Destroy. Check out the link to the Net Integration Forums listed with the article above.

So to summarize:
- If your IE is NOT up to date with patches: get it up to date.
- If your IE *is* up to date with patches, and spybot reports DSO exploit, you may safely ignore Spybot's report.

Or, as others have suggested you can use another browser. I'm fairly happy with Firefox these days.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Bridie on 2004-09-22

2004-09-22T17:41:35Z

All this advice of not to worry is complete junk!
Do not tell me not to worry about DSO Exploit when I can see things happening to my system. If you can't be bothered to offer advice not tainted with the Microsoft company line then just don't bother at all. Are you in a relationship with Bill? DSO Exploit is a problem for anyone whom thinks it is! Stop posting patronising advice and just deal with it or go talk about something else. Example how great you think Bill and his rubbish IE really is.
Leo poor show!

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from hyattf on 2004-09-22

2004-09-22T12:56:19Z

i have found one sure fire way to end this dso... once & for all. i bought a mac!

conventional wisdom is that scumbags that write this stuff do not do so for mac & unix. don't know how true that is but i have been running netscape 7.2 on os 10 & have yet to experience any problems

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-09-18

2004-09-19T03:58:43Z

No, that's probably not related to DSO exploit in anyway. That message happens when a program misbehaves, typically due to a bug in the program. What to do will depend on what program you were running at the time, or the program that should have been mentioned in the error message. If it was Internet Explorer, you can check this article for more: http://ask-leo.com/iexploreexe_has_generated_an_error_now_what.html

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from kayle on 2004-09-18

2004-09-19T00:40:49Z

Sometimes for no reason and without warning that stupid "microsoft has had an encounted a problem and needs to close" message comes up, it is very frustrating and now even my programs are doing it. Is DSO exploit responsible for this, if not can you tell me what is. Thanks

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from PhantomSteve on 2004-09-18

2004-09-18T16:51:35Z

> Today I tried to install SP2.... Posted by: Linda Bond at September 3, 2004 04:29 PM

Linda, I don't know if you got a solution, but my advice:
Order the SP2 CD from MS (it's free... takes "4-6 weeks", but I got mine in 2 weeks) - you can order it from the Win Update site. I'm just thinking that maybe there was a fault in the download? I know the CD works, cos it worked perfectly on my machine.

Regards,
PhantomSteve

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from ted fritsch on 2004-09-17

2004-09-17T21:43:38Z

I have purchased adware, spybot, spyvest, and desostop2, and all have identified the problem, and some are saying they have deleted the culprit.

However, when I open up IE my home page web site still wants to go to the promptview.info web site, I have changed it via the IE tools, it works until I reboot, than that sucker returns to the stupid search site as my home page.

Can someone show me how to get rid of this thing, or point me to the person who did it, so I can personnaly ring that jerks neck.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Dracarius on 2004-09-14

2004-09-15T05:44:54Z

Try this!

http://www.nsclean.com/dsostop.html

All the info you want on dso exploit is there. Keep in mind, Microsoft has a fix for it already, but for those of you who keep worrying....

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from DJ Kinney on 2004-09-14

2004-09-14T14:11:52Z

All this advice hinges on the fact that staying up-to-date with patches will solves the problem. This is untrue. I am running XP Pro service pack 2 with all patches and am infected by the CWS (aka about:blank) about once every 48-72 hours. It is cleaned to a high degree of confidence with a cross check of several programs (ad aware, spybot, and manual removal) only to return with a DSO exploit and a reinstallation of all the malicious registry keys. I am not running antivirus or a firewall (beyond the XP) because I am trying to deal with the problem on a more fundamental level at this point. Rather than plug the dyke, I want to fix the hole.

These are the facts. The vulnerability must still be in the system.

What now?

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Nichole on 2004-09-13

2004-09-13T18:09:59Z

This may be a stupid question but how do I know I have IE updated with the latest patches! Thanks

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ron on 2004-09-11

2004-09-12T04:46:09Z

As I understand things Harry, the DSO exploit is more like a back door in the Windows operating system, that has been left unlocked. As I have heard here, there is a patch that puts a lock on this back door. I myself chose to delete it altogether. (although I have heard on more than one occasion that, that was not necessary) My best guess would be that reinstalling Windows would restore the DSO exploit, rather than getting rid of it. I do know that when I recieved my PS2 update from Microsoft, (although I had deleted the 1004 entry from my registry) my DSO exploit had returned. (so I deleted it again) For me it was a "peace of mind" thing, and efficiency didn't play a large role in my decision making process. Hope this helps, as it is "to the best of my knowledge" and "as I understand it". (L9)Ron

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-09-11

2004-09-11T17:14:26Z

DSO exploit is not spyware. It's a vulnerability in Internet Explorer that is resolved by keeping IE up to date with the latest patches.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from harry on 2004-09-10

2004-09-11T03:40:04Z

Will reloading all software from original boot disks/system restore disks get rid of all spyware including "DSO exploit"?
thanks

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from John :-) on 2004-09-09

2004-09-10T07:31:05Z

Thanks Leo and Jim...
As I mentioned before, I had already deleted the 1004 entry from the registry, and was hoping I hadn't harmed my computer in some way that I am not yet aware of. If there is anything that you know of, or that you find out in the future, that could cause a problem as a result of deleting the 1004 entry, could you please post it here and let me know. Thanks again, John :-)

BTW, You might want to consider taking the ad for "Spyware Nuker" off of your site... it has "Gator" and a Keylogger in it.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from jim on 2004-09-09

2004-09-10T02:11:07Z

Hi John,

As Leo says, as long as you are fully patched there is no need to concern yourself with the DSO exploit.

The entry "1004" that this relates to is in the "My Computer Zone" and is the setting for "Allow download of unsigned ActiveX control". When set to a DWord value of 3, this setting is disabled.

When it was not disabled on unpatched PC's, it was possible for malicious code to be run on your PC without your consent.

Microsoft released a patch some time ago addressing the problem which was also included in Service Pack 1 (As well as Service pack 2). When you are patched, you can't be "unpatched". It other words this exploit cannot happen as your machine can't become vulnerable again to this particular problem.

From my understanding, whether disabled or not, or if you have even deleted this entry, as long as you are patched there will be no adverse affect to your PC.

Again, as Leo says, as long as you are patched, you can safely choose to ignore the error. If it annoys you to see it turn up in the scan, tell the scan to ignore it or modify the registry to correct the problem manually, but there is really no need.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-09-08

2004-09-09T06:13:17Z

I never said it would harm anything. Only that if IE is up to date, it's simply not neccessary to take those steps - you can safely ignore the DSO exploit warnings in Spybot.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from John Smith ;-) on 2004-09-07

2004-09-08T06:52:44Z

Question for Leo...
What harm would it do to simply delete the DSO exploit,(1004) as suggested by L9Ron in a previous post. I have done just that, with no ill effects. If deleting the 1004 entry can cause problems, what would those problems be? Could you please give the exact details of any problems this has caused for you, or others, that you know of? I am confident that you have the answer for this querry. Thanks for your time, and I am looking forward to a comprehensive explanation.
John Smith ;)

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-09-05

2004-09-06T06:00:54Z

As stated in the article, there is no need to do that. All you need do is make sure IE is up to date, and then ignore the warning in SpyBot, until SpyBot is updated to fix it.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from jim on 2004-09-05

2004-09-06T02:41:01Z

To fix this probelem please follow the steps below. As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

Right click the error found in spybot and select "more details","jump to location". This will open registry editor and go to the correct registry entry to modify. Sometime Spybot doesn't do the jump the first time for some reason, just do it again to kick it into action.

You will see it has focused on an entry which is 1004 of the type "reg_sz", this should actually be a "reg_dword".

You will need to delete the 1004 entry.

Create a new DWORD called 1004 by right clicking on the folder which contained this entry (normally "0"), select New, DWORD value. The default value it's given is "0"

Double click 1004 and change "0" to "3".

This will need to be done for every DSO exploit entry that Spybot has found.

As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

]]>

A comment on: What's a 'DSO exploit' and how do I get rid of it?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.