Helping people with computers... one answer at a time.
A 'DSO exploit' is a bug in IE that might possibly allow untrusted software to run. Make sure you're up-to-date and you should be safe.
What's a 'DSO exploit' and how do I get rid of it?
•
The short answer: it's a bug in Internet Explorer that could under certain circumstances allow untrusted software to run. In other words, it's a vulnerability. The good news is that it's been fixed.
•
The confusion arises from the fact that at least on popular Spyware detection program reports the problem, but fails to apply its work around, and hence continually reports the problem. Even though it might not be a problem any more. (Update: that program has reportedly been fixed. See below.)
First, let's be clear. The vulnerability in Internet Explorer has been corrected. If you've patched IE and are staying up to date with current patches from Microsoft, you're safe, even if a DSO exploit is reported.
The confusion arises from a bug in Spybot Search and Destroy that continues to report the DSO Exploit problem, anyway. There are ways to force the report to go away, but it's more trouble than it's worth.
The bottom line: If you're fully up-to-date on Internet Explorer patches, you can safely ignore Spybot's report of a DSO Exploit. And update Spybot from time to time as well; they do plan to fix the reporting problem.
UPDATE: Spybot Search and Destroy has reportedly been fixed. My recommendation now is to download the latest version, and make sure you have it update its database of spyware to check prior to your next scan. It's possible that it may report DSO exploit once, but if you elect to fix it, then the report should go away on your next scan. I can confirm that it no longer reports DSO exploit on my system.
And remember, as long as you were up-to-date with Internet Explorer patches, DSO exploit was not an issue for you, regardless of what the scanner said.
Article C2135 - July 23, 2004
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Dso canot be removed with spyware programs.the reason is that it comes with a Dll.
you must edit the regestry. henkey users/software
microsoft/internet settings/ zones.
Posted by: John Susi at September 14, 2005 8:05 AMif you leave dso in your registry you may begin
have a problem with your internet.Spybot will find
dso but will not remove it.Dso may remain on a
disk that you may copyfrom a program.
dso found by spybot. dso shown up by McAfee.. but ist still ther in zipped files. Anyone knopw if I can put them thru the McAfee shredder with a hope of success Or will it hide them and let them operate
Posted by: Duffy at November 21, 2005 10:21 AMI've followed the directions for updating the registry to fix the DSO Exploit problem, and yet the Exploit continues to return. It hasn't worked for me. Exploit continues to cause IE to attempt to connect at start-up. Any other suggestions?
Posted by: matt at November 22, 2005 3:14 AM1) Make a note of the location of the exploit shown in Spybot, something similar to:
Posted by: Harborsidefx at December 16, 2005 11:43 AMHKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor
3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title
4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.
If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.
5) Close the Registry Editor and Reboot your computer
6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.
I have found DSO Exploit does prevent certain Web pages from loading - eg Oracle Forms applications (doesn't affect Mozilla Firefox).
Going to try editing the registry - is this going to remove DSO exploit for good (Spybot removes it but it returns)
Posted by: Neil at April 23, 2007 7:47 AM