Ask Leo! by Leo A. Notenboom

What's a 'DSO exploit' and how do I get rid of it?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Viruses and Malware

Summary: A 'DSO exploit' is a bug in IE that might possibly allow untrusted software to run. Make sure you're up-to-date and you should be safe.

What's a 'DSO exploit' and how do I get rid of it?

The short answer: it's a bug in Internet Explorer that could under certain circumstances allow untrusted software to run. In other words, it's a vulnerability. The good news is that it's been fixed.

The confusion arises from the fact that at least on popular Spyware detection program reports the problem, but fails to apply its work around, and hence continually reports the problem. Even though it might not be a problem any more. (Update: that program has reportedly been fixed. See below.)

First, let's be clear. The vulnerability in Internet Explorer has been corrected. If you've patched IE and are staying up to date with current patches from Microsoft, you're safe, even if a DSO exploit is reported.

The confusion arises from a bug in Spybot Search and Destroy that continues to report the DSO Exploit problem, anyway. There are ways to force the report to go away, but it's more trouble than it's worth.

The bottom line: If you're fully up-to-date on Internet Explorer patches, you can safely ignore Spybot's report of a DSO Exploit. And update Spybot from time to time as well; they do plan to fix the reporting problem.

UPDATE: Spybot Search and Destroy has reportedly been fixed. My recommendation now is to download the latest version, and make sure you have it update its database of spyware to check prior to your next scan. It's possible that it may report DSO exploit once, but if you elect to fix it, then the report should go away on your next scan. I can confirm that it no longer reports DSO exploit on my system.

And remember, as long as you were up-to-date with Internet Explorer patches, DSO exploit was not an issue for you, regardless of what the scanner said.

Related:

Article C2135 - July 23, 2004

Was this article helpful? «Yes» «No»

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Recent Comments
89 Comments

Dso canot be removed with spyware programs.the reason is that it comes with a Dll.
you must edit the regestry. henkey users/software
microsoft/internet settings/ zones.


if you leave dso in your registry you may begin
have a problem with your internet.Spybot will find
dso but will not remove it.Dso may remain on a
disk that you may copyfrom a program.

Posted by: John Susi at September 14, 2005 8:05 AM

dso found by spybot. dso shown up by McAfee.. but ist still ther in zipped files. Anyone knopw if I can put them thru the McAfee shredder with a hope of success Or will it hide them and let them operate

Posted by: Duffy at November 21, 2005 10:21 AM

I've followed the directions for updating the registry to fix the DSO Exploit problem, and yet the Exploit continues to return. It hasn't worked for me. Exploit continues to cause IE to attempt to connect at start-up. Any other suggestions?

Posted by: matt at November 22, 2005 3:14 AM

1) Make a note of the location of the exploit shown in Spybot, something similar to:
HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor
3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title
4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.
If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.
5) Close the Registry Editor and Reboot your computer
6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.

Posted by: Harborsidefx at December 16, 2005 11:43 AM

I have found DSO Exploit does prevent certain Web pages from loading - eg Oracle Forms applications (doesn't affect Mozilla Firefox).

Going to try editing the registry - is this going to remove DSO exploit for good (Spybot removes it but it returns)

Posted by: Neil at April 23, 2007 7:47 AM
See all 89 comments...

Post a comment on "What's a 'DSO exploit' and how do I get rid of it?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!

http://ask-leo.com/whats_a_dso_exploit_and_how_do_i_get_rid_of_it.html

Copyright © 2003-2010 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure