Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

> How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

 
Reply to this topicStart new topic
> How to remove the DSO Exploit, Self-Help Guide
Grinler
post Oct 8 2004, 03:49 PM
Post #1


Bleep Bleep!
******

Group: Admin
Posts: 31,509
Joined: 24-January 04
From: USA
Member No.: 3

This self-help guide will walk you through the steps to remove the DSO Exploit


What this program does:

For most people you are seeing a notification that your computer has the DSO Exploit when you run a Spybot - Search & Destroy scan. If you have the latest updates for Internet Explorer and Windows you are not vulnerable to this exploit even though Spybot is reporting it is so.

On the other hand, if you are not fully updated you may be vulnerable to this exploit which could allow a remote user to take control of your machine.

Tools Needed for this fix:

Related Tutorials:



Instructions:

 

If you have all the updates in Windows and Internet Explorer and are receiving messages stating you are vulnerable to this exploit, you safe ignore this message. If you still want to make it so that you do not get these messages when running Spybot, the follow these directions:

When you run Spybot you may receive these entries in your log:

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

To fix this we need to change type of key it is in the registry. If you do not feel comfortable editing the registry then please ask for help on this in the forums. If you do feel comfortable follow these steps:

 
  1. Download and install registrar lite.

  2. When it is installed, run the application and paste the key found in the log, up to the 0 and before the 10004, into the address field and press enter. For example for the above log we would enter :

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\

  3. You should now see a listing of numbers in the right section of the program.

  4. Double-click on the 1004 value and when the properties come up check the Type field.

    1. If it is set to REG_DWORD:

      1. Enter 3 into the Hexadecimal field.

      2. Press OK

      3. Skip to step 5

    2. If it is set to REG_SZ:

      1. Press the Cancel button and right-click on the 1004 entry and click on the Delete option. When it asks you for confirmation press the Yes button.

      2. Then right-click in the right section and select the New Value option with a type of REG_DWORD.

      3. When it asks for confirmation press the Yes button.

      4. When the properties screen opens enter 1004 into the Value Name field and 3 into the Hexadecimal field.

      5. Press Apply then OK. If it asks for any confirmations, press Yes

  5. Follow this same procedure for other DSO Exploit listings you find in the Spybot log.

  6. When you are done exit Registrar Lite.

  7. Reboot your computer.


Spybot and other spyware removal programs will no longer tell you that you have this exploit.

This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


--------------------
Lawrence
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 8th November 2009 - 11:16 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.