Digital [email protected] Posted September 29, 2004 Share Posted September 29, 2004 I found spyware on my laptop and downloaded Spybot. It found a bunch of stuff and deleted it. I thought all was good, but it continues to find what it calls a DSO exploit and can't remove it. I think this launches something else because next time I boot up there will be a bunch of other stuff that pops up. Spybot will clean the new stuff, but it comes back every reboot. What is a DSO exploit? I found a folder called DSO which the stated location is com/ms/xml. I also have a file called xmldso.class which I am suspicious of. Another program found ISTbar Msopt Powerscan I can't seem to remove those either. Any help is appreciated Quote Link to comment Share on other sites More sharing options...
Rogue_7 Posted September 29, 2004 Share Posted September 29, 2004 HiJack This Here is a very powerful/dangerous regestry hacking program. You run the program, then copy the log into a forum like this Tech Support Forum and someone will advice you on which specific bits to tag removable. Hope this helps. Quote Link to comment Share on other sites More sharing options...
shakhak Posted September 29, 2004 Share Posted September 29, 2004 Have you tried using Adaware, it's another spyware removal program. I'm not sure how it stacks up against Spybot but running it in addition to wouldn't hurt. Quote Link to comment Share on other sites More sharing options...
Enchantra Posted September 29, 2004 Share Posted September 29, 2004 I run both Spybot and Adaware and they each find things the other doesn't. But I think in Digima's case, he needs to do what Rogue_7 suggested. Quote Link to comment Share on other sites More sharing options...
Zordana Posted September 29, 2004 Share Posted September 29, 2004 Some IST bars are incredibly annoying to remove. You might wanna find out what one it is and download an actual removal tool, they work in a jiffy. We had one recently that was loading a search bar, i think it was called "iwantsearch" or some other nonsense. The easiest way to get rid of it was a small removal program. I have hijack this, noadware, adaware and a few other programs installed for emergencies ;) *Shakes her fist* Quote Link to comment Share on other sites More sharing options...
madrogran Posted September 29, 2004 Share Posted September 29, 2004 OK, to fix this you will need to go into your regtistry. Not sure of your expertise level, so forgive me if these are over simplified ;) A DS0 exploit takes advantage of a Windows IE feature. Basically, DSO will let you hide what application is passing data to the presentation layer. The DSO exploit works by changing 5 registry keys. HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 HKEY_USERS\S-1-5-21-746137067-1677128483-854245398-1003\Software\Microsoft\Windows\C urrentVersion\Internet Settings\Zones\0\1004!=W=3 HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 Originally these five registry keys are REG_DWORD's with a value of 0, but if you tell Spybot Search & Destroy to Fix the problem they will change to REG_SZ and the data value will be blank and they will continually show up as a problem each time you run Spybot Search & Destroy until you fix them manually. All of these keys start HKEY_USERS\ and end \Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3, the only difference being the second element in each key path. Spybot even tells you why these keys are a problem, albeit indirectly. At the end of each key we see 1004!=W=3, what this means is the key 1004 is not equal (!=) to a DWORD (W) with a value of 3 (=3). Therefore it is a relatively simple process of changing all of these keys to type REG_DWORD with a value of 3. 1. Click Start, then Run... 2. Type REGEDIT in the Run box and either hit Enter or click OK. 3. Locate the HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004 registry key. 4. Right-click on the 1004 key and select Delete and click Yes when prompted to confirm. 5. Click on Edit, then New and select DWORD. 6. Give the new Key a name of 1004. 7. Right-click the new 1004 key and select Modify and give it a value 3 and click OK. 8. Repeat steps 3-7 for each of the above registry keys, remembering that the long number afte S-1-5-21 will differ on each machine. 9. Close the registry editor. 10. Click Start, then Control Panel. 11. Click Network And Internet Options, then click Internet Options to open up the Internet properties. 12. Click on the Security tab, then click the Internet icon, then click Custom level. 13. Ensure that Download unsigned ActiveX controls is set to Disable and then click OK on Security Settings and then click OK to close Internet Properties. 14. Run Spybot Search & Destroy again, this time DSO Exploit will not show up. Good luck! -Madrogran PS, working for MS has it's advantages! ;) Quote Link to comment Share on other sites More sharing options...
Digital [email protected] Posted September 29, 2004 Author Share Posted September 29, 2004 Thanks for the help. I will check it out and fix the DSO error. Quote Link to comment Share on other sites More sharing options...
Errex Posted September 29, 2004 Share Posted September 29, 2004 Wouldn't Windows Update fix DSO issues with their security updates/service packs? Quote Link to comment Share on other sites More sharing options...
Durak Posted September 30, 2004 Share Posted September 30, 2004 Errex, I think it will prevent future DSO issues but will not fix old ones that are already on the system. This is one of the reasons why they tell you to clean it up before putting on the newest patch. Good ol microsoft, let the customers do the work and then they fix the problem. Quote Link to comment Share on other sites More sharing options...
Digital [email protected] Posted September 30, 2004 Author Share Posted September 30, 2004 Well this last round of problems with the security issues with MS products has convinced me to change formats to Mac. I believe the next time I update my home PC, it will be by purchasing a Mac. Quote Link to comment Share on other sites More sharing options...
madrogran Posted September 30, 2004 Share Posted September 30, 2004 Yes, MS is horrible about making an addition to their app that 95% of programmers use legitimately... As Macs gain in popularity, you will see the amount of security issues rise in them also. Although, I do own a mac and I love it too :) Quote Link to comment Share on other sites More sharing options...
House of Dexter Posted September 30, 2004 Share Posted September 30, 2004 just switch to Mozilla Firefox...you won't have these problems...Spyware problems fixed instantly...Microsoft needs to give the cx control of Com objects that get installed on there system...allowing you the ability to uninstall them or disable them... Quote Link to comment Share on other sites More sharing options...
Digital [email protected] Posted September 30, 2004 Author Share Posted September 30, 2004 I use Mozilla on the home PC, but there are still all of the viruses and other issues with MS products. As long as MS is king of the hill by such huge margins they will always be the target and therefore endanger us to such attacks. I don't really game on my PC anymore. I bought a game system for that. Quote Link to comment Share on other sites More sharing options...
Digital [email protected] Posted September 30, 2004 Author Share Posted September 30, 2004 I just downloaded Firefox for my laptop. Quote Link to comment Share on other sites More sharing options...
House of Dexter Posted September 30, 2004 Share Posted September 30, 2004 Its more than being the king of the hill... MS has left a major vulverability that they can't get around...without stating they where wrong...and that is to allow there applications the ability to execute code from outside sources without the users intervention or ability to say no to the code... Firefox and Netscape...don't execute code without your permission...also give you the ability to uninstall objects that you install on your browser. The worst spyware you will get on these browsers is cookies...which are easily removed... Just SAY NO TO IE and Outlook/Outlook Express Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.