DSO exploit in Windows XP reported by Spybot – Search and Destroy

Current threats
human factors
Patch management
PEN testing
Platform Security
vulnerability management
After updating both Windows XP and Spybot - Search and Destroy, the latter is reporting DS0 exploit registry entries on two computers not colocated on a network. Could this be as a result of a vulnerability being introduced with the August Windows XP security patches? Can you comment on the veracity of the article at web address http://www.auditmypc.com/DSO-exploit.asp, regarding DSO exploits?

Answer Wiki

Thanks. We'll let you know when a new response is added.

How do I Remove DSO Exploit?

If you have the latest Internet Explorer version and all your Windows Updates, you can safely ignore the DSO Exploit as a potential problem when Spybot Search and Destroy or other spyware removal tools discover it. However if you would rather fix the exploit so it does not show up again, follow these steps to edit your Windows Registry. Please be careful however, incorrect changes to the Windows Registry can cause Windows to not boot.

1) Make a note of the location of the exploit shown in Spybot, something similar to:

HKEY_USERSS-1-5-21-1614895754-73586283-725345543-500SoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones01004!=W=3

2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor

3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title

4) After opening the Zones section and clicking on ‘0’ look to the right window, under ‘name’ is the key ‘1004’ and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

5) Close the Registry Editor and Reboot your computer

6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Ve3ofa
    This is a known bug in Spybot 1.3 version 1.4 has addressed this bug. http://www.spybot.info/en/index.html This exploit was patched by Microsoft a long time ago and if you are up to date on your patches
    80 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: