Jump to content

Spybot DSO Exploit Errors.


Recommended Posts

Having just done a full system rebuild I was suprised at the amount of 'spyware' I had collected.

Once everything had been removed using the usual suspects of Spybot & Adaware etc I was still left with 5 DSO exploits within spybot.

These return even after fixing them. Luckily, many months ago, I had kept a .txt file on a separate partition into which I had typed the solution to this problem.

I place the contents here just in case I lose it and for the benefit of the public in general.

 

*****************

 

Problem:-

Spybot Scan returns 4 or 5 errors similar to following:

 

DSO Exploit at-

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

Running 'fix selected problem' appears to solve errors.

Further scan produces exactly same resulting DSO Exploits.

Continue ad-infinitum....

 

 

Information:-

Spybot is detecting a 'hidden' security zone (zone zero) which refers to 'My Computer', which is not visible by default.

This zone would normally appear under the Security tab of Internet Options control panel.

The registry value of 1004 relates to the downloading of Active-X controls, which by default is enabled.

A value of '0' will allow by default. '1' is manual, '3' is disabled.

 

Spybot is looking for these values to be '3'.

 

Using Spybot's auto-fix unfortunately alters these keys to the wrong type, changing them to a string value (REG_SZ) instead of a DWORD value (REG_DWORD).

 

Thus when it comes to check them again they are still wrong!

 

SOLUTION:-

The best solution is to manually edit the registry and set the values.

Open Registry Editor (REGEDIT) and navigate to the first affected key, say for example

 

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

 

In the right hand pane find the 1004 value. This is incorrectly a REG_SZ value instead of a REG_DWORD.

Right-click and [DELETE] this value.

Right-click again and select [New..] then [DWORD Value]. This will produce a REG_DWORD value called [New Value #1].

Rename this to 1004 and give it a value of 3,hexidecimal or decimal, it does not matter which.

Quit registry editor and run spybot again. This value will now not show up as a problem.

However, there may still be other very similar registry keys that will produce an error.

Fix these in the same way as above.

 

Some of the registry entries found to be affected are as follows:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

HKEY_USERS\S-1-5-21\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

The above list is not exhaustive.

search for any affected

'Software\Microsoft\Windows\CurrentVersion\Internet\Settings\Zones\0'keys and manually fix them as stated.

 

 

This problem has yet to be addressed in Spybot S&D.... :angry:

Link to comment
Share on other sites

Originally posted by TUG_Beaver

..Dont panic.... something to do with IE I believe

 

B) Panic ? That's something I never do as far as PC's are concerned.. It's just sometimes my 'long term memory ram' needs a reboot to refresh the service, I can't remember the last time I truly forgot something ... :wacko:

 

...and yes, you are correct, it is IE related; for the downloading of Active-X controls, in particular for the 'hidden' Zone 0 or 'My Computer' as it is more commonly known.

 

I have written a .reg file which when executed/merged into the registry will automatically over-write certain keys with ones of the correct type and value. Unfortunately I cannot preempt everyone's problem registry keys, just the more common ones....

 

but it's a safer bet for those that are not as adept at 'registry hacking' as others. :)

 

 

-*-*-*-*-*-*-*

 

For those interested copy the entire text below into a new .txt file and save it with an appropriate name eg., DSO Patch.txt

rename this .txt file to have a .reg extension.

execute this .reg file and you will be asked if you want to add the information to the registry.. answer according to your sexual preference.. :huh:

 

 

*-*-*-*-*-*Copy below this line*-*-*-*-*-*

 

 

REGEDIT4

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

@=""

"1004"=-

"1004"=dword:00000003

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

@=""

"1004"=-

"1004"=dword:00000003

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

@=""

"1004"=-

"1004"=dword:00000003

 

[HKEY_USERS\S-1-5-21\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

@=""

"1004"=-

"1004"=dword:00000003

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

@=""

"1004"=-

"1004"=dword:00000003

 

 

 

*-*-*-*-*-*Copy above this line*-*-*-*-*-*

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...