DSO Exploit

Bri

Question:

What is this? Spyware always finds it on my computer and others, despite formatting and, possibly, even before the computer has ever been on the 'net.
Is this some registry weakness - it finds 5 'occasions' or whatever you wanna call them - ? I have teatimer running and I've immunized my system. I don't use IE (as you mighta guessed from my sig) and so on. Btw there's nothing else but a stupid tracking cookie found on the system.

Problem or not? Remove it or what?

Thanks.

Edit: I found this from the Spybot team at the net-integration.net forums:
"The problem with the DSO Exploit is a little bug. We have already been able to locate and fix it, but unfortunately it was not included with the last update. It will hopefully be with the next one.
The DSO Exploit is a security gap in IE. Microsoft did already repair this, so if you have all Windows updates and patches installed, it is not dangerous for your system."

So now my next question - how does one check if all windows updates are installed? I've SP2 and turned on updates to tell me if there's something to get - nothing since SP install...or maybe 1 at most.

?

Ciaran500

http://windowsupdate.microsoft.com/

That should scan your pc and offer any available updates.

Optikus

Ciaran500 wrote:

http://windowsupdate.microsoft.com/

That should scan your pc and offer any available updates.

You will need to use IE to do this, if anyone knows of a way to update windows with firefox please tell me ..as i removed IE completely and dont really want to install it ever again.. but am thinking i might have to.

Bri

I'd be with Optikus on this one...

Can't say I'd love to (knowingly at least) let MS scan my machine...no reason but paranoia!

Thanks anyway!

Ciaran500

Only IE is supported by windows update.

There should be no problems with MS scanning your machine. I don't people using pirated copies of XP have anything to fear, as that not what MS is scanning for.

Optikus

Ciaran500 wrote:

Only IE is supported by windows update.

There should be no problems with MS scanning your machine. I don't people using pirated copies of XP have anything to fear, as that not what MS is scanning for.

how to you know what they are scanning for ... you can only assume.

Ciaran500

Windows Update wrote:

What data is collected – and why?
Windows Update collects general system information from your computer with each visit, so that you receive the updates that work best with your computer. The information is also used to generate aggregate statistics about how the Windows Update web site is used and which systems need support, so that we can improve our service. This information includes:



Computer make and model
Version information for the operating system, browser, and any other Microsoft software for which updates might be available
Plug and Play ID numbers of hardware devices
Region and language setting
Globally Unique Identifier (GUID)
Product ID and Product Key
BIOS name, revision number, and revision date

Says it in the T&C's.

Optikus

Ciaran500 wrote:

Says it in the T&C's.

Bleh ... don't believe everything you read.

kaimera

I get the exact same error from spybot, and it's usually the only thing if ****ing finds. adaware doesn't find it or ask to fix it.

I followed the link spybot gave and eventually came to a download page with the fix for it. It told me it only works with IE6 stoopid ****er.

running XP Pro with SP2. Dont think it's too serious, just spybot being retarded.

Optikus

Yeah i get it every time i don't even bother fixing it anymore its not causing any harm anyway... just a Spybot thang.

Hobbes

DSO exploit in spybot is a false positive. If you have a virus checker it generally nabs any DSO exploit attempts (at least Norton does).

Bri

Right thanks for all that guys.

MrVestek

Meh just use firefox... then no website can exploit many of IE's weaknesses then to install spyware onto your pc in the first place.

Capt'n Midnight

Achilles wrote:

Meh just use firefox... then no website can exploit many of IE's weaknesses then to install spyware onto your pc in the first place.

Don't forget that unless you are using Win95/Win98Lite/NT4 and have NEVER installed IE on the system (in the case of 98/NT this involves editing config files BEFORE the first install) you will have some part of IE on your system even if you are not using it as your active browser.

You still need to patch, because IE is there under the bonnet, integrated in to the OS. cf. Windows server 2003 - very secure, except for the back door called IE

[rant]I've been caught in the IE patch loop before with NT4 servers, in order to keep them upto date I installed IE6 and it's been one extra restart a month since to patch IE6 vunerabilities and most of them have been worse than the non-IE holes. I still don't know if the system would have been less vunerable with incomplete manual patching or having unpatched IE exploits on it...

Dammed if you do , dammed if you don't .

test999

Spybot S&D will remove this problem (update your pc too)
however, 5 registry entries will remain, they are harmless.
If you want you can manually run regedit (be careful) and
change the entries to hex 3 that's fine.
HTH