Spyware in IE not going!!

[tuxfan]

A scan be Spybot (1.3, updated) gives me only 1 problem.

Quote:

DSO Exploit
Data source object exploit
HKEY_USERS\DEFAULT\Software\Microsoft\Windows\Curr entVersion\Internet Settings\Zones\0\1004!=W=3

The description reads:

Quote:

Company: Microsoft
Product: Internet Explorer
Threat: Security hole

Company URL:
http://www.microsoft.com/
Company product URL:
http://www.microsoft.com/windows/ie/
Company privacy URL:
http://www.microsoft.com/info/privacy.htm

Description
There's a security hole in IE allowing websites to execute code without asking you first. You can find more information at http://security.greymagic.com/adv/gm001-ie/

When I click on Fix selected problems it displays a message saying 1 problems fixed. However, when I again check for problems, it again shows the same problem

Please tell me what's wrong? Why is Spybot not fixing the problem? Shall I manually edit the registry and delete the key? Anyway, I don't use Internet Explorer.

[busyanuj]

the site Greymagic Softare also provides a workaround for this problem:

Quote:

Since the injected <object> runs in the "My Computer" Zone changing the Internet Zone's settings couldn't affect it, but changing the affected zone's settings will prevent this exploit from running.

Here is the registry information:

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ Zones \ 0]
Change the value of "1004" (DWORD) to 3.

tuxfan, could you give a little bit of additional information about:
which Windows OS do you use?
which IE version are you using?

this specific problem dates back to March 3, 2002.
if you're using Windows XP, then installing Service Pack 2 will fix this for you.

[tuxfan]

Thanks for the help. It is Win98SE with IE6.

[digen]

I would like to clarify one thing here,if you are getting the DSO-exploit everytime that you perform a scan with spybot then there is nothing to worry about,its a bug in spybot.
The dso-exploit which have a dword value of 3 in the registry are all nothing but false alarms.

To configure spybot not to detect bogus dso exploit follow the steps given here.

[goobimama]

Why on earth would you use IE? get firefox and rid your problems of spyware...

Milind

[busyanuj]

goobimama, atleast read tuxfan's post carefully !

Quote:

Originally Posted by tuxfan

Please tell me what's wrong? Why is Spybot not fixing the problem? Shall I manually edit the registry and delete the key? Anyway, I don't use Internet Explorer.

[bravefart]

Ok buddy s'up;
First thing my mind goes to in your trouble is Registry problem and you never mentioned if you uninstalled IE or not or its that you have just stopped using it. As for the spyware certain hijacker and spyware are so smart even if you clean them up they still leave their footprints in your registry and next time bang they reinstall themselves back . As for SpyBot am not a great fan of it ; it has its own security issues which I dont wanna discuss here.
First thing I would suggest among freeware anti spy Yahoo's free anti Spy ware YPSR is good ; among shareware Spy Doctor but the best of bestest(whatever that means :roll: ) which I found is "Hijack This" but warning only for advanced user ; if you dont know what you are are doing you may end up doing more damage than any good.
It doesnt end there, then you gotta delete bad and illegal(Immoral if you please ) registry; can use Registry mechanic much easier and safer than manual thing ; but I would again suggest multi Utility program System-Mechanic ; it has registry cleaning among 100's other things ; its totally safe and easy to use I just love it it has a anti spyware program tooo. It has a pro version and Home version which is smaller and as good as pro . You can get it free 30 days full trial from www.Download.com or any other site I think last version was 5.0

And for Godsake Uninstall IE if you already havent . Mozilla Firefox is the best around till date. Do let me know how you fared with your cleanup.
Till then Ciao and best of luck

Peace V

[naveenchandran]

I do consider IE itself as a spyware

Better switch to opera or firefox or any other popular browser

[hard_rock]

same prob. here Guyz.But I use XP Home SP2.Btw....I don't use IE 4 net surfing....Opera rules.
Is there any security threat?

[swatkat]

XP useres need not worry because this DSO exploit is a pretty old problem and is already fixed.That's a glitch in SpyBot and it throws it everytime.
To avoid getting it,u can exclude that from scanning.

As far as 98 goes,upgrade IE to IE6SP1 and u can use this software called DSOstop which scans for DSO vulenarability and blocks them.
http://nsclean.com/dsostop.html

[tuxfan]

Thank you all for replying. But let me make one things clear. I DON't use IE for surfing!! I use Firefox. Additionally, Zonealarm is configured not to allow IE access to internet (i.e. when I have to use Windows for net surfing). So it can't just do much damage. But when Spybot can't fix it, I started wondering how serious is that!

As regards HijackThis, I know whom to contact in case of my log So no problems there. I don't consider myself an expert, but I am not even a dumbo I know who can be relied upon

[theKonqueror]

Quote:

Originally Posted by naveenchandran

I do consider IE itself as a spyware

Better switch to opera or firefox or any other popular browser

Guys, three cheers 4 naveenchandran!!!!