Spy Bot DSO Exploit

[smith.p.sean]

Everytime i scan with Spybot i get 4 DSO exploits that are found, there used to be five but i downloaded a small utility after researching this that patched one of them... This is really annoying, is there anything i can do to fix it and get rid of it??? I looked into it like a couple months ago so perhaps someone can give me newer info on how to get rid of it??

[Google]

[smith.p.sean]

*bumb, perhaps could ne one awnser this??? nathan? ne one? i would really like to know because for the time being i switched to advanced mode in Spy Bot and disabled it.

[null_set]

yo.
I've had that problem, under the same circumstances as you, it seems. I've isolated it in the registry

HKEY_USERS\S-1-5-21-682003330-1708537768-854245398-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

I've tried killing it several times. It won't go away.

Anyone else have a clue?
_________________
[ ]
chown -R us ./your_base

[Spiegel]

my spybot also picks up the 5 DSO exploits every time...nothing else manages to get on my machine, just those 5...
_________________

[Ham_fisT]

I've googled and read a lot of threads about this, and no one seems to be able to answer the WHY question, they all say to just ignore it
_________________
Yeah....... ok

[[KoG]^weaZel]

I have this same problem on just about every computer that I have used SpyBot on. And like others have said I dont know how to get rid of them.
_________________
I tweaked and it tweaked back! So I Tweaked some more!

"Barney is like the Michael Jackson of PBS." - James Tybeerious

[Fitz Goran]

Spybot doesn't fix this problem properly. Instead of changing the 1004 DWORD value to 3 it deletes the dword value and creates an empty string value.

You can fix these problems manually by deleting the 1004 string valueand creating a new dword value, naming it 1004, and settings its value data to 3.

- or -

you can download this update http://www.majorgeeks.com/download4392.html

[[KoG]^weaZel]

Thank you for the tip Fitz!
And welcome to TweakNews.
_________________
I tweaked and it tweaked back! So I Tweaked some more!

"Barney is like the Michael Jackson of PBS." - James Tybeerious

[FroGGer]

this is a bit off the subject but I know how you feel. Everytime I run NAV 2004, I get two of each of the following files that will not go away. They are
kill.exe and load.reg. One is a IRC Trojan and the other is a Trojan Horse, and NAV can't delete these and spybot never found them. Do I need a different program to get rid of them. I heard of a program called The Cleaner, but it's payware. Does anyone have it or know if it is good?
thanks
_________________
ABIT IC7 MAX 3, Corsair PC4000 Pro, P4 2.6C @3.23 GHz 1:1, 2.5-4-4-7, 2 WD Raptors in RAID 0

[Fitz Goran]

FroGGer, have you tried running NAV in safe mode?

Another option is if Norton identifies the trojan goto http://www.sarc.com/avcenter/vinfodb.html and search for the trojan's name. Usually the instructions found there work good for removing trojans.

[FroGGer]

Yes I have and Norton identifies it but I can't find instructions on how to delete it. Does NAV get rid of trojans?
_________________
ABIT IC7 MAX 3, Corsair PC4000 Pro, P4 2.6C @3.23 GHz 1:1, 2.5-4-4-7, 2 WD Raptors in RAID 0

[Fitz Goran]

Usually NAV can get rid of trojans.

Which trojan is it?

[FroGGer]

kill.exe and load.reg
_________________
ABIT IC7 MAX 3, Corsair PC4000 Pro, P4 2.6C @3.23 GHz 1:1, 2.5-4-4-7, 2 WD Raptors in RAID 0

[FroGGer]

And I just checked and they're not quarantined either. They just show up whenever I run it (in safe mode since I always run it in safe mode).
_________________
ABIT IC7 MAX 3, Corsair PC4000 Pro, P4 2.6C @3.23 GHz 1:1, 2.5-4-4-7, 2 WD Raptors in RAID 0

[Fitz Goran]

What are the names of the trojans as identified by NAV?

[FroGGer]

one is load.reg listed as an IRC Trojan
and the other is kill.exe listed as a Trojan Horse
_________________
ABIT IC7 MAX 3, Corsair PC4000 Pro, P4 2.6C @3.23 GHz 1:1, 2.5-4-4-7, 2 WD Raptors in RAID 0