Troublesome pests keeps reviving themselves

[anneAnna]

Every day I run Spybot S&D and everyday I find one and the same DSO exploit.
Even though DSOs have been "immunized" against, it keeps reviving and
coming back. Is there some way to stop it for good?

It's in the registry as HOTKEY_LOCAL_MACHINE.\.\.\...\zones\0\1004!=W=3

Pest Patrol also comes up with a single item every time, called
"twain-tech". Deleting registry entry doesn't kill it, keeps coming
back. It's key is HOTKEY_LOCAL_MACHINE\..\..\activex
compatibily\{000020dd-c-4113-af77-dd56626c6c42}|compatibility flags

Anyway to stop this too?

I'm not really knowledgeable, but I get called to fix browser problems
frequently, and I hope this is IT.


ana

 

[Guest]

Anna,

You might try running Adaware by Lavasoft. You can download it here:
http://www.lavasoftusa.com/support/download/

It's a free program, similar to Spybot. My experience has been that
Spybot isn't enough. Adaware fixed problems that Spybot failed to
do.

HTH,
B W

 

[anneAnna]

Thank you, BW.
AAMF, Adaware can't locate it either. there must be a .dll or something
that all the anti-spyware on the machine seem to miss.
Ana

 

[Bruce Chambers]

Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH

 

[anneAnna]

Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers

Thank you. It was sort of driving me nuts.

ana

 

[anneAnna]

Greetings --

The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.

MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182

If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/

The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs

In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.


Bruce Chambers

After reading the article MS02-015, it occurs to me that DSO
identifications have happened after I clean-installed windows xp.
Most of the cumulative patches turned into B8xxxxxx hotfixes. Only 2 of
the Q3xxxx patches remain, Q319182 not being one of them.
Since the update site has nothing critcal to add, I am at a loss.