Jump to content


Photo

5 recurring DSO exploits found by Spybot...


  • Please log in to reply
2 replies to this topic

#1 Commander Salamander

Commander Salamander

    Member

  • New Member
  • Pip
  • 1 posts

Posted 21 July 2004 - 08:41 PM

Hello,

This site is a fantastic resource. I've been trying to address my problem with a constant barrage of pop-up ads, but I'm coming up short, and have a few questions.

[#1] I went through my HijackThis log line-by-line with the help of the website in the stickied thread, and found only one questionable entry:

O4 - HKLM\..\Run: [zihnksymi] C:\WINDOWS\System32\vnkjmpcj.exe

This isn't mentioned in the comprehensive list of startup programs that I was referencing, and a google of the name yields nothing. Does anyone know what this is? I tried disabling it in MsConfig and nothing seems to have lost functionality... but my other problem remains...

[#2] Every single time I run SpyBot I get the following 5 DSO exploits:

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-562591055-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


I can fix them, but even if I rescan immediately they are still there. Do they pose a threat? What exactly are they?

Thanks for your assistance.

Edited by Commander Salamander, 21 July 2004 - 08:42 PM.


#2 Marianna

Marianna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 752 posts

Posted 21 July 2004 - 10:52 PM

HI Commander Salamander

IGNORE the DSO Exploits for now - it is a "known BUG" in SpybotS&D.

You can read about it here:

http://forums.net-in...f=28&t=15308

HTH
"The only source of knowledge is experience"
Albert Einstein (1879 - 1955)

Microsoft MVP Consumer Security 2006 - 2010

#3 JG427

JG427

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,020 posts

Posted 22 July 2004 - 12:46 AM

#1 sounds like a random generated file name.

Update your anti virus and run a scan or do an online scan here.

Then post a hijackthis log.
Posted Image
-----------Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button