Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What's a 'DSO exploit' and how do I get rid of it?

What’s a ‘DSO exploit’ and how do I get rid of it?

The short answer: it’s a bug in Internet Explorer that could under certain
circumstances allow untrusted software to run. In other words, it’s a
vulnerability. The good news is that it’s been fixed.

Become a Patron of Ask Leo! and go ad-free!

The confusion arises from the fact that at least on popular Spyware
detection program reports the problem, but fails to apply its work around, and
hence continually reports the problem. Even though it might not be a problem
any more. (Update: that program has reportedly been fixed. See below.)

First, let’s be clear. The vulnerability in Internet Explorer has been
corrected. If you’ve patched IE and are staying up to date with current patches
from Microsoft, you’re safe, even if a DSO exploit is reported.

The confusion arises from a bug in Spybot Search and Destroy that continues
to report the DSO Exploit problem, anyway. There are ways to force the report
to go away, but it’s more trouble than it’s worth.

The bottom line: If you’re fully up-to-date on Internet
Explorer patches, you can safely ignore Spybot’s report of a DSO Exploit. And
update Spybot from time to time as well; they do plan to fix the reporting
problem.

UPDATE: Spybot Search and Destroy has reportedly been
fixed. My recommendation now is to download the latest
version
, and make sure you have it update its database of spyware to check
prior to your next scan. It’s possible that it may report DSO exploit
once, but if you elect to fix it, then the report should go away on your next scan. I can
confirm that it no longer reports DSO exploit on my system.

And remember, as long as you were up-to-date with Internet Explorer patches,
DSO exploit was not an issue for you, regardless of what the scanner said.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

Posted: July 23, 2004 in: ask-leo.com
Shortlink: https://askleo.com/2135
« Previous post:
Next post: »

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and "retired" in 2001. I started Ask Leo! in 2003 as a place to help you find answers and become more confident using all this amazing technology at our fingertips. More about Leo.

87 comments on “What's a 'DSO exploit' and how do I get rid of it?”

  1. Thanks for the explanation, Leo. I appreciate the information that is easy for us “non-technical” types to understand. I’ll be bookmarking your homepage.

    Reply
  2. I am running XP and have the latest updates. I have cleaned the registry once of the entires 1004 but can find no other entries as you describe. When I load my browser I am still getting about:blank as my browser’s home page and a bunch of pop ups about spyware. Internet options won’t get rid of it. This is driving me nuts!

    Reply
  3. All you have to do to permantly remove the DSO exploit is: First download Spybot search and destroy, then run a scan. Spybot can’t fix the DSO exploit but it does tell you exactly where to find it. Go to the run command on your start menu and type in “regedit”, then just follow the path to the source listed in the Spybot search results and delete it manually. It’s that easy. You can e-mail or IM me and I will walk you through the process. l9ron@aol.com
    (Thats L9, not 19)

    Reply
  4. i can’t get rid of it and my critical updates from microsoft wont load. the machine will not update IE with patch and the pop ups keep coming!

    Reply
  5. This one of the best thing I have found on my PC.I done just what you said to do, and got rid of DSO Exoloit. I tryed every thing I could, and could not get it off my PC. But this really worked.I will us this all the time now. Thank you very much. To all you people out there in PC land, use this site. Thanks again.

    Reply
  6. Leo, My brotherinlaw’s son, Kevin Goodier told me you were the best at this. This question has nothing to do with DSO. Today I tried to install SP2, with my Windows XP home edition. It failed to install. It downloaded fine. But failed at the end.I have done everything it has told me to do.(Wizard). Got any advice on this one…..? I appreciate your help in advance….Thanks, Linda

    Reply
  7. To fix this probelem please follow the steps below. As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

    Right click the error found in spybot and select “more details”,”jump to location”. This will open registry editor and go to the correct registry entry to modify. Sometime Spybot doesn’t do the jump the first time for some reason, just do it again to kick it into action.

    You will see it has focused on an entry which is 1004 of the type “reg_sz”, this should actually be a “reg_dword”.

    You will need to delete the 1004 entry.

    Create a new DWORD called 1004 by right clicking on the folder which contained this entry (normally “0”), select New, DWORD value. The default value it’s given is “0”

    Double click 1004 and change “0” to “3”.

    This will need to be done for every DSO exploit entry that Spybot has found.

    As usual, registry editing can stuff up your system completely or have unexpected results. Make sure you have a backup before attemting this procedure.

    Reply
  8. As stated in the article, there is no need to do that. All you need do is make sure IE is up to date, and then ignore the warning in SpyBot, until SpyBot is updated to fix it.

    Reply
  9. Question for Leo…
    What harm would it do to simply delete the DSO exploit,(1004) as suggested by L9Ron in a previous post. I have done just that, with no ill effects. If deleting the 1004 entry can cause problems, what would those problems be? Could you please give the exact details of any problems this has caused for you, or others, that you know of? I am confident that you have the answer for this querry. Thanks for your time, and I am looking forward to a comprehensive explanation.
    John Smith 😉

    Reply
  10. I never said it would harm anything. Only that if IE is up to date, it’s simply not neccessary to take those steps – you can safely ignore the DSO exploit warnings in Spybot.

    Reply
  11. Hi John,

    As Leo says, as long as you are fully patched there is no need to concern yourself with the DSO exploit.

    The entry “1004” that this relates to is in the “My Computer Zone” and is the setting for “Allow download of unsigned ActiveX control”. When set to a DWord value of 3, this setting is disabled.

    When it was not disabled on unpatched PC’s, it was possible for malicious code to be run on your PC without your consent.

    Microsoft released a patch some time ago addressing the problem which was also included in Service Pack 1 (As well as Service pack 2). When you are patched, you can’t be “unpatched”. It other words this exploit cannot happen as your machine can’t become vulnerable again to this particular problem.

    From my understanding, whether disabled or not, or if you have even deleted this entry, as long as you are patched there will be no adverse affect to your PC.

    Again, as Leo says, as long as you are patched, you can safely choose to ignore the error. If it annoys you to see it turn up in the scan, tell the scan to ignore it or modify the registry to correct the problem manually, but there is really no need.

    Reply
  12. Thanks Leo and Jim…
    As I mentioned before, I had already deleted the 1004 entry from the registry, and was hoping I hadn’t harmed my computer in some way that I am not yet aware of. If there is anything that you know of, or that you find out in the future, that could cause a problem as a result of deleting the 1004 entry, could you please post it here and let me know. Thanks again, John 🙂

    BTW, You might want to consider taking the ad for “Spyware Nuker” off of your site… it has “Gator” and a Keylogger in it.

    Reply
  13. DSO exploit is not spyware. It’s a vulnerability in Internet Explorer that is resolved by keeping IE up to date with the latest patches.

    Reply
  14. As I understand things Harry, the DSO exploit is more like a back door in the Windows operating system, that has been left unlocked. As I have heard here, there is a patch that puts a lock on this back door. I myself chose to delete it altogether. (although I have heard on more than one occasion that, that was not necessary) My best guess would be that reinstalling Windows would restore the DSO exploit, rather than getting rid of it. I do know that when I recieved my PS2 update from Microsoft, (although I had deleted the 1004 entry from my registry) my DSO exploit had returned. (so I deleted it again) For me it was a “peace of mind” thing, and efficiency didn’t play a large role in my decision making process. Hope this helps, as it is “to the best of my knowledge” and “as I understand it”. (L9)Ron

    Reply
  15. All this advice hinges on the fact that staying up-to-date with patches will solves the problem. This is untrue. I am running XP Pro service pack 2 with all patches and am infected by the CWS (aka about:blank) about once every 48-72 hours. It is cleaned to a high degree of confidence with a cross check of several programs (ad aware, spybot, and manual removal) only to return with a DSO exploit and a reinstallation of all the malicious registry keys. I am not running antivirus or a firewall (beyond the XP) because I am trying to deal with the problem on a more fundamental level at this point. Rather than plug the dyke, I want to fix the hole.

    These are the facts. The vulnerability must still be in the system.

    What now?

    Reply
  16. I have purchased adware, spybot, spyvest, and desostop2, and all have identified the problem, and some are saying they have deleted the culprit.

    However, when I open up IE my home page web site still wants to go to the promptview.info web site, I have changed it via the IE tools, it works until I reboot, than that sucker returns to the stupid search site as my home page.

    Can someone show me how to get rid of this thing, or point me to the person who did it, so I can personnaly ring that jerks neck.

    Reply
  17. > Today I tried to install SP2…. Posted by: Linda Bond at September 3, 2004 04:29 PM

    Linda, I don’t know if you got a solution, but my advice:
    Order the SP2 CD from MS (it’s free… takes “4-6 weeks”, but I got mine in 2 weeks) – you can order it from the Win Update site. I’m just thinking that maybe there was a fault in the download? I know the CD works, cos it worked perfectly on my machine.

    Regards,
    PhantomSteve

    Reply
  18. Sometimes for no reason and without warning that stupid “microsoft has had an encounted a problem and needs to close” message comes up, it is very frustrating and now even my programs are doing it. Is DSO exploit responsible for this, if not can you tell me what is. Thanks

    Reply
  19. i have found one sure fire way to end this dso… once & for all. i bought a mac!

    conventional wisdom is that scumbags that write this stuff do not do so for mac & unix. don’t know how true that is but i have been running netscape 7.2 on os 10 & have yet to experience any problems

    Reply
  20. All this advice of not to worry is complete junk!
    Do not tell me not to worry about DSO Exploit when I can see things happening to my system. If you can’t be bothered to offer advice not tainted with the Microsoft company line then just don’t bother at all. Are you in a relationship with Bill? DSO Exploit is a problem for anyone whom thinks it is! Stop posting patronising advice and just deal with it or go talk about something else. Example how great you think Bill and his rubbish IE really is.
    Leo poor show!

    Reply
  21. Sorry you feel that way. I think you’ve misunderstood what I’m saying, though.

    To clarify for subsequent readers:

    DSO *is* something you want to fix. Just make sure that you have all the latest Internet Explorer Patches installed, and you’re done.

    After updating IE to the latest set of patches, folks using Spybot Search and Destroy may continue to see reports of the DSO Exploit as being a vulnerability on their machine. This is an acknowledged bug in Spybot Search and Destroy. Check out the link to the Net Integration Forums listed with the article above.

    So to summarize:
    – If your IE is NOT up to date with patches: get it up to date.
    – If your IE *is* up to date with patches, and spybot reports DSO exploit, you may safely ignore Spybot’s report.

    Or, as others have suggested you can use another browser. I’m fairly happy with Firefox these days.

    Reply
  22. For those asking about IE patches: http://www.windowsupdate.com is where you want to go. It’s the only site I use IE to visit any longer.

    CoolWebSearch is one of the nastiest pieces of software written to date and it’s author(s) really should be jailed.

    CoolWebShredder does a fair job at removing most versions:
    http://www.spychecker.com/program/coolwebshredder.html

    About.Buster does a good job of fixing About.blank or RES:// hijacks:
    http://www.malwarebytes.biz/

    However, my best advice matches the comment Leo made – switch to Mozilla or Firefox. Both can be obtained from http://www.mozilla.org. I happen to use the Mozilla suite as I use it for email as well as browsing, and Mozilla has a Quick Launch feature that makes it open browser windows even faster than IE (because it preloads like IE does – a feature not yet available in Firefox.) Mozilla browsers can not be affected by spyware (yet…I wouldn’t put it past these spyware autors to try if Mozzie gets more popular), have a built-in popup blocker that actually WORKS, and built-in junk mail filter.

    If only I could give my customers this advice, I’d be a happy man. (I work as a tech support agent for MSN. I deal with spyware calls for at least 10 hours a week – and CoolWebSearch is the nastiest one of all.)

    Reply
  23. Folks,

    I have all my ie patches installed and up to date running XP and IE. BUT this week I started getting popups. This seems related to an ‘automatic update’ from microsoft which popped up this week for KB833989. I stupidly installed it, even though I always manually go to the windowsupdate page, and since then i’ve been getting the popups. Oddly enough this exact same set of circumstances happened to a coworker this week. Anyone have any thoughts?

    Maybe this was actually a bit of spyware that looked like an MS update?

    Joe

    Reply
  24. An interestingly riveting read. I just got my cable internet installed with Cox. I talked with the guy who installed it about this exact subject. He said that it was a supposedly unbeatable program that no one could erase. Of course I had my suspicions because I knew that there is no such thing as an unbeatable piece of software. So I looked up DSO Exploit and found this site. Of course I’ve been watching the Screen Savers for a while, and the staff always solved all of my problems when other people called about them, so I trust everyone there.

    My point is (if there is one), is that I can see why people are scared of this exploit. It’s because there is a sort of confusion even amongst some professionals. Either that or the cable guy was pulling stuff out of his butt. I don’t know.

    Reply
  25. ok, originally i had 5 entires of dso exploit when i searched under spybot, and when i tried to delete them, it would delete it and then would come back next search. then i found sme stps involving chaning some number from 1004 to 3 perfectly, and then i downloaded dsostop and it says its activated and prevents any dso exploit, but that doesnt do any good, because now when i use spybot it picks up 4 instead of 5 entires for dso exploit. when i search for it regularly on my comp it finds NOTHING. even in hidden and compressed files, also, i “immunized” my system because it recommended it using one of anti-spyware sofwares, and now every time i sign online i hear 3 “drops” and if i do a spybot search, it picks up 3 new pieces of spyware, 2 from advertising.com and 1 from avenue a, along with my original 4 dso exploit entries, i can delete these 3 and when i research it wont pick them up, UNTIL i restart my internet connection, and then i search and theyre back. it was not like this befor

    Reply
  26. Hey, Leo, I must give you a massive congratulation on your response. Not so much to content as the tone. It would have been easy to respond by telling Bridie to pull her/his head in and you may well have been justified in doing so, it appears to me. However you clearly and calmly restated your advice and did so without rising to the bait. (Although your last note that you use firefox may have had the slightest tinge of “so there” about it, but I certainly can’t begrudge you that. I don’t know that my repsonse in a similar situation would have been anywhere near to gracious!!) Anyway, congrats!

    Reply
  27. My browser is firefox and I also use Mozilla.
    Internet explorer may be somewhwere on my computer.
    I use 98lite.
    Updates to MS stuff causes me more pain than needed.
    SpyBot reports the dos exploit on reboot.
    Do I have to update IE in order for SpyBot to stop reporting the DOS exploit.
    If I never use IE would the DOS exploit still be a threat. I was not always confused (well Uh maybe).

    T(om)

    Reply
  28. “Do I have to update IE in order for SpyBot to stop reporting the DOS exploit.”

    As the article states, Spybot has a bug which will continue to report DSO exploit, even after you’ve updated IE.

    “If I never use IE would the DOS exploit still be a threat.”

    IF IE has not been updated, then yes, it could still be a threat. Even though you use firefox, other applications often use core IE components and could be vulnerable. Also, some sites only work with IE (most notably Windows Update), so you’ll be firing up IE at some point anyway.

    My best advice: update IE.

    Reply
  29. Hi, Leo,
    Thanks for the link, but ‘wow,’ they suggest a lot of updates. Many of them are once added/cannot remove types. Should I be concerned about how much space these updates will take?

    Also, is it correct to assume I don’t have to uninstall anything these update are updating? I ask because when I ‘updated’ my security to the ’04 version, I had some problems and was told I was supposed to have removed the old ’03 version first. I had thought an update meant they were working from the same basic material and were only tweaking it.

    Thanks for any further help.

    Sharon

    Reply
  30. Hi Leo, have followed you for a couple of years now and think you are the WIZ. I got the SP2 disk since I only have dial-up capability’s. I d/l’ed a prog. from MS that told me I need MS 042-038 or close to that and when I d/led it my machine went heywire. Any thoughts thundermoon

    Reply
  31. hi leo!
    I have this problem where i cannot change my homepage for more than a day. There are two sites that like to be fighting over which one is my homepage and they are:
    http://www.othersearch.com
    http://www.worldsex.co.yu
    Its the worldsex which is the worst because when u start up explorer is begins recieving exploit viruses which are annoying to remove. I also have this annoying search toolbar that keeps on appearing after its been uninstalled.
    I hope u can help cause no spyware program can find anything!

    Reply
  32. I found this thread on othersearch: http://ask-leo.com/d-41031a

    This thread is a specific situation that clears up a number of infestations, including worldsex. I’m not sure if it will help you specifically, but it may, and if not the forum there is a good resource.

    In general, file sharing programs like Kazaa seem to be the biggest source of these parasites. Avoid installing those types of programs if at all possible.

    Reply
  33. I got rid of ‘DSO’ exploit my doing the following.
    Open Spybot and select’advanced’ mode.
    Select ‘settings’ in the left column.
    Select ‘ignore product’ in the left column.
    Select ‘security’ tab.
    Place check mark in box beside DSO exploit.
    Close program.
    Open Spybot and run a scan.

    You will find that ‘DSO’ exploit has been eliminated.

    Reply
  34. i’m running firefox and i tend to get the dso exploit reappearing contstantly. patches for ie are up to date, but i like firefox better. is there a weakness in firefox? why does dso exploit appear on every scan with spybot?

    thanks for your help,

    j.

    Reply
  35. The latest version of Spybot (11-23-04) finds DSO and says it has removed it but if you scan again it finds it again and again. In my case in 5 places each time.

    Reply
  36. Hi,
    DSO exploit pops up when I do a Spybot scan, only it says and there is also something written in another language.
    Would appreciate any advice.
    Thankyou,
    Lavender!

    Reply
  37. Ignoring the DSO Exploit will not get rid of the problem. It will just “ignore it”. I suggest googling for a solution as it does require registry key editing to fix. Computing.net has an answer for this problem which is an IE exploit that allows programs to be run on your computer without your permission. It’s probably not a big deal if you use firefox, but the solution is simple enough.

    Reply
  38. I’ll keep saying it, as I said in the article: as long as your Internet Explorer has been fully patched, you may safely ignore DSO Exploit warnings.

    Reply
  39. Hi;

    How do I fully patch Internet Explorer?? I have done the lastest windows updates, is that one in the same?? Sorry I am new user, not overly technical but I also have the DSO Exploit coming up when I run Spybot Search & Destroy. Any help you could provide would be appreciated. Tkx!!

    Reply
  40. Hi Leo;

    Tkx sooo much for your help with my question above – It gives me peace of mind to know that by doing the windows updates I don’t have to worry about DSO Exploit – have a good one. )))))

    Reply
  41. Okay, probably I’m being an idiot, here, but… I’m using Firefox, but I still have IE on my machine because sometimes I have to use it since it has so many hooks into windows. I’m on crappy dialup and it takes forEVER to download patches, so I’d rather not if I don’t have to. Must I do this if I never use IE unless I am forced and I have Zone Alarm running constantly? A further comment… I was going to remove DSO Exploit from my machine manually, but the location is so long that SpyBot doesn’t display the whole thing. Am I missing some simple command to show the entire location?

    many thanks

    Reply
  42. Is it just me or has Spybot not fixed??? I have version 1.3 of Spybot and have updated it several times so the definitions should be up to date – and the DSO exploit message keeps coming back! My IE updates are up to date so I am not worrying.

    Thanks.

    Reply
  43. Read all the articles, I have noted experts comments and spent hours surfing, I do have all the patches updates sp2 etc however it took a manual edit to remove this pest, It is all very well saying keep updated or ignore it but why should we? microsoft has a patch i read, or its not a problem, as Im a gentleman I wont swear! I have spybot adaware spysweeper etc the list goes on and on, speaking as a relative necomer to xp It is no longer a pleasure to use my pc . sick of having to research and pay for software etc I do not really want a pc crammed with anti this and that! Im of two minds to pull the plug reinstall my system to its virgin state and not venture onto the net except via the public library , why cant some one write a simple program to automatically correct the registry error, I had to pay 20 pound to get mine done then I promptly backed up my pc so if it comes back i can sort it out, sp2 was supposed to be great solve most things NOT SO It should be made a criminal offence

    Reply
  44. i’ve run spy bot several times and it keeps finding dso exploit AND my internet doesn’t work. iexplorer just goes to res:shdoclc.dll/dnserror.htm and doesn’t find the page or reverts to wtn-eto.comhp.htm2id=632 and mozilla will allow me to access one page and then it stops trying to build new pages and outlook can’t reach the server.
    i’ve recently installed xp and installed updates so don’t know what else to do.
    plese help.

    Reply
  45. Is the new exploit going to be a problem.
    Internet Explorer has become an even bigger security risk — even on Windows XP SP2 — with the publication of a new and extensive exploit. Security researchers have warned that the exploit — which takes advantage of known loopholes in SP2 — could allow an attacker to run script code on a user’s system via a specially crafted Web page. The holes involved have been known publicly for more than two months, but previous exploit techniques required the user to take actions such as dragging an image from one part of a Web page to another. The new exploit is fully automated, requiring the user only to visit a Web page in Explorer. Other browsers and operating systems aren’t affected. Microsoft has warned users to turn off IE’s “Drag and drop or copy and paste files” option as a partial solution. The danger can also be lessened by setting security levels to high for the “Internet” zone or, as several security firms pointed out, using another browser. Researchers have identified three separate, but related issues in IE. The first problem can be avoided by disabling the “Drag and drop or copy and paste files” option, but the new exploit doesn’t rely on this particular bug

    Reply
  46. I regularly check for and update (weekly) all Microsoft patches/updates along with any updates for spybot version 1.3. These products are right up to date. However, I continue to get the DSO Exploit in a number of registries when I run Search & Destroy. Thanks to all your information, I know I can safely ignore as I am up to date with all my updates etc. However,it is still very annoying. I thought the problem with the Spybot Search & Destroy program had been solved with a fix in one of its updates? Is this in fact, not the case? Am I missing something somewhere?

    Reply
  47. I dont know what causes the DSO exploit. But if you go to Major Geeks downloads, there in the spyware section there is a download that will fix it. you must have the latest programme of spybot installed for it to work.

    Reply
  48. Leo, Thanks for the information. I have been trying to get this darn thing off of my registry for the past few days. Have done everything that I know of. Thanks for the information that it may in fact now not be a problem. Thanks again. Steve

    Reply
  49. I found that my computer has “DSO exploit” and i thoought “no biggy” till it never went away and i was forced into a mess of spayware popups i get 20-30 a day of these little things that clam i have “spyware on your computer” and such at first i didnt belive it because it told me to go to some gay site named something like “www.Fixyman.com” or “www.Fixyurboxnow.com” and such till one day it asked me to increase my ..body part and my mother found it and freaked out now i must get rid of this thing because my mom now thinks i look up mas amounts of porn. i have tried as much as i can have reformated at least 20 times this year because of this thuing and im now grabbing the power of the internet to lend me a hand to kill it…any pointers?

    -thanks flash

    Reply
  50. Leo, I’m not sure if this new spybot down load is real or not. I upgraged the spybot and did a new search and it did not find the DSO EXPLOIT instead it showed all clear congratulations but it never asked me to fix the problem.

    Reply
  51. “The short answer: it’s a bug in Internet Explorer . . .”

    I use Mozilla Firefox for my browser, and Thunderbird for news-email. Does this mean that I don’t have to worry about the DSO Exploit?

    Reply
  52. No, and yes. You still have Internet Explorer on your machine, and it’s used by certain applications, and is required for things like Windows Update. So you should still make sure that it’s fully up to date, after which you need no longer worry about DSO exploit.

    Reply
  53. Hola!
    I might be wrong, but you can’t get rid of a DSO Exploit. As I understand it, it is a Data Source Object vulnerability in Internet Explorer, Outlook and Outlook Express (something like a security hole that spyware uses). These types of spyware can be difficult to remove, and if removal is successful, it often returns soon after. Even when ActiveX controls have been disabled, a DSO Exploit is capable of operating and invading a PC. Even if you are up to date on your Microsoft Patches, like I am, programs like Spybot Search and Destroy will keep reporting it.
    To fix the problem (which is the vulnerability, not getting rid of the exploit) I used a small program, which is a freebie, by the name DSO Stop 2. It will patch the hole and you will never see the red lettering “DSO” after you run Spybot.

    Reply
  54. i have spybot updated and there is nothong that removes the blue tool bar at the bottom of my screen, it appears every time i open internet explorer and the bar doesn’t respond anymore.
    –> i’ll describe it to u so u can see if u’ve seen it before : there is 6 links : 1.Make Money,2.Music,3.Casino,4.Investing,5.Travel,6.Mortgage, then 6 scroll bar –>DAting,Travel , Careeres, Credit, Computer and insurance. After, there is a search space were u can write somthing. It has the skin of Windows XP and the little ‘x’ to close the window is inactive… Can someone help?

    Reply
  55. I have many protections on my computer, they are: Spybot search&destroy
    Spyware Blaster
    Microsofts antispyware beta
    Adaware
    Winpatrol
    Spyware doctor
    All of these programs are kept updated. A few days ago my browser became hijacked, so I ran several scans and discovered a nasty trojan and a variant of cws. Worse thing is they keep returning. I have my windows updates turned on, so I should be up to date. During a routine scan Dso exploit came up.
    Can you help me?

    Reply
  56. get someone help me get rid of this plz:

    Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
    Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ .

    ive used the following programs to get rid of them with no luck:

    Search and destroy
    Spyware doctor
    ad-adware se personal
    spywareblaster

    and yet i still have these dialers!!! im usuing Panda active scan
    http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

    and it keeps telling me i have these two dialers… plz help!

    Reply
  57. Dso canot be removed with spyware programs.the reason is that it comes with a Dll.
    you must edit the regestry. henkey users/software
    microsoft/internet settings/ zones.

    if you leave dso in your registry you may begin
    have a problem with your internet.Spybot will find
    dso but will not remove it.Dso may remain on a
    disk that you may copyfrom a program.

    Reply
  58. dso found by spybot. dso shown up by McAfee.. but ist still ther in zipped files. Anyone knopw if I can put them thru the McAfee shredder with a hope of success Or will it hide them and let them operate

    Reply
  59. I’ve followed the directions for updating the registry to fix the DSO Exploit problem, and yet the Exploit continues to return. It hasn’t worked for me. Exploit continues to cause IE to attempt to connect at start-up. Any other suggestions?

    Reply
  60. 1) Make a note of the location of the exploit shown in Spybot, something similar to:
    HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
    2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor
    3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title
    4) After opening the Zones section and clicking on ‘0’ look to the right window, under ‘name’ is the key ‘1004’ and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.
    If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.
    5) Close the Registry Editor and Reboot your computer
    6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.

    Reply
  61. I have found DSO Exploit does prevent certain Web pages from loading – eg Oracle Forms applications (doesn’t affect Mozilla Firefox).

    Going to try editing the registry – is this going to remove DSO exploit for good (Spybot removes it but it returns)

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.