Spyware making me so mad right now...

[KfistoRok]

I've ran spybot and ad aware. Done windoze updates and IE updates. Taken everything funky looking off bootup and I still get this little add about the size of a msn messenger sign on alert in the bottom right. The add comes up about every minute. Every time I do a spybot scan it comes up with four DSO exploits and I delete them, but they come back.

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1004336348-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


I have system restore off and did the scans in safe mode.

What else can I do? No I'm not gonna use a different browser.

Reload is not an option atm.

 

[fhanderson]

My grandson got DSO Exploit on my wife's computer. I'm trying to remember exactly, Run SpyBot, when you get the listings, right click on the listing. You should get a menu. I think you put the cursor on "More Details" you should have a side menu that says something like "Take me to that location". You will be taken to that entry in the registry, delete it. I suggest you create a restore point before doing this as a precaution. The computer has been running fine since. I tried Adaware and a couple other spyware removers and they couldn't remove the entries either. There was also a couple of ActiveX plugins in IE with this spyware. I used Norton Cleansweep to remove them.

 

[loks]

Run>msconfig>startup>uncheck all boxes>restart in safe mode>run Spybot or whatever you have>delete everything related to the spyware and restart in normal mode. run spybot again and check for spyware.

 

[loks]

Get Spysweeper!!!

 

[Mr. Chambers]

If you didn't already follow the two stickies, make sure you run through at least one of them to the T, if that doesn't fix your problems, post a hijackthis .log file.

http://www.ocforums.com/showthread.php?t=307720
http://www.ocforums.com/showthread.php?t=319615

 

[Viper2004]

I was under the influence that getting the exploit thing was just a spybot S&D error because everyone I know gets that error too.

 

[fhanderson]

I tried using msconfig and even downloaded a program that was supposed to shut off DSO Exploit but nothing worked except deleting the entries. Non of the spyware removers worked. One , I think it was Spyhunter actually added more spyware.

 

[Labotomy Jack]

I was under the influence that getting the exploit thing was just a spybot S&D error because everyone I know gets that error too.

I'm pretty sure you're right. I believe this is an old IE exploit that has since been patched or is at least no longer relevant, but for some reason Spybot S&D still picks it up on every scan. I've set SS&D to ignore these same 5 results quite some time ago.

EDIT: just found this link from a post by I.M.O.G. for a patch to SS&D to fix this problem.

 

[electromagnetic]

Solution: Delete the reg entries manually, I had the same thing.

 

[nikhsub1]

I was under the influence that getting the exploit thing was just a spybot S&D error because everyone I know gets that error too.

This is exactly correct. I get that error EVERY time i run spybot, it is just something I ignore and expect, do the same.

 

[Tatuya]

Go to Jack's link and it should then disappear. It has for me at least.

 

[I.M.O.G.]

Actually, the DSO exploit should not be ignored outright - it may mean you need windows updates/patches.

If you have the latest updates and patches, the exploit issue is fixed. Before updates, the DSO exploits are set at an incorrect value, and spybot has a bug where it resets them to a different incorrect value - so each time it "fixes" them, it resets them to another wrong value. This is what the fix linked to earlier fixes.

 

[Celeron_Phreak]

try running HiJack This, AVG Anti-Virus, Trojan Hunter and Ad-Aware. My older bro and I run all these on customer's infected PCs and we always end up removing everything in the end. Note that we also update windows, but remove all SP2 updates to keep SP2 problems at bay.

 

[I.M.O.G.]

Look up celeron phreak, he has no infection, just a bug - he either needs to go to windows update, or run the fix linked to in the above post.

 

[mrm1957]

Remember to shut off system restore before ruunning the removal tools or it will keep putting them back on. As soon as the culprit is removed turn it back on.

 

[cornbread]

I had the same problem a few week back, ran the patch that "Labotomy Jack" posted links for above and all my problems were fixed.

 

[KfistoRok]

Whoops. Kinda forgot about this thread. Thanks for all the advice.

I'm pretty sure I did all the Windows updates, except sp2. Thats a train wreck right there.

I work at my college's help desk and ad-aware/sb s and d takes care of most of our problems. I run AVG on my computers and it does a pretty fine job.

The pc I had probs with is back home. It's the comp I setup for my mom and she's hardly computer literate, so I go through the same type of stuff with it, as I go through here. I'll prolly just end up reloading it when this semester is over.

 

[I.M.O.G.]

Did you see my post where I explained that there is nothing wrong with it?

This link will stop it from showing up in SB S&D scans:

http://www.majorgeeks.com/download4392.html