• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Automatic Registry Fix?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

stikphysh

Member
Joined
May 15, 2002
Location
Reno, NV
I am not sure if im in the right forum or not, but here goes:

I am in a situation where i constantly run into Spybot Search&Destroy pics up the DSO exploit every time it scans. because of a glitch in spybot, it picks this up every time. to solve this problem you must delete several registry entries and manually enter a Dword value with a value of 3.

fortunately, most of these entries are always the same, but one of the HKEY_USER values seems to be different every time.

is there any way i can make this process simple? simple like running a single utility, creating a registry file you just import, or some form of macro or something?
 

nahmus

Member
Joined
Apr 5, 2002
Location
Sailing the Azure seas
you can fix it and then export the fixed registry to a backup file. the only problem would be that if you installed anything else that would be gone. try running CWshredder. its made to remove all versions of coolweb (which use that exploit). You can also load adaware as they now have a new plugin to remove the VX2 malware. oh and I would (unless theres a good reason not to) disable system restore before you fix the problem so that the registry keys cannot be pulled from the backup. once the registry is fixed then enable it again.
 
OP
stikphysh

stikphysh

Member
Joined
May 15, 2002
Location
Reno, NV
ggo-
i am fixing this on MANY machines, and it needs to not show up. people hate to see a problem, even if you tell them its not really a problem, so it actually has to be fixed.

nahmus-
cwshredder does not fix it. loading adaware isnt an option cuz they are anal about leaving it on machines that we fix. has something to do with them feeling they wont sell enough pay versions or something, i dont really know, but i know we cant leave adaware ont here. i could perhaps do the registry backup thing, however i have two questions with that... will the backups work on any machine? i work on many machines wtih every possible configuration. thats kinda way i was looking for a macro or something that will sort it out.
 
OP
stikphysh

stikphysh

Member
Joined
May 15, 2002
Location
Reno, NV
i believe so, however if spybot gets reloaded on the machine, that machine will possibly come back. the more i mess around trying to make this work out however, the more i think that may be my only option. lol
 

nahmus

Member
Joined
Apr 5, 2002
Location
Sailing the Azure seas
Have you tried hijackthis to look at whats getting loaded and then to remove the registry key? You can also go to the forums for hijackthis and look up that DSO exploit and chances are there is a fix there. If not you can post your log from hijackthis and there are people there (like here) that are very helpful in reading the log outputs.
Another thing that I did on my PC that really cut down on that type of infection is that I removed microsoft's Java Virtual Machine, which is unsupported now anyway and installed Sun's JVM. Its free and not that hard. Microsoft has a MSJVM removal tool and all you have to do is go to suns website fro the java download. I'm not sure if its an option for you or what OS'es you are running but it might be worth a shot on a few machines as a test.
 
OP
stikphysh

stikphysh

Member
Joined
May 15, 2002
Location
Reno, NV
i do use hijackthis and am very happy with it. however it does not fix this specific problem. i am dealing with this problem on just about every windows platform out there, however even a fix that only works on 2K and XP would save me a world of trouble.

as for this java virtual machine: how does it typicaly get installed? if i were to run all the windows updates on a fresh load of windows, would it install? or does it come in on a fresh load of windows? i noticed yesterday that the DSO exploit shows up if you load windows on a machine and run spybot. even before you connect to the internet.
 

nahmus

Member
Joined
Apr 5, 2002
Location
Sailing the Azure seas
hmmm now i'm really interested in this. Can you post that part of the hijackthis log with the dso exploit? or something from spybot? I do alot of cleaning of pc (independant consultant) and I can usually get them clean. I'd be interested to see if this is something new I've not run into yet. If it is I'd like to get a headstart.

thanks man. If you want PM me and I'll give you an e-mail addy to send logs to.
 
OP
stikphysh

stikphysh

Member
Joined
May 15, 2002
Location
Reno, NV
im surprised you havent run into the DSO explooit showing up on spybot. are you running version 1.3 with all the latest updates?

when you do run into this, its simple to fix, just time consuming. you will have to expand the catagory with the DSO exploit, then make a note of what entries are problems. it will end in something like "1004 W=3" i dont remember exactly what it is, but basicaly you browse to that location in the registry. delete the value of 1004, then create a new Dword value named 1004 then open it and assign a value of 3. do that with each entry and you will never see it on that computer again. i just wanna quicken that step as i end up doin that about 15 times a day.
 

addoraa

Registered
Joined
Jan 19, 2004
I also have run into this situation on a bunch of machines especially with a clean install of Spybot Search & destroy 1.3. So far the only way I have been able to fix it is change the registry values as stated above. The only machine I did not have a problem was one I did an upgrade on, from ver 1.2 to 1.3. On one machince (XP pro) the registry type for the 1004 entry was changed from a DWORD type to a String. Had to delete the the 1004 string and add a new 1004 DWORD type and value(3).