Author Topic: SpyBot S/D  (Read 11632 times)

0 Members and 2 Guests are viewing this topic.

emma

  • Guest
SpyBot S/D
« on: September 11, 2004, 07:30:25 PM »
When I scan with SpyBot I am getting the same 5 DSO exploits each time.  I select "Fix the problem" and SB reports that it has been fixed.  I do another scan immediately and the same 5 come up again.  It seems to be something about an IE security hole.  I am up to date with all the Updates etc.  Does someone know what it can mean and how I can get rid of this problem?

I am going to try to send a print screen of the report. ( I am not sure if I know how to send it but will try.  If it doesn't appear I will just have to type in the results. When I preview my post I don't see any attach.)

XP  SpyBot  Zone Alarm  avast home edition

Staind

  • Guest
Re:SpyBot S/D
« Reply #1 on: September 11, 2004, 08:12:19 PM »
Hi! Do you use SpywareBlaster? I believe these are conflicts between the two programs.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88855
  • No support PMs thanks
Re:SpyBot S/D
« Reply #2 on: September 11, 2004, 08:25:37 PM »
I use both Spybot S&D plus spywareblaster (SB) and no conflict - S&D recognises that I have SB installed.

Click on Immunise in S&D and says I have SB installed and this provides greater protection. Based on this I would say that recognition there wouldn't be a conflict.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

lee16

  • Guest
Re:SpyBot S/D
« Reply #3 on: September 11, 2004, 08:27:51 PM »
emma

There is descussion o the dso exploit at the link below.

http://forum.avast.com/index.php?board=9;action=display;threadid=5785;start=msg43649#msg43649

--lee

Staind

  • Guest
Re:SpyBot S/D
« Reply #4 on: September 11, 2004, 09:23:19 PM »
No, DavidR I recently did some searching because I continually had a "SearchForIt" thing coming up repeatedly.  Google searches lead me to the SnD forum where someone reported the exact same problem - it was a false positive brought on by SnD detecting a zone created by SpywareBlaster.

Hope this helps,
-Staind

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re:SpyBot S/D
« Reply #5 on: September 11, 2004, 09:49:33 PM »
It was a false positive brought on by SnD detecting a zone created by SpywareBlaster.

For me, Staind is right...
Better is check that itens and send them to the 'ignore list'  8)
The best things in life are free.

emma

  • Guest
Re:SpyBot S/D
« Reply #6 on: September 11, 2004, 10:22:42 PM »
I thank everyone for their replies and discussion.  I did follow the links as suggested and read more.  Did go to a page for a download suggested by Bob but went no further.

Unfortunately I am not that experienced and really need a
1.
2.
3.
.
.
100.

on what to do.  Better yet, maybe somebody will just suggest that those DSO repeats that I am getting are "no big deal" and I can just ignor the whole thing.
Ignorance does have its advantage.  ;)


Jeccu

  • Guest
Re:SpyBot S/D
« Reply #7 on: September 12, 2004, 12:24:01 AM »
Better yet, maybe somebody will just suggest that those DSO repeats that I am getting are "no big deal" and I can just ignor the whole thing.
Ignorance does have its advantage.  ;)

Well, they are not a big deal as long as your Windows is up to date. Microsoft patched the DSO Exploit over 2 years ago. But if you still want to get rid of the Spybot's DSO Exploit "false positive" you can update your Spybot S&D 1.3 to 1.3.1 Beta.
To get it, run Spybot S&D. In Settings->Settings, tick "Display available beta versions" under "Web update" and then search updates. However, I suggest not to install beta definitions, because it's possible that you'll get other false positives after that.

« Last Edit: September 12, 2004, 01:04:30 AM by Jeccu »

Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re:SpyBot S/D
« Reply #8 on: September 12, 2004, 12:55:26 AM »
When I had thoses problems I was advised to run DSO-STOP and it worked, hope this helps  :)

emma

  • Guest
Re:SpyBot S/D
« Reply #9 on: September 12, 2004, 02:44:46 AM »
Jeccu, I did explore getting the beta version, but wasn't sure I wanted to try that.  I do thank you though, because in order to find Settings in the Spybot, I realized I had to go into the Advanced area.  I didn't even know it existed.  WOW, did I learn a few things.  What a bunch of nasties there are out there.

SUSAANNAH I saw the link to DSO-STOP earlier, so decided to try it.  It did say I was vulnerable.  Don't know why as I have all the updates etc.  
Then I did another SpyBot scan.  Came up with some other nonsense, but the original DSO's (minus 1) were still there.

I am exhausted as I have been working on this all day.  
Bottom Line:  I have learned a lot and it could be worse.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88855
  • No support PMs thanks
Re:SpyBot S/D
« Reply #10 on: September 12, 2004, 11:51:50 AM »
No, DavidR I recently did some searching because I continually had a "SearchForIt" thing coming up repeatedly.  Google searches lead me to the SnD forum where someone reported the exact same problem - it was a false positive brought on by SnD detecting a zone created by SpywareBlaster.

Hope this helps,
-Staind

Hi Staind,

Thanks for the info, I had never experienced the SearchForIt problem, regularly using SB and S&D together. That is until this morning when up it popped 'SearchForIt in HKLM of registry, but no other errors and no DSO exploit warnings.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Staind

  • Guest
Re:SpyBot S/D
« Reply #11 on: September 12, 2004, 05:50:54 PM »
Are you using the beta? I know these problems were fixed there.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88855
  • No support PMs thanks
Re:SpyBot S/D
« Reply #12 on: September 12, 2004, 06:36:49 PM »
No just the bog standard version, I'm in no rush to use beta software on a non-testbed machine.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Jeccu

  • Guest
Re:SpyBot S/D
« Reply #13 on: September 12, 2004, 09:16:21 PM »
Are you using the beta? I know these problems were fixed there.

Staind
No, they were not. I've been using the 1.3.1 beta version for some time and I get "SearchForIt" false positive. This will be fixed next Spybot definitions update.



Kerim

  • Guest
Re:SpyBot S/D
« Reply #14 on: September 14, 2004, 03:24:51 PM »
Hi all,

I usually search the forum http://forums.net-integration.net/index.php? when I get something new while scanning with Spybot Search & Destroy.

1) DSO exploit

In the registry, the detected data entry 1004 of each key must be
"1004"=dword:00000003
(1004!=W=3 in Spybot screen means that it is not equal to 3)

The old version of Spybot had a bug in fixing it and make it instead
"1004"=dword:
That is it deletes the number (blank).

So each time it fixes it, the error stays as it is! No number!
The only way to fix it was by editing the registry (as I did) but it is risky for novice.
I heard that the new version of spybot has solved this problem.

Meanwhile one can safely ignore it in the Spybot settings (Advanced Mode):
Settings -> Ignore Products -> Security (or All products) -> check 'DSO Exploit' (scan will ignore it)

2) SearchForIt

It is a false positive. The entry of 'SearchForIt' that Spybot detects is indeed added by 'SpywareBlaster' to protect the PC from 'SearchForIt'!
So if it is deleted (so-called fixed) by Spybot, SpywareBlaster shows that one of its entry became unprotected. After re-running protection to all, the deleted key will be reinserted in the registry in order to be protected again from 'SearchForIt'!
So Meanwhile one can safely ignore it (not fixing it if it shows ONLY 1 line) or also in the Spybot settings (Advanced Mode):
Settings -> Ignore Products -> Hijackers (or All products) -> check 'DSO Exploit'

3) Evileye

It is also a false positive. I read that The file 'iun6002.exe' is a legitimate uninstaller file, placed in the Windows folder when you install Indigo Rose's Setup Factory software. So it could be ignored too.

Have a nice day

Kerim