# Spybot DSO exploit fix ad OTHER spybot problems



## dvk01 (Dec 14, 2002)

Edited to remove incorrect advice 

please see the later post about this


----------



## dvk01 (Dec 14, 2002)

I will stickyn this just for a few days until most people have seen it


----------



## Cinders (Aug 14, 2002)

Thanks Derek,

Has fixed the problem.

Cinders


----------



## Cheeseball81 (Mar 3, 2004)

Thanks Derek  

It actually found it on the first scan. But then I did another and now it doesn't.

Thanks again
-Cheese


----------



## hewee (Oct 26, 2001)

Can you install it over top the version you have?


----------



## Cheeseball81 (Mar 3, 2004)

hewee, it installed over mine


----------



## hewee (Oct 26, 2001)

Cheeseball81,

Thanks


----------



## hewee (Oct 26, 2001)

Mine after doing a install over top shows I have Spybot 1.3 
I was able to get the updates after I did the install also.

But in a posted at another forum it show Spybot 1.3.1 TX

So what is it showing after you upgraded to the new 1.3.1 TX and did you install over or do a clean install?

EDIT:

OK all is ok now. I down the file again and from the very same link.
Guess they had not yet updated all the download sites when I got mine earlier today.


----------



## Cheeseball81 (Mar 3, 2004)

Glad it's ok  

I just went to the link provided by Derek and went to the first link from Major Geeks. 
I saved it and it downloaded. I guess it automatically installed over the 1.3 Final. 
Cause after it installed, I went back into Programs and it opened as 1.3.1 TX.

Even in Control Panel, under Add/Remove Programs, the only SpyBot program listed was 1.3.1 TX.


----------



## hewee (Oct 26, 2001)

Me too Cheeseball81. The first install was the same version I already had. It also was like doing a new install in the things that happen when you first open the program.
The 1.3.1 TX was even better but I don't think it is a full install but just a upgrade because the spybotsd131tx file size is 1.35MB and the other spybotsd13 was 4.15MB.

Yep just the one SpyBot program listed 1.3.1 TX in my add/remove too.
Anyhow all is well now.


----------



## edjon2000 (Jul 16, 2004)

Hi everyone,

I've downloaded the update, installed it (it shows as Version 1.3.1tx) but the DSO exploits still show up.


Any help with this would be greatly appreciated.

Jon.


----------



## Cheeseball81 (Mar 3, 2004)

Jon, 

Do a second scan. That happened to me too. It came up on the first scan. But didn't on the second. See if that works.


----------



## edjon2000 (Jul 16, 2004)

Yep did a second scan all ok Thanks Cheeseball81

Jon.


----------



## Cheeseball81 (Mar 3, 2004)

Welcome :up:


----------



## bearone2 (Jun 4, 2004)

that's the 1st time i've seen congrats on the se machine.


----------



## hewee (Oct 26, 2001)

I got more updates today too.


----------



## cybertech (Apr 16, 2002)

:up: Leave it stuck for a few weeks


----------



## Cheeseball81 (Mar 3, 2004)

Me too hewee :up:


----------



## hewee (Oct 26, 2001)

Good to hear


----------



## Mr Broly (Oct 23, 2004)

So is it ok that Spybot now is Spybot 1.3.1 TX, or should i download the normal 1.3 again???


----------



## hewee (Oct 26, 2001)

download the new Spybot 1.3.1 TX and you can install it over top of Spybot 1.3.
Then update it and also go in to the Immunize and make sure that is up todate.


----------



## bosshogg151 (Jan 18, 2004)

Worked perfectly. Thanks.....


----------



## hewee (Oct 26, 2001)

Good to hear bosshogg151.


----------



## Gabriel (May 2, 2003)

I am confused.....I downloaded the fix....I saved it on my hard drive....How do I put it in the spybot 1.3................Also, does my Spybot 1.3 have to say the word final on it anywhere, because mine doesn't....it just is 1.3...I am very confused


----------



## hewee (Oct 26, 2001)

Just install it. It will get installed 1.3.1 TX over top ov 1.3.

Now if you have a 1.3 beta version you have to uninstall it.
But mine before I just upgated said 1.3 and after the update it says 1.31TX


----------



## Gabriel (May 2, 2003)

Thanks Heewee, Works perfect now


----------



## hewee (Oct 26, 2001)

Your welcome Gabriel.  I knew it would too.


----------



## BadDracula (Jun 7, 2004)

Seems to have done the trick! Thanks!!!!!


----------



## hewee (Oct 26, 2001)

Great to hear


----------



## Holly3278 (Jan 29, 2003)

Hi everyone. I just thought I should let you all know that somehow an internal beta for Spybot Search and Destroy got released to a few websites. I read this on Spybot Search and Destroy's official site earlier while downloading the official version. There is more info on their site:

http://security.kolla.de/

They say to be careful not to download the beta because it probably won't work.


----------



## MFDnNC (Sep 7, 2004)

Good info!


----------



## Cheeseball81 (Mar 3, 2004)

Wow I hadn't heard about that. Thanks for the heads up, Holly.  

Maybe someone can make a sticky in Security about it.


----------



## dvk01 (Dec 14, 2002)

To Antivirus

I split your post off and moved it to here
http://forums.techguy.org/showthread.php?t=292680

it is not a good idea to tag on the bottom of a thread about a totally different problem

always start your own thread when you have a problem please. That way YOU will getb the help you need


----------



## John Millich (Oct 25, 2004)

Thanks Derek,

Spybot works like a charm after loading that update. First scan picked it up but by the second scan it was gone. Free at last! 

John


----------



## jillian2 (Sep 11, 2004)

dvk01 said:


> Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX[25-10-04]
> 
> --------------------------------------------------------------------------------
> 
> ...


I have SpyBot 1.3 and also have the problem with the DOS Exploit. It comes up with every scan. My computer is updated with all Microsoft patches. I also have the SP2. I downloaded the SpyBot fix from Major Geeks and after install, I ran SpyBot Search and Destroy. The DOS Exploit still came up. Unfortunately, the "fix" did not fix this problem. I will just put it on the "Ignore Product" list. I scanned 4 times and each time the DOS Exploit still came up. Didn't work for me.

Jillian


----------



## GoJoAGoGo (Dec 26, 2002)

Has anyone tried to downloads skins from the Spybot S&D site lately? I've tried and for the past 2 days I keep getting the "HTTP 404 - File not found error".

http://www.safer-networking.org/en/skins/index.html


----------



## hewee (Oct 26, 2001)

Same here gojo.


----------



## dvk01 (Dec 14, 2002)

Apparantly we have unwittingly been giving out wrong advice about this problem so can everybody please follow the advice here with reagards to spoybot problems for a little bit longer please

Spybot 1.3 has been and still is a wonderful and popular tool. Unfortunately, some people are experiencing problems with it. Those problems which I will describe a little further down in this post have been discussed many times on this forum. Some are benign, some are more serious. Those issues are all being worked on actively by the development team. An update of the main program will be issued in the near future (no I can't set a date, but as soon as it is known, I will update this post) which will fix those problems.
DSO Exploit keeps returning even after Spybot fixes it
Error during check!: ??various?? (Ungültiger Datentyp für ') ()
Hangs during fix or scan
The first item on the list: DSO Exploit has been explained so many times and there is so much confusing information out in the forums that it is hard to resume all of this in a concise manner. But here goes:

The DSO Exploit was a problem in the way Windows handled the "My Computer Zone". Microsoft released a patch for this long ago. So if you have an updated Windows, you shouldn't be affected by this exploit. The reason Spybot flags it is simple. Before Microsoft came out with this patch, a security firm came out with a workaround "tweak" of the registry to restrict this Zone. Spybot looks for the implementation of that "tweak". If the tweak is not found, it flags the DSO Exploit object. Normally this shouldn't be a problem, you'd just let Spybot fix it and it implements the workaround, end of topic. The problem with 1.3 is that the workaround is not done properly during fix. Hence why Spybot flags it again. This has been fixed in the code and was tested for a while with version 1.3.1 beta.

Solution for now: Just ignore it. It isn't a problem if your windows is patched. When the next version of Spybot - S&D comes out, it will fix this problem.

More info on this:
http://forums.net-integration.net/index.php?showtopic=23930
http://forums.net-integration.net/index.php?showtopic=17159
http://forums.net-integration.net/index.php?showtopic=23663

Item number 2: Error during check!: ??various?? (Ungültiger Datentyp für ') () (where ??various?? is any number of malware names...)
This problem is a little bit more complex. I cannot explain it in detail as I am not a programmer. But to explain simply, when this occurs, it means that Spybot did not complete the scan and that even though it states Congratulations! No immediate threats found! those results are not accurate.
Some of you might find that if you download the advcheck.dll update dated October 4th 2004, this problem is fixed. If not, read on.
Most of these issues reported were fixed with the advent of 1.3.1 beta. Not all, but a lot of them. This bug is also still being worked on and should be fixed in the next update. If any of you are having this problem, you will have to wait for an update to be issued. There is no supported way of fixing this at this time. * See note at bottom of post *

More info on this:
http://forums.net-integration.net/index.php?showtopic=24364

Item number 3: Hangs during fix or scan.

This one is multi part. It can have a number of causes and a number of fixes....
If the program hangs during scan, and you have a computer equipped with a CPU with HyperThreading Technology, this bug cannot be fixed with the current version of Spybot. However, as with the other bugs I have mentioned, this has been and still is being worked on. An update will be issued shortly that will most likely take care of the problem. A lot of users who beta tested 1.3.1 beta said the problem had been fixed for them.

Edit - This problem can be worked around... Thanks to md usa spybot fan for bringing this to my attention.
Here is how:
Open Spybot, then leave it alone
Open Task Manager, and go to the Processes tab
Right-click on SpybotSD.exe, and choose "Set Affinity..."
On the box that comes up, check/uncheck boxes so that ONLY "CPU 0" is checked.
Go back to the already-open Spybot, and run a scan. It should complete without hanging or losing responsiveness.
More info:
http://forums.net-integration.net/index.php?showtopic=24448&view=findpost&p=113214
http://forums.net-integration.net/index.php?showtopic=18442&st=0&#entry85933

If it hangs during fix, it is another matter. Depending on your operating system version, it can be the result of many things. Some users reported that the confimation dialog would not come to the front of the screen. This meant that Spybot would be waiting for input and wasn't hung. If this happens to you, you can try the following and see if it helps.

Open Spybot in advanced mode. Look in the top menu for the item "Mode" to set it to "Advanced" if you are not already in that mode.
Then go to "Settings" in the lefthand side. Click on Settings in the submenu that opens up beneath it. In the right hand side look for:
Main Settings
Display confirmation dialogs before doing critical changes
Uncheck that option and try to fix again.
If you are not using Windows XP, also make sure that both System Restore options in that same Main Settings category are unchecked.
If the above does not help, then you will also have to wait for the next update.

This new version of Spybot will be out, possibly as a beta download first, soon. As I said before, I cannot state a date for it, but it is coming.

*Note* There are workarounds being discussed in the forums to some of those problems. Some websites have decided to put up the beta version 1.3.1 for download, even though Safer Networking has removed it from their server. This is an unauthorized and unsupported version. If you decide to use this, no support will be given for it here.
Also a test version (1.3.1TX) had been released which was never meant for the public. It contained debug code for a specific problem and that release was also pulled from Safer Networking's servers. This one too, found its way on some websites. This is also an unauthorized, unsupported version.
And yet another one....
http://forums.net-integration.net/index.php?showtopic=24284


----------



## hewee (Oct 26, 2001)

> Also a test version (1.3.1TX) had been released which was never meant for the public


How are you to know if you have this test version?


----------



## dvk01 (Dec 14, 2002)

hewee said:


> How are you to know if you have this test version?


if you downloaded the 1.3.1tx update then the TX stands for test so I have been told

That's why I have now edited out the first post to prevent anyone else possibly wrecking their system


----------



## AmyIST (Aug 21, 2002)

What do we do if we have 1.3.1tx running? Do we leave it alone or install the old one? Any suggestions?


----------



## dvk01 (Dec 14, 2002)

I meant to post this as a reply to amyist post but somehow hit edit instead of quote and added it to her post Sorry!!

Just leave it alone unless it starts to cause any problems

it won't harm most computers but it isn't guaranteed to cure the problems and on some systems it might give strange error messages


----------



## Cheeseball81 (Mar 3, 2004)

Eeek I just read this 

I did download that patch and currently have the 1.3.1TX version

I haven't experienced any problems with it at all though

Will this be an issue later on? Or you can't say for sure?


----------



## dvk01 (Dec 14, 2002)

Karmopo

I've moved your post to it's own thread

It's not a good idea to tag ontop a discussion post with a problem


----------



## GoJoAGoGo (Dec 26, 2002)

GoJoAGoGo said:


> Has anyone tried to downloads skins from the Spybot S&D site lately? I've tried and for the past 2 days I keep getting the "HTTP 404 - File not found error".
> 
> http://www.safer-networking.org/en/skins/index.html


Skins link still offline, does anyone has an alternate Spybot Search & Destroy skins link?


----------



## wyred (Jan 31, 2005)

but this is how i fixed my DSO exploit problem:

1) Make a note of the location of the exploit shown in Spybot, something similar to:

HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor

3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title

4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

5) Close the Registry Editor and Reboot your computer

6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.


----------

