# Have you been Hijacked on your homepage??? Solution here.....



## Navy.Doc (Jun 18, 2004)

You are experiencing DSO Exploit. (99 out of 100X anyway)

What it does: Changes your homepage to a random site addy.

How it works: It is a setting that changes certain registries.

What it entails to fix: Resetting Registry values

Difficulty for beginners: Hard

Difficulty for Intermediate: Challenging

Difficulty for Pros: You're kidding right?

  I recommend you print this page out and read over it as needed!!!  

Step 1: Download Spybot and run it
a. DSO Exploit should come up and have 5 errors with it.
b. click on the plus and look at all the registries affected.

Step 2: Minimize Spybot window

Step 3: click Start-> Run-> regedit-> hit enter

Step 4: follow all errors you find in DSO Exploit in SB S&D.

Step 5: Manually delete the registry in each section labeled 1004. It should be a Reg_SZ. (supposed to be a Reg_DWORD not a Reg_SZ)

Step 6: Right click and create new DWORD value and label it simply 1004.

Step 7: Right click on your new 1004 Registry value, select *MODIFY*, and set the Hexadecimal value to the number *3*.

Step 8: Repeat each step for each error in sequence.

Once you have finished this for *EACH* Registry error found by S-bot, You MUST RESTART/ REBOOT YOUR MACHINE!

After that re-run SpyBot S&D and the DSO exploit should not be there. Reset your homepage to whatever you want. I will start to work on a easier program to reset these values by using a wizard. It will be awhile, so make sure you get this done and run SBot regularly.

Hope this helps you all.

.....Doc


----------



## Dr Dave (Apr 8, 2002)

Doc, heres a little piece i wrote in May about DSO Exploit, it seems that the 1.3 newer version of "Spybot" actually deletes DSO Exploit, but a bug in the program keeps the 5 listings. This is how you get rid of the listings. Spybot was written by a german Patrick Kolla, there is a nice article on him in this months issue of PC World page 42.

Eliminate DSO Exploit in Spybot 

--------------------------------------------------------------------------------

If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following: 

1 Open Spybot and select 'advanced' mode. 
2 Select 'settings' in the left column. 
3 Select 'ignore product' in the left column. 
4 Select 'security' tab. 
5 Place check mark in box beside DSO Exploit. 
6 Close program 
7 Open Spybot and run a scan. 

You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.
__________________
.


----------



## Navy.Doc (Jun 18, 2004)

Hey Dr. Dave, you are right in a sense, this will have SB overlook the DSO exploit, but it does not remove it, therefore you will still have a hijacked web page. The way I did it was advice from a buddy who programs with MS. He suggested the registry edit and dso exploit will go away. But you have to edit the key reg's to the original settings. But if there is an easier way to edit it I am all ears. Thanks for the input on it though.


........Doc


----------



## cisco2004 (Nov 4, 2003)

This won't eliminate DSO exploit from showing up on SB but it will protect you.

http://www.nsclean.com/freebies.html


----------



## aarhus2004 (Jan 10, 2004)

Please edit this for beginners:

"Step 5: Manually delete the registry in each section"

Thanks.


----------



## Byteman (Jan 24, 2002)

Hi, Yup finding the DSO Exploit scan after scan is a bug in SpyBot----> the original detection was not, but the same ones time after time, IS

It's been well discussed here at TSG and many other places for some time.
I have done the regedits in win98se and it works, but not with the above instructions.......

SpyBot only knows that the value is not equal to 3

This is an in depth thread about it---> read and understand what it says!

http://forums.net-integration.net/index.php?showtopic=15308

There also is no need for anyone to change anything, the bug is only because SpyBot HAS Fixed the problem of the way the default settings are in IE...it just cannot change the value to the required 3. You can, but only if you have the correct instructions....multi user computers have to do it for all users.
As long as your Windows Updates are done for critical updates you have the patch.


----------

