Re: Troublesome pests keeps reviving themselves
From: Bruce Chambers (bruce_a_chambers_at_h0tmail.com)
Date: 08/19/04
- Next message: Bruce Chambers: "Re: Parch for VM vuln. (MS03-011) on XPSP2???"
- Previous message: Bruce Chambers: "Re: System is shuttng down NT authority 60 seconds"
- In reply to: anneAnna: "Troublesome pests keeps reviving themselves"
- Next in thread: anneAnna: "Re: Troublesome pests keeps reviving themselves"
- Reply: anneAnna: "Re: Troublesome pests keeps reviving themselves"
- Reply: anneAnna: "Re: Troublesome pests keeps reviving themselves (2)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Aug 2004 19:13:57 -0600
Greetings --
The DSO exploit was patched long ago by IE Cumulative Update
MS02-015, in March of 2002. If you've installed this specific patch,
or any subsequent IE Cumulative Updates, or Service Pack 1, you're
safe. It would appear that the latest version of Spybot S&D is only
checking for Internet zone settings in the registry that could be used
as work-around protection, and not for the presence of any corrective
patches. Hopefully, the makers of Spybot will soon fix this bug.
MS02-015 March 28, 2002 Cumulative Patch for Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319182
If you like, you can test your system for this particular
vulnerability at this web site:
http://www.greymagic.com/security/advisories/gm001-ie/
The makers of SpyBot S&D have acknowledged the problem and will
fix it on their next update:
http://www.safer-networking.org/index.php?page=paragraphs&detail=currentfaqs
In the meantime, in SpyBot S&D, click Mode > Advanced > Settings >
Ignore Products > Security > DSO Exploit, to turn off the false alarm.
Bruce Chambers
-- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH "anneAnna" <ana@microdot.faked.com> wrote in message news:iyCUc.130442$M95.122679@pd7tw1no... > Every day I run Spybot S&D and everyday I find one and the same DSO > exploit. > Even though DSOs have been "immunized" against, it keeps reviving > and coming back. Is there some way to stop it for good? > > It's in the registry as > HOTKEY_LOCAL_MACHINE.\.\.\...\zones\0\1004!=W=3 > > Pest Patrol also comes up with a single item every time, called > "twain-tech". Deleting registry entry doesn't kill it, keeps coming > back. It's key is HOTKEY_LOCAL_MACHINE\..\..\activex > compatibily\{000020dd-c-4113-af77-dd56626c6c42}|compatibility flags > > Anyway to stop this too? > > I'm not really knowledgeable, but I get called to fix browser > problems frequently, and I hope this is IT. > > > ana
- Next message: Bruce Chambers: "Re: Parch for VM vuln. (MS03-011) on XPSP2???"
- Previous message: Bruce Chambers: "Re: System is shuttng down NT authority 60 seconds"
- In reply to: anneAnna: "Troublesome pests keeps reviving themselves"
- Next in thread: anneAnna: "Re: Troublesome pests keeps reviving themselves"
- Reply: anneAnna: "Re: Troublesome pests keeps reviving themselves"
- Reply: anneAnna: "Re: Troublesome pests keeps reviving themselves (2)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
