When I scan with SpyBot I am getting the same 5 DSO exploits each time. I select “Fix the problem” and SB reports that it has been fixed. I do another scan immediately and the same 5 come up again. It seems to be something about an IE security hole. I am up to date with all the Updates etc. Does someone know what it can mean and how I can get rid of this problem?
I am going to try to send a print screen of the report. ( I am not sure if I know how to send it but will try. If it doesn’t appear I will just have to type in the results. When I preview my post I don’t see any attach.)
I use both Spybot S&D plus spywareblaster (SB) and no conflict - S&D recognises that I have SB installed.
Click on Immunise in S&D and says I have SB installed and this provides greater protection. Based on this I would say that recognition there wouldn’t be a conflict.
No, DavidR I recently did some searching because I continually had a “SearchForIt” thing coming up repeatedly. Google searches lead me to the SnD forum where someone reported the exact same problem - it was a false positive brought on by SnD detecting a zone created by SpywareBlaster.
I thank everyone for their replies and discussion. I did follow the links as suggested and read more. Did go to a page for a download suggested by Bob but went no further.
Unfortunately I am not that experienced and really need a
1.
2.
3.
.
.
100.
on what to do. Better yet, maybe somebody will just suggest that those DSO repeats that I am getting are “no big deal” and I can just ignor the whole thing.
Ignorance does have its advantage.
Well, they are not a big deal as long as your Windows is up to date. Microsoft patched the DSO Exploit over 2 years ago. But if you still want to get rid of the Spybot’s DSO Exploit “false positive” you can update your Spybot S&D 1.3 to 1.3.1 Beta.
To get it, run Spybot S&D. In Settings->Settings, tick “Display available beta versions” under “Web update” and then search updates. However, I suggest not to install beta definitions, because it’s possible that you’ll get other false positives after that.
Jeccu, I did explore getting the beta version, but wasn’t sure I wanted to try that. I do thank you though, because in order to find Settings in the Spybot, I realized I had to go into the Advanced area. I didn’t even know it existed. WOW, did I learn a few things. What a bunch of nasties there are out there.
SUSAANNAH I saw the link to DSO-STOP earlier, so decided to try it. It did say I was vulnerable. Don’t know why as I have all the updates etc.
Then I did another SpyBot scan. Came up with some other nonsense, but the original DSO’s (minus 1) were still there.
I am exhausted as I have been working on this all day.
Bottom Line: I have learned a lot and it could be worse.
Thanks for the info, I had never experienced the SearchForIt problem, regularly using SB and S&D together. That is until this morning when up it popped 'SearchForIt in HKLM of registry, but no other errors and no DSO exploit warnings.
Staind
No, they were not. I’ve been using the 1.3.1 beta version for some time and I get “SearchForIt” false positive. This will be fixed next Spybot definitions update.
In the registry, the detected data entry 1004 of each key must be
“1004”=dword:00000003
(1004!=W=3 in Spybot screen means that it is not equal to 3)
The old version of Spybot had a bug in fixing it and make it instead
“1004”=dword:
That is it deletes the number (blank).
So each time it fixes it, the error stays as it is! No number!
The only way to fix it was by editing the registry (as I did) but it is risky for novice.
I heard that the new version of spybot has solved this problem.
Meanwhile one can safely ignore it in the Spybot settings (Advanced Mode):
Settings → Ignore Products → Security (or All products) → check ‘DSO Exploit’ (scan will ignore it)
SearchForIt
It is a false positive. The entry of ‘SearchForIt’ that Spybot detects is indeed added by ‘SpywareBlaster’ to protect the PC from ‘SearchForIt’!
So if it is deleted (so-called fixed) by Spybot, SpywareBlaster shows that one of its entry became unprotected. After re-running protection to all, the deleted key will be reinserted in the registry in order to be protected again from ‘SearchForIt’!
So Meanwhile one can safely ignore it (not fixing it if it shows ONLY 1 line) or also in the Spybot settings (Advanced Mode):
Settings → Ignore Products → Hijackers (or All products) → check ‘DSO Exploit’
Evileye
It is also a false positive. I read that The file ‘iun6002.exe’ is a legitimate uninstaller file, placed in the Windows folder when you install Indigo Rose’s Setup Factory software. So it could be ignored too.