Deleted exploits reappear

Question

There are five DSO exploits in my registry (Win xp) that can be removed using Spybot SD 1.3. However, everytime IE is opened these exploits are somehow placed back as they were before removal. What is in my system? I have looked in all the temp folders in every account, scanned for viruses,(using online services along with Mcafee) and haven't found anything. Here are the registry entries (bear with me) in case someone is familiar with them.

HKEY

- USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\lntemet Settings\Zones\O\ 1004!=W=3

HKEY

- USERS\S-1-5-21-343818398-1 060284298-180167 4531-1 004\Software\Microsoft\Windows\CurrentVersion\lnternet Settings\Zones\O\ 1004 !=W=3

HKEY

- USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\lnternet Settings\Zones\O\1004!=W=3

HKEY

- USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\1nternet Settings\Zones\O\1004!=W=3

HKEY

- USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\lnternet Settings\Zones\O\1004!=W=3

jwatt · Answer

That is a known bug in Spybot SD 1.3, unfortunately. Jim

Dave Lyle · Answer

From a member of 'Team SpybotS&D':

==========
Hello all,

The problem with the DSO Exploit is a little bug. We have already been able to locate and fix it, but unfortunately it was not included with the last update. It will hopefully be with the next one.
The DSO Exploit is a security gap in IE. Microsoft did already repair this, so if you have all Windows updates and patches installed, it is not dangerous for your system.

=========

So it would appear that the DSO exploit is being found, and Spybot is not able to repair it. But, MS has since patched the security hole in a different manner anyway.

jwatt · Answer

Yes, those results are false alarms. The bug is that those DSO exploits are "false positives".

There's no one tool that can remove all spyware. That's why the commonest recommendation is...

Scan for viruses with an up-to-date version of your antivirus software.
If the problem persists, download Ad-Aware, update it, configure it, and scan for malware/spyware.
If the problem still persists, download Spybot, update it, and scan for malware/spyware.
If none of those steps resolve the problems, download HijackThis, scan your system, and post a log at one of the sites specializing in malware analysis.

Jim