Robbo9:
There are seven (7) detections that I am aware for Microsoft.Windows.ActiveDesktop. The checks are done in the following registry key:
Code:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
Spybot looks for the following entries:
- "NoChangingWallpaper"=dword:00000000
- "NoAddingComponents"=dword:00000000
- "NoDeletingComponents"=dword:00000000
- "NoEditingComponents"=dword:00000000
- "NoCloseDragDropBands"=dword:00000000
- "NoMovingBands"=dword:00000000
- "NoHTMLWallPaper"=dword:00000001
If it finds a corresponding entry and the dword is not equal to the above value it lists it a possible problem. If you fix the problem, the dword is change to the value indicated above.
There is a brief explanation of what these settings indicate in the following:
Note: The above article also lists the following entry that does not appear to checked by Spybot:
- "NoComponents"=dword:0000000?
*********************
I at a loss to try to explain what may have happen during the fixing of this type of problem. My Windows XP Home system does not normally have these particular registry entries because they are group policy entries usually only found on systems with Windows 2000, 2003 and XP Pro. I added them to my system so that they would be detected by Spybot-S&D.
Code:
[HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
@=""
"NoChangingWallpaper"=dword:00000001
"NoComponents"=dword:00000001
"NoAddingComponents"=dword:00000001
"NoDeletingComponents"=dword:00000001
"NoEditingComponents"=dword:00000001
"NoCloseDragDropBands"=dword:00000001
"NoMovingBands"=dword:00000001
"NoHTMLWallPaper"=dword:00000000
I then ran a scan and fixed the problems:
Code:
--- Report generated: 2007-01-16 12:19 ---
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents!=W=0
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents!=W=0
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents!=W=0
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper!=W=0
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoCloseDragDropBands!=W=0
Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoMovingBands!=W=0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2006-05-01 TeaTime SyreneD Patch.exe (1.4.0.2)
2007-01-05 TeaTimer 1.5.exe (1.5.0.2)
2006-10-24 TeaTimer Beta I.exe (1.5.0.0)
2005-05-31 TeaTimer ResourceHacker.exe (1.4.0.2)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-10-13 advcheck-2007-01-05.dll (1.0.2.0)
2007-01-15 advcheck-2007-01-15.dll (1.2.1.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-12 Includes\Beta.sbi
2005-02-16 Includes\Beta.uti
2007-01-12 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-01-12 Includes\DialerC.sbi
2006-11-24 Includes\Hijackers.sbi
2007-01-12 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-01-12 Includes\KeyloggersC.sbi
2007-01-12 Includes\Malware.sbi
2007-01-12 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi
2007-01-12 Includes\PUPSC.sbi
2007-01-12 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi (*)
2007-01-12 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi
2007-01-12 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi
2007-01-12 Includes\TrojansC.sbi
The registry entries after the fixing:
Code:
[HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
@=""
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000001
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoHTMLWallPaper"=dword:00000001