Microsoft Windows Security query

**mazda** · 2007-03-11, 22:11

A couple of days ago when I did a scan, it showed, in red, 'Microsoft Windows. Security. Internet Explorer', with a green tick already in the box. I clicked to "Fix" the problem. Tonight it reappeared. Would someone advise why it wasn't removed the first time and whether this is something to worry about.
Also, I'm blowed if I can understand the Immunize function. Should I click the Immunize button at some stage?
I'm running XP+SP2+AVG PRO etc and do most browsing with Firefox.
Many thanks from an old fogey!

**md usa spybot fan** · 2007-03-12, 05:37

mazda:

Originally Posted by mazda

A couple of days ago when I did a scan, it showed, in red, 'Microsoft Windows. Security. Internet Explorer', with a green tick already in the box. I clicked to "Fix" the problem. Tonight it reappeared. Would someone advise why it wasn't removed the first time and whether this is something to worry about.

Please post a log of the actual detection you are getting. To do that:

Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

Originally Posted by mazda

Also, I'm blowed if I can understand the Immunize function. Should I click the Immunize button at some stage?

When you "Immunize", entries are added to the system registry that are used by Internet Explorer. This blocks cookies from some sites, places other sites in the restricted zone and blocks the download/execution of selected ActiveX scripts. To immunize:

Go into SpybotSD..
Click the "Immunize" button (in the left pane).
When the Immunize panel loads, I click the "Immunize" button at the top of the right pane (it has a large green plus sign followed by the word Immunize).

**mazda** · 2007-03-12, 10:56

Many thanks for your reply.
Of course, when I ran the scan a few minutes ago, this time I got my normal "Congratulations!" note! However, I've tried to copy as you specified so here is the result:
Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)
Ye Gods! This looks frightening: I hope I'm in trouble?
Thanks in advance.

**mazda** · 2007-03-12, 10:57

Correction - "hope I'm NOT in trouble".

**md usa spybot fan** · 2007-03-12, 13:34

The log is clean (no detections):

Code:

Congratulations!: No immediate threats were found. ()

The rest of the log shows the version of Spybot you are running, the version of all the of Spybot's software as well as update date of all of the detection files and which were used during the scan.

******************

If you like to post the Fixes.yymmdd-hhmm log from the running of Spybot when you incountered the problem, we could take a look at that.

There are two methods to copy and post that information:

Method 1:
- Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the Fixes.yymmdd-hhmm.log file that was produced when you found and fixed the detection you are questioning. Open it. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.
Method 2
- The Fixes.yymmdd-hhmm.log files are stored in the following folders:
  - Windows 95 or 98:
    C:\Windows\Application Data\Spybot - Search & Destroy\Logs
  - Windows ME:
    C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
  - Windows NT, 2000 or XP:
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
- Using Windows Explorer, navigate to the correct Fixes.yymmdd-hhmm.log. Double click on it and it should open with Notepad. To copy it to the Clipboard, right click on the listing and select Select All > Right click again and select Copy. Paste (Ctrl+V) the contents of the Clipboard into a new post in this thread.

Note: By default here are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.

**mazda** · 2007-03-12, 19:08

Many thanks for your reply. Relieved to learn that the log was clean.
I've followed your instructions and I'm trying to copy from Windows Explorer what I think might have been the required file (there are many files in that folder).

--- Report generated: 2007-03-09 10:32 ---

Microsoft.Windows.Security.InternetExplorer: Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052111302-1123561945-725345543-1004\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)
**************
I'm very appreciative of your efforts on my behalf. I look forward to having your comments.
Many thanks.

**md usa spybot fan** · 2007-03-12, 20:04

The default setting in Windows XP Service Pack 2 for the following registry entry is "iexplore.exe"=dword:00000001.

Code:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001

Spybot's detection indicates that the registry entry "!=W=1" (where "!=" is not equal and "W=1" is dword:00000001). In other words the value not set to the default value.

There is an explanation (relatively technical) of FEATURE_LOCALMACHINE_LOCKDOWN in the following:

Compatibility in Internet Explorer 6 for Windows XP Service Pack 2
http://msdn.microsoft.com/library/de...psp2compat.asp

The bottom line is, if you did not intentionally change the default for some reason such as the following, I suggest that fix the problem:

Pictures do not appear as expected, or you receive an error message when you open an HTML file on a Windows XP Service Pack 2-based computer
http://support.microsoft.com/kb/878461

Since you mentioned that you are running Windows XP Professional, the only caveat to just fixing the problem would be if your group policies are set by someone else.

**mazda** · 2007-03-12, 21:22

Hello again.
Actually I'm simply a retired chap using Windows XP Home Edition not Professional, but with AVG Pro.
I shall endeavour to get to grips with the technicalities in your reply although I fear that might beyond me! I guess from what you say that there's nothing dreadfully wrong with my computer. Certainly I'm not aware of anything untoward.
Many thanks for taking the trouble to help.

**md usa spybot fan** · 2007-03-12, 22:06

Originally Posted by mazda

... I'm ... using Windows XP Home Edition not Professional, but with AVG Pro.

My misunderstanding, it was "… +AVG PRO etc ..." that you wrote.

If the the Spybot detection doesn't return, you're all set. If it does, I'll try to explain again.

Since you indicated that you are retired, I thought that I would share something that was sent to me today. I published it here:

Retired people having fun.
http://forums.spybot.info/showthread.php?t=12094

**mazda** · 2007-03-13, 20:08

Amusing tale! I'll maybe try that some time!
Thank you ever so much for your patient, helpful replies.

Thread: Microsoft Windows Security query

Thread Tools

Display

Microsoft Windows Security query

Posting Permissions