Results 1 to 5 of 5

Thread: Microsoft.Windows.Security.InternetExplorer threat

  1. #1
    Junior Member godawgs's Avatar
    Join Date
    Jan 2006
    Posts
    19

    Default Microsoft.Windows.Security.InternetExplorer threat

    I just ran a scan and the following came up. It shows as a security threat and was checked.

    Microsoft.Windows.Security.InternetExplorer
    [SBI $A3433CBF] Settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2695072642-473866232-3689853989-1006\Software\Microsoft\InternetExplorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe (is not) W=1

    I had to manually add the "(is not) W=1" to this post, as it did not show up when I copied the results of the scan to the clipboard and then pasted it into notepad.

    I deleted the rest of the scan as the entries were only cookies, MRU's, Last file opened, etc;.

    Can anyone tell me what this threat is? I just did a update from Windows for the IE 6.0 browser yesterday, did that have anything to do with it? Sould I go ahead and let SpyBot S&D fix it?
    Thanks!
    ps- Below is the balance of the scan showing program particulars:

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-02-05 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-10-08 Includes\Adware.sbi (*)
    2009-12-08 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-11-03 Includes\Dialer.sbi (*)
    2009-12-08 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-12-08 Includes\HijackersC.sbi (*)
    2009-10-20 Includes\Keyloggers.sbi (*)
    2009-12-08 Includes\KeyloggersC.sbi (*)
    2009-12-08 Includes\Malware.sbi (*)
    2009-12-08 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-12-08 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-12-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-11-03 Includes\Spyware.sbi (*)
    2009-12-08 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti (*)
    2009-12-08 Includes\Trojans.sbi (*)
    2009-12-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    If you need any more information, let me know.
    XP Home SP3
    Pent.4 1.8GHz,768MB
    IE 6.0.2800.1106SP3
    Inspiron Laptop
    Vista Premium SP2
    Dual Core 2.0GHZ,2GB
    IE 7
    Firefox
    MSE AntiVirus
    Malwarebytes
    CCleaner
    SpyBot
    SpywareBlaster

  2. #2
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    212

    Default

    The alert tells you that one security setting in Internet Explorer options is not set to its default value. The setting concerned is in Internet options, advanced tab, in the security section (scroll down to it), 'allow active content to run in files on my computer'. If that has a checkmark in the box the registry entry you mention is set to 0 and Spybot flags it as 'not = 1'. If it isn't checked (the default) it would (should) be set to its default value of 1 in the registry, which is what spybot expects.

    In fact I deliberately checked that box in the advanced tab and excluded the detection from further searches to stop Spybot from flagging it every time. Although that makes my system slightly less secure when browsing, I had good reasons to do so in my circumstances.

    But if you did not check that option deliberately, it could be a sign that there is (was) some malware on your PC that set it.

    Uncheck that option in the advanced tab, close IE and restart it, see if it remains unchecked, and or rescan with Spybot.
    Last edited by Rosenfeld; 2009-12-12 at 02:02.

  3. #3
    Junior Member godawgs's Avatar
    Join Date
    Jan 2006
    Posts
    19

    Default

    Thanks, Rosenfeld.
    The "allow active content to run in files on my computer" was checked. If I remember correctly, my credit card site had directions to set it so a part of their site would work. I will go back to their site and if that is not the case, I will uncheck it, close and reopen the browser to make sure it's still unchecked and then rerun Spybot. But this was the only thing that came up as an immediate threat when I ran it today.
    Thanks again,
    JC
    XP Home SP3
    Pent.4 1.8GHz,768MB
    IE 6.0.2800.1106SP3
    Inspiron Laptop
    Vista Premium SP2
    Dual Core 2.0GHZ,2GB
    IE 7
    Firefox
    MSE AntiVirus
    Malwarebytes
    CCleaner
    SpyBot
    SpywareBlaster

  4. #4
    Junior Member
    Join Date
    Apr 2010
    Posts
    3

    Default Microsoft.Windows.Security.InternetExplorer

    I'm using Windows 7 and the latest version of IE8.
    Today I installed Spybot - Search & Destroy version: 1.6.2 (build: 20090126)
    and installed the latest Spybot updates.

    SpybotSD reported the same "Microsoft.Windows.Security.InternetExplorer" problem you diagnosed in this thread on December 11, 2009:

    ========================================
    Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1101232559-714465636-2791255473-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
    ========================================


    The values for this registry entry are as follows:
    (Default)= (value not set)
    iexplore.exe=0

    And "allow active content to run in files on my computer" under my IE8 Advanced Security Settings was already UNCHECKED when I examined it per the advice you gave Dec. 11, 2009.

    This is inconsistent with the diagnosis you provided in Dec. 11, 2009 for the "Microsoft.Windows.Security.InternetExplorer" problem.
    How should I address this?
    Last edited by jprice; 2010-04-27 at 00:09.

  5. #5
    Junior Member
    Join Date
    Apr 2010
    Posts
    3

    Default Microsoft.Windows.Security.InternetExplorer

    Rosenfeld:

    I allowed SpybotSD to fix this "Microsoft.Windows.Security.InternetExplorer" problem just to see what would happen.

    The result was that the registry value "iexplore.exe" was changed from 0 to 1.

    However, the IE8 Advanced Security Setting you cited ("allow active content to run in files on my computer") remained UNCHECKED.

    Apparently the registry entry being flagged by SypbotSD is NOT associated with the Advanced Security Setting "allow active content to run in files on my computer".
    Last edited by jprice; 2010-04-27 at 00:56. Reason: accuracy and completeness

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •