View Full Version : registry entry found
Hello,
I have just recently started using spybot and it has not found anything until today. The one item it did find is Microsoft.Windows.Security.InternetExplorer: which is a registry setting.
Is it safe to have spybot fix this problem or is it better to just leave it alone since it is a registry setting?
Thanks
md usa spybot fan
2007-01-22, 19:35
lisar:
Please post a log of the actual detection you are getting so that we can see the registry entry being detected. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
Thanks
Hello,
I did as suggested and have pasted the results here.
Microsoft.Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2006-12-20 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-15 Includes\Cookies.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-15 Includes\Malware.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-08 Includes\Trojans.sbi (*)
2006-12-15 Includes\Revision.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-15 Includes\TrojansC.sbi (*)
2006-12-15 Includes\SpybotsC.sbi (*)
2006-12-15 Includes\SecurityC.sbi (*)
2006-12-15 Includes\PUPSC.sbi (*)
2006-12-15 Includes\MalwareC.sbi (*)
2006-12-15 Includes\KeyloggersC.sbi (*)
2006-12-15 Includes\HijackersC.sbi (*)
2006-12-15 Includes\DialerC.sbi (*)
Is this something that I should just leave alone since it is a registry entry or is it okay to let spybot fix this item?
Thanks!
Lisa
md usa spybot fan
2007-01-26, 18:49
Please see my response (http://forums.spybot.info/showpost.php?p=65848&postcount=2) to a similar query in the following thread:
Should I "Fix" This Spybot "Problem"?
http://forums.spybot.info/showthread.php?t=10770
Hello,
Thanks for getting back to me and for the link to a similar problem.
However, I am not running Windows XP. I have Windows ME on my computer and Internet Explorer 6. I have not changed the default, and have not had any problems with "Pictures do not appear as expected, or you receive an error message when you open an HTML file".
Any suggestions on how I should fix the problem that SpyBot has come up with on my computer. :scratch:
Thanks Again,
Lisa
md usa spybot fan
2007-02-08, 00:49
According to the following Microsoft Security Bulletin it appears that parts of the February 8, 2005 Cumulative Security Update for Internet Explorer (867282) were critical for Windows Millennium Edition:
Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer (867282)
http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx
How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems?
Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period. For more information about the Microsoft Support Lifecycle policies for these operating systems, visit the following Web site.
For more information about severity ratings, visit the following Web site (http://go.microsoft.com/fwlink/?LinkId=21140).
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by the vulnerabilities that are addressed in this security bulletin. Critical security updates for these platforms are available, are provided as part of this security bulletin, and can be downloaded only from the Windows Update Web site (http://go.microsoft.com/fwlink/?LinkId=21130). For more information about severity ratings, visit the following Web site (http://go.microsoft.com/fwlink/?LinkId=21140).
However it appears the portions of the updates that related to Local Machine zone lockdown may not have been a critical vulnerability in Windows Millennium Edition:
What is the Local Machine zone lockdown?
In Windows XP Service Pack 2, all local files and content that are processed by Internet Explorer has additional security applied to it in the Local Machine zone. This feature restricts HTML in the Local Machine zone. This feature also restricts HTML that is hosted in Internet Explorer. These restrictions help mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.
Because of this change, ActiveX script in local HTML pages that are viewed inside Internet Explorer will not run. Also, script in local HTML pages that is viewed inside Internet Explorer prompts the user for permission to run.
Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical. For more information about severity ratings, visit the following Web site (http://go.microsoft.com/fwlink/?LinkId=21140).
It appears that doing a "Fix select problems" on the "…\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe…" may be optional on Windows Millennium Edition.