PDA

View Full Version : Spybot Fixes But Problem Returns


WOLF359
2007-02-01, 22:30
Hi,
Spybot Throws Up-microsoft.windows.security.internet Explorer.
Hkey_users\s-1-5-21-1757981266..................reg Change.
It Lists This As A High Priority So I Get It To Fix It, But On The Next Scan It's Back, Laughing In My Face.
I Noticed That It Appears During The Scan When It Gets To 'windows Redirected Host.
I Have Also Run Windows Defender, Reg Mechanic,and Ad-aware, But None Of These Give Me The Same Results. Ad-aware Tells Me That There Are 20 Negligible Objects That Are Mru Lists.
I Am Not Sure If I Have Something Serious Or Not! Help!
spybotsandra
2007-02-02, 09:42
Hello,

The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.

The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx for details).

There are several threads on the subject:

* Windows.Security.Internet Explorer
http://forums.spybot.info/showthread.php?t=6560
* Scan Result
http://forums.spybot.info/showthread.php?t=6749

If you want you can also tell Spybot-S&D to exclude those detections from further scans.

You can exclude a product from the search as follows:
First of all procede a scan with Spybot - Search & Destroy. Now, mark the item, you want to exclude from the search, with a left-click.
It is marked blue now. Then right-click this entry and select "exclude this product from further searches".

It is also possible to exclude it before the search. Please run Spybot - Search & Destroy in "Advanced Mode" and go to "Settings" -> "Ignore products". There you can tick the checkbox in front of the product you want to exclude from the search.

Best regards
Sandra
Team Spybot
WOLF359
2007-02-07, 17:10
SSANDRA
Thanks for your reply, but I am a little confused. Are you suggesting that I alter the reg value to 1 if it is 0? Also how do I find the malware that might be doing this? Spybot and other programs do not identify the culprit.