Microsoft.Windows.Security.InternetExplorer threat
I just ran a scan and the following came up. It shows as a security threat and was checked.
Microsoft.Windows.Security.InternetExplorer
[SBI $A3433CBF] Settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2695072642-473866232-3689853989-1006\Software\Microsoft\InternetExplorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe (is not) W=1
I had to manually add the "(is not) W=1" to this post, as it did not show up when I copied the results of the scan to the clipboard and then pasted it into notepad.
I deleted the rest of the scan as the entries were only cookies, MRU's, Last file opened, etc;.
Can anyone tell me what this threat is? I just did a update from Windows for the IE 6.0 browser yesterday, did that have anything to do with it? Sould I go ahead and let SpyBot S&D fix it?
Thanks!
ps- Below is the balance of the scan showing program particulars:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-12-08 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-12-08 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-12-08 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-12-08 Includes\KeyloggersC.sbi (*)
2009-12-08 Includes\Malware.sbi (*)
2009-12-08 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-12-08 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-12-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-12-08 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti (*)
2009-12-08 Includes\Trojans.sbi (*)
2009-12-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
If you need any more information, let me know.
Microsoft.Windows.Security.InternetExplorer
I'm using Windows 7 and the latest version of IE8.
Today I installed Spybot - Search & Destroy version: 1.6.2 (build: 20090126)
and installed the latest Spybot updates.
SpybotSD reported the same "Microsoft.Windows.Security.InternetExplorer" problem you diagnosed in this thread on December 11, 2009:
========================================
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1101232559-714465636-2791255473-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
========================================
The values for this registry entry are as follows:
(Default)= (value not set)
iexplore.exe=0
And "allow active content to run in files on my computer" under my IE8 Advanced Security Settings was already UNCHECKED when I examined it per the advice you gave Dec. 11, 2009.
This is inconsistent with the diagnosis you provided in Dec. 11, 2009 for the "Microsoft.Windows.Security.InternetExplorer" problem.
How should I address this?
Microsoft.Windows.Security.InternetExplorer
Rosenfeld:
I allowed SpybotSD to fix this "Microsoft.Windows.Security.InternetExplorer" problem just to see what would happen.
The result was that the registry value "iexplore.exe" was changed from 0 to 1.
However, the IE8 Advanced Security Setting you cited ("allow active content to run in files on my computer") remained UNCHECKED.
Apparently the registry entry being flagged by SypbotSD is NOT associated with the Advanced Security Setting "allow active content to run in files on my computer".