Actually "Imunizing" reinstalls the "Win32.Trojan.Dialer.hz".
Printable View
Actually "Imunizing" reinstalls the "Win32.Trojan.Dialer.hz".
The "*=dword:00000004" is the code to place something into Internet Explorer's restricted sites zone.
Reference:
- Microsoft Knowledge Base Article – 182569
Description of Internet Explorer security zones registry entries
http://support.microsoft.com/default.aspx?kbid=182569
No BS nor speculation.Quote:
Internet Explorer 4.0 and later
Internet Explorer security zones settings are stored under the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
These registry keys contain the following keys:
• TemplatePolicies
• ZoneMap
• Zones
....
ZoneMap
The ZoneMap key contains the following keys: • Domains
• ProtocolDefaults
• Ranges
....
Zones
The Zones key contains keys that represent each security zone that is defined for the computer. By default, the following five zones are defined (numbered zero through four): Value Setting
------------------------------
0 My Computer
1 Local Intranet Zone
2 Trusted sites Zone
3 Internet Zone
4 Restricted Sites Zone
Try the following:
Go into Spybot > Immunize > click the "Check again" button and see if you get a warning.
Even if not click the "Immunize" button (big green plus sign) at the top of the right pane to immunize again. Then run another ZoneAlarm Anit-Spyware scan and see if the Win32.Trojan.Dialer.hc detection returns.
Added with edit:
ps: I see that you already tried to re-immunize while I was typing.
miadlor:
Prove it to yourself:
Go into Internet Explorer > Tools > Internet options... > "Security" tab > click the "Restricted sites" button > then the "Sites" button > the Web sites listings will show what sites are in the restricted zone.
Look for the following both before and after immunizing with Spybot and removing the entry with ZoneAlarm (note the entries are in alphabetical order by the second and third nodes of the name):
- *.archiviosex.net
Exactly what you said!
So Zone Alarm is in error.....because it's not coming up with all the others as infections.
miadlor:
Since you seem convinced, maybe you could do yourself and other users of ZoneAlarm Anti-Spyware a favor and report the false positive in the Zone Labs User Forum:
Here:
- ZoneAlarm Antivirus/Anti-Spyware
http://forum.zonelabs.org/zonelabs/b...d.id=Antivirus
Perhaps they will recognize their error and correct the problem.
Made a post on Zone's site.
All set...............
http://forum.zonelabs.org/zonelabs/b...ssage.id=10436