Windows.Explorer FP in beta.sbi 6 January 2006?
The latest (6 January) beta.sbi flags as red
Windows.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3090935711-3204504469-1825801191-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff!=W=0
In the registry the data for the NoLogOff binary is 01 00 00 00 (= no log off enabled)
Why is that considered bad? I think this must be a false positive?
There is only one user account on this stand alone PC and the key refers to that account (did not flag the same setting in HKCU, though). Despite that setting, log off [user name] still appears in the start menu, possibly because there is no equivalent setting in HKLM key?
Not sure if this is relevant, but I disabled fast user switching since I don't need it and because with fast user switching enabled Spybot updates uncheck all the checked cookies in the ignore cookies list, which is a nuisance if I forget to check them again before letting Spybot delete the unchecked ones (I keep site autologin cookies).
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-01-06 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti (*)
2006-01-06 Includes\Cookies.sbi (*)
2006-01-06 Includes\Dialer.sbi (*)
2006-01-06 Includes\Hijackers.sbi (*)
Lost but finding ME, slowly, again . .
Quote:
Originally Posted by Yodama
hi LoneLurker,
the entry "HKEY_USERS\.DEFAULT\Software\Microsoft\...\Policies\Explorer\NoLogOff!=W=0"
means that Spybot checked if the data for NoLogOff is not equal to 0.
That means it will alert if it is anything else than 0, typically a valid value would be 1.
If the data you have are set to 0 , it is fine.
The reason for this flagging even if the data is 0 , could be that the datatype may be different (note the detection on this is looking for Reg_DWord).
After Testing I found out what was really meant by the description of this Regsitry Value. If the value is set to 1 , only logging off for the current user is not possible, shutting down and rebooting is still available.
--> will be removed from detection
"Yodama,"
Thank you for this info, I am the lone user of this system so I do not logout, I had that disabled. After investigating this ALERT my 'LogOut' has reappeared and now I know why. Problem solved and thank you for explaning.