Results 1 to 2 of 2

Thread: Immunization - Spybot trys to add 139mm.com to trusted sites

  1. #1
    Junior Member
    Join Date
    Oct 2005
    Posts
    1

    Question Immunization - Spybot trys to add 139mm.com to trusted sites

    I upgraded from Spybot 1.3 to Spybot 1.4 today. When I ran the immunization both MS Antispy and Webroot SpySweeper trial version reported back that Spybot was trying to add 139mm.com to my IE trusted sites list.

    I blocked the move in MS-Anitpsy and confirmed in both the IE interface and the registry that 139mm.com was listed as a restricted site. (139mm.com keys set to "4" and no domain or range keys in the registry set to "2".

    Two questions:

    1. Why would Spybot try to add 139mm.com as a trusted site? (Or why would I receive alerts from both Antispy programs that it was trying to do so?)
    2. Is there any danger in adding sites to the restricted sites list? In researching the registry settings for internet zones, I ran across info at Symantec about several trojans that seem to do nothing but add sites to the restricted sites list. That seems like a rather harmless trojan to me.

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    1. It is a false positive. Spybot is not adding the site to the Trusted zone. I was only aware of the problem in Microsoft AntiSpyware

      http://www.safer-networking.org/en/news/2005-06-21.html
      How Microsoft defines "right away"...

      You may receive an "Internet Explorer trusted site requires approval" message from Windows AntiSpyware (Beta) if you also use the Immunize feature in Spybot Search & Destroy
      http://support.microsoft.com/default...b;en-us;902956

      The registry entries actually added by Spybot are:

      Code:
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com]
      
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com\www]
      *=dword:00000004
    2. I guess that there is some danger in some sites being to the restricted zone. For example adding anti-virus and anti-spyware sites. However, this type of malicious behavior by malware usually adds sites to the HOSTS file to prevent access rather than restrict access.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •