Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Desktop.Explorer: HideIcons.

  1. #1
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    211

    Default Desktop.Explorer: HideIcons.

    I do not understand why this is flagged by the latest (4 November) beta.sbi, I think it is a False positive.

    Desktop.Explorer: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-3090935711-3204504469-1825801191-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell!=W=1

    The value of ClassicShell has data 0 in the registry. Spybot seems to think that it should be 1.

    http://www.winguides.com/registry/display.php/1282/

    describes the settings for this key in XP. I see nothing wrong in my having it 0, which is the default. Although I do use the classic desktop, I see no reason to disable my ability to switch to active desktop shoulded I want to do so. Setting this to 1 would prevent that. What is the security risk??


    Spybot does not flag the same value at HKCU (same user account).


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-06-01 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2005-11-04 Includes\Beta.sbi (*)
    2005-02-16 Includes\Beta.uti (*)
    2005-11-04 Includes\Cookies.sbi (*)
    2005-11-04 Includes\Dialer.sbi (*)
    2005-11-04 Includes\Hijackers.sbi (*)
    2005-11-04 Includes\Keyloggers.sbi (*)
    2005-11-04 Includes\Malware.sbi (*)
    2005-11-04 Includes\PUPS.sbi (*)
    2005-11-04 Includes\Revision.sbi (*)
    2005-11-04 Includes\Security.sbi (*)
    2005-11-04 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2005-11-04 Includes\Trojans.sbi (*)

  2. #2
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    211

    Default dektop.explorer in latest beta.sbi, FP?

    Sorry, I posted in Spybot board by mistake,
    please see

    Merged
    Last edited by tashi; 2005-11-05 at 00:27.

  3. #3
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,484

    Default

    Same here:

    --- Search result list ---
    Desktop.Explorer: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-343818398-1417001333-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell!=W=1

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Thank you for reporting and brought to Team's attention.

  5. #5
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    thanks for reporting,

    this entry has been falsely added and will be removed
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    3

    Exclamation

    Yodama,

    According to the following information, desktop.explorer IS spyware, and is a SECURITY RISK:

    "The Desktop Explorer allowed us to browse through files and folders on the remote PC, including network shares, and we could view the contents of many documents (Sproqit supports about 200 file types). This would let a user remotely search for a specific document on their system and email it to a client or colleague, for example."

    http://72.14.203.104/search?q=cache:...lders%22&hl=en

  7. #7
    Junior Member
    Join Date
    Nov 2005
    Posts
    3

    Default

    It seems that it can be used for both ethical and unethical purposes, depending on the company who uses it.

  8. #8
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    211

    Default

    It may or may not be malicious, I don't know. My original post had to do with the flagging of a particulr registry key, which has nothing to do with desktop.explorer. The latest updates have removed that FP, thanks

  9. #9
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    Default Desktop.Explorer: HideIcons.

    Since the 2005/11/11 update the following entry appears after running Spybot:

    Desktop.Explorer: User settings (Registry change, nothing done)


    HKEY_USERS\S-1-5-21-3342786949-2224112030-3715366460-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\A

    dvanced\HideIcons!=W=0




    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-07-18 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2005-11-11 Includes\Cookies.sbi (*)
    2005-11-11 Includes\Dialer.sbi (*)
    2005-11-11 Includes\Hijackers.sbi (*)
    2005-11-11 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2005-11-11 Includes\Malware.sbi (*)
    2005-11-11 Includes\PUPS.sbi (*)
    2005-11-11 Includes\Revision.sbi (*)
    2005-11-11 Includes\Security.sbi (*)
    2005-11-11 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2005-11-11 Includes\Trojans.sbi (*)


    This registry entry refers to Desktop icons and deleting the entry means icons are shown on the desktop when the system is next booted.

    As I have chosen not to have icons shown on the desktop, this is not what I want.

    Apparently, since the 2005/11/11 update, Spybot considers only the default "Show Desktop Icons" to be safe.

    I hope this error will soon be corrected.

  10. #10
    Junior Member
    Join Date
    Nov 2005
    Posts
    11

    Default

    We have also been getting these as of late,

    Desktop.ActiveDesktop: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1032224200-1036351794-464265517-1005\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoComponents!=0

    Desktop.Explorer: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1032224200-1036351794-464265517-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl!=W=0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •