Desktop.Explorer: HideIcons.

**Rosenfeld** · 2005-11-04, 20:15

I do not understand why this is flagged by the latest (4 November) beta.sbi, I think it is a False positive.

Desktop.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-3090935711-3204504469-1825801191-1007\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell!=W=1

The value of ClassicShell has data 0 in the registry. Spybot seems to think that it should be 1.

http://www.winguides.com/registry/display.php/1282/

describes the settings for this key in XP. I see nothing wrong in my having it 0, which is the default. Although I do use the classic desktop, I see no reason to disable my ability to switch to active desktop shoulded I want to do so. Setting this to 1 would prevent that. What is the security risk??

Spybot does not flag the same value at HKCU (same user account).

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-04 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti (*)
2005-11-04 Includes\Cookies.sbi (*)
2005-11-04 Includes\Dialer.sbi (*)
2005-11-04 Includes\Hijackers.sbi (*)
2005-11-04 Includes\Keyloggers.sbi (*)
2005-11-04 Includes\Malware.sbi (*)
2005-11-04 Includes\PUPS.sbi (*)
2005-11-04 Includes\Revision.sbi (*)
2005-11-04 Includes\Security.sbi (*)
2005-11-04 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2005-11-04 Includes\Trojans.sbi (*)

**RisingDiamond** · 2005-11-13, 09:17

Yodama,

According to the following information, desktop.explorer IS spyware, and is a SECURITY RISK:

"The Desktop Explorer allowed us to browse through files and folders on the remote PC, including network shares, and we could view the contents of many documents (Sproqit supports about 200 file types). This would let a user remotely search for a specific document on their system and email it to a client or colleague, for example."

http://72.14.203.104/search?q=cache:...lders%22&hl=en

**RisingDiamond** · 2005-11-13, 10:14

It seems that it can be used for both ethical and unethical purposes, depending on the company who uses it.

**Rosenfeld** · 2005-11-14, 02:09

It may or may not be malicious, I don't know. My original post had to do with the flagging of a particulr registry key, which has nothing to do with desktop.explorer. The latest updates have removed that FP, thanks

**WDGCR** · 2005-11-14, 03:30

Since the 2005/11/11 update the following entry appears after running Spybot:

Desktop.Explorer: User settings (Registry change, nothing done)

HKEY_USERS\S-1-5-21-3342786949-2224112030-3715366460-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\A

dvanced\HideIcons!=W=0

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-11 Includes\Cookies.sbi (*)
2005-11-11 Includes\Dialer.sbi (*)
2005-11-11 Includes\Hijackers.sbi (*)
2005-11-11 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-11-11 Includes\Malware.sbi (*)
2005-11-11 Includes\PUPS.sbi (*)
2005-11-11 Includes\Revision.sbi (*)
2005-11-11 Includes\Security.sbi (*)
2005-11-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2005-11-11 Includes\Trojans.sbi (*)

This registry entry refers to Desktop icons and deleting the entry means icons are shown on the desktop when the system is next booted.

As I have chosen not to have icons shown on the desktop, this is not what I want.

Apparently, since the 2005/11/11 update, Spybot considers only the default "Show Desktop Icons" to be safe.

I hope this error will soon be corrected.

**sbourdon** · 2005-11-16, 13:44

Originally Posted by WDGCR

Since the 2005/11/11 update the following entry appears after running Spybot:

Desktop.Explorer: User settings (Registry change, nothing done)

HKEY_USERS\S-1-5-21-3342786949-2224112030-3715366460-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\A

dvanced\HideIcons!=W=0

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-11-11 Includes\Cookies.sbi (*)
2005-11-11 Includes\Dialer.sbi (*)
2005-11-11 Includes\Hijackers.sbi (*)
2005-11-11 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-11-11 Includes\Malware.sbi (*)
2005-11-11 Includes\PUPS.sbi (*)
2005-11-11 Includes\Revision.sbi (*)
2005-11-11 Includes\Security.sbi (*)
2005-11-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2005-11-11 Includes\Trojans.sbi (*)

This registry entry refers to Desktop icons and deleting the entry means icons are shown on the desktop when the system is next booted.

As I have chosen not to have icons shown on the desktop, this is not what I want.

Apparently, since the 2005/11/11 update, Spybot considers only the default "Show Desktop Icons" to be safe.

I hope this error will soon be corrected.

Same thing here; using WinXP Pro... This happens since 2005-11-13 in the Fixes Logs.

How can I fix this? I DO want to hide my desktop icons but Spybot keeps reactivating them...

Thanks for your help!

**scoutt** · 2005-11-15, 20:43

We have also been getting these as of late,

Desktop.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1032224200-1036351794-464265517-1005\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoComponents!=0

Desktop.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1032224200-1036351794-464265517-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl!=W=0

**scoutt** · 2005-11-15, 21:35

forgot one

Desktop.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2092520369-249521480-832726913-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMovingBands!=W=0

**md usa spybot fan** · 2005-11-15, 22:37

scoutt:

Several of the detections that you are getting seem to point to Windows 2000 policy registry entries. What software are you running and is this a stand-alone system or a workstation?

**scoutt** · 2005-11-16, 17:21

Originally Posted by md usa spybot fan

scoutt:

Several of the detections that you are getting seem to point to Windows 2000 policy registry entries. What software are you running and is this a stand-alone system or a workstation?

We get them on both XP and 2000. but on XP we only get 2 as in 2000 we get all three. We run Novell Desktop that will let us push down policies to the end user. No other special software running.

Thread: Desktop.Explorer: HideIcons.

Thread Tools

Display

Hybrid View

Desktop.Explorer: HideIcons.

Desktop.Explorer: HideIcons.

Posting Permissions