Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Desktop.Explorer: HideIcons.

  1. #11
    Junior Member
    Join Date
    Nov 2005
    Posts
    11

    Default

    forgot one

    Desktop.Explorer: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2092520369-249521480-832726913-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMovingBands!=W=0

  2. #12
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    scoutt:

    Several of the detections that you are getting seem to point to Windows 2000 policy registry entries. What software are you running and is this a stand-alone system or a workstation?

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #13
    Junior Member
    Join Date
    Nov 2005
    Posts
    2

    Default

    Quote Originally Posted by WDGCR
    Since the 2005/11/11 update the following entry appears after running Spybot:

    Desktop.Explorer: User settings (Registry change, nothing done)


    HKEY_USERS\S-1-5-21-3342786949-2224112030-3715366460-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\A

    dvanced\HideIcons!=W=0




    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-07-18 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2005-11-11 Includes\Cookies.sbi (*)
    2005-11-11 Includes\Dialer.sbi (*)
    2005-11-11 Includes\Hijackers.sbi (*)
    2005-11-11 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2005-11-11 Includes\Malware.sbi (*)
    2005-11-11 Includes\PUPS.sbi (*)
    2005-11-11 Includes\Revision.sbi (*)
    2005-11-11 Includes\Security.sbi (*)
    2005-11-11 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2005-11-11 Includes\Trojans.sbi (*)


    This registry entry refers to Desktop icons and deleting the entry means icons are shown on the desktop when the system is next booted.

    As I have chosen not to have icons shown on the desktop, this is not what I want.

    Apparently, since the 2005/11/11 update, Spybot considers only the default "Show Desktop Icons" to be safe.

    I hope this error will soon be corrected.
    Same thing here; using WinXP Pro... This happens since 2005-11-13 in the Fixes Logs.

    How can I fix this? I DO want to hide my desktop icons but Spybot keeps reactivating them...


    Thanks for your help!

  4. #14
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    WDGCR:
    sbourdon:

    If you do not want Spybot to scan for these potential security risks on future scans, exclude them from further searches. I suggest that you use the "Exclude this detection from further searches" option as follows:
    • To "Exclude this detection from further searches":
      • After a scan and before fix the problems, expand the detection (+ to the left of the detection).
      • Select the item (entry) that you want to exclude by left clicking on it to highlight it.
      • Then right click on highlighted detection to bring up the context menu.
      • In the context menu select "Exclude this detection from further searches".


      In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.

    To reverse the exclusion of single detections from scans:
    • Go into Spybot > Mode > Advanced mode > Settings > Ignore single entries > right click on the item and select "Remove this exclude from the list".

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #15
    Junior Member
    Join Date
    Nov 2005
    Posts
    11

    Default

    Quote Originally Posted by md usa spybot fan
    scoutt:

    Several of the detections that you are getting seem to point to Windows 2000 policy registry entries. What software are you running and is this a stand-alone system or a workstation?
    We get them on both XP and 2000. but on XP we only get 2 as in 2000 we get all three. We run Novell Desktop that will let us push down policies to the end user. No other special software running.

  6. #16
    Junior Member
    Join Date
    Nov 2005
    Posts
    2

    Default

    Quote Originally Posted by md usa spybot fan
    WDGCR:
    sbourdon:

    If you do not want Spybot to scan for these potential security risks on future scans, exclude them from further searches. I suggest that you use the "Exclude this detection from further searches" option as follows:
    • To "Exclude this detection from further searches":
      • After a scan and before fix the problems, expand the detection (+ to the left of the detection).
      • Select the item (entry) that you want to exclude by left clicking on it to highlight it.
      • Then right click on highlighted detection to bring up the context menu.
      • In the context menu select "Exclude this detection from further searches".


      In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.

    To reverse the exclusion of single detections from scans:
    • Go into Spybot > Mode > Advanced mode > Settings > Ignore single entries > right click on the item and select "Remove this exclude from the list".
    Perfect; thanks!

  7. #17
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    Default

    Quote Originally Posted by md usa spybot fan
    WDGCR:
    sbourdon:

    If you do not want Spybot to scan for these potential security risks on future scans, exclude them from further searches. I suggest that you use the "Exclude this detection from further searches" option as follows:
    • To "Exclude this detection from further searches":
      • After a scan and before fix the problems, expand the detection (+ to the left of the detection).
      • Select the item (entry) that you want to exclude by left clicking on it to highlight it.
      • Then right click on highlighted detection to bring up the context menu.
      • In the context menu select "Exclude this detection from further searches".


      In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.

    To reverse the exclusion of single detections from scans:
    • Go into Spybot > Mode > Advanced mode > Settings > Ignore single entries > right click on the item and select "Remove this exclude from the list".

    Thank you for your reply, although I was aware of how to exclude the entry, and had, indeed, done so.

    My reason for posting was a desire to have this false positive detection corrected in a future update.

    I hope this will be the case.

  8. #18
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    Default

    I'm pleased to report the Desktop.Explorer: User settings entry,

    HKEY_USERS\S-1-5-21-3342786949-2224112030-3715366460-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\HideIcons!=W=0

    isn't detected after the 2005/11/18 update.

    Such prompt attention is to be commended.

  9. #19
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    sorry for not replying earlier, I have been sick (actually still at it :( )

    well ok, now to these Policy settings:
    as you have already found out by now, some are to be considered false positives, actually my fault for forgetting that there are people out there using the XP Style or similar , sorry for that. :p

    I added a little description to the entries, so that it will be cleared up a little.

    It goes like this: "If this Item is beeing found, it does not necessarily mean an infection.
    Some Malware like CWS and Smitfraud variants change these settings.
    It is also possible that these settings have been changed by an administrator (if you have one) or by a legitimate software.

    These settings can normally not be reversed via the normal Windows User Interface.
    Some settings pose security risks and some are just annoyances.
    Also , some settings are redundant, meaning that they can be changed at various positions in the registry thus changing one value may not be enough."

    This is going to be added with the next update, expected for the end of the week.

    Maybe I should add by saying that by using the wrong entries for the policies, one can render a Windows Operatingsystem crippled and totally useless.
    At least without external tools to undo the changes.

    Forgot to mention, that I also changed the Naming, it is now as follows:
    Windows.Explorer
    Windows.System
    Windows.ActiveDesktop
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  10. #20
    Junior Member
    Join Date
    Nov 2005
    Posts
    11

    Default

    so am I to understand that they will still be reported but indicated not to be a threat?

    if this it to be true how can we push those settings down to the user.

    the latest update did not show my policy entries either.

    thank you very much, job well done.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •