Page 1 of 4 1234 LastLast
Results 1 to 10 of 36

Thread: Scan Result

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    9

    Default Scan Result

    Hi all,
    My sincere apologies, I earlier may have posted this thread to the wrong forum - I hope that this is the right one! Please forgive me for causing this confusion.
    This is my first posting. After many years of using Spybot S&D the latest scan result revealed the following 3 items:-

    21.08.2006 15:40:49 - found: Windows.Security.InternetExplorer Settings
    21.08.2006 15:40:49 - found: Windows.Security.InternetExplorer Settings
    21.08.2006 15:40:49 - found: Windows.Security.InternetExplorer Settings

    --- Report generated: 2006-08-21 15:43 ---

    Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

    Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-861567501-1614895754-725345543-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

    Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
    ---------------------------------------------------------------------

    My question: Is it safe to 'fix' (remove) theses registry items?

    Many thanks in advance.
    With best regards,

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    I suggest you "Fix selected problems" on those detections unless you experienced an issue such as the one described in the following article and intentionally changed those registry entries from their default setting:

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    9

    Question Similar Situation and Question



    I logged on to post a question that turns out to be very similar to Charly's.

    I scan all the time and things always turn up clean....until today when I got this on my report:

    HKEY_USERS\S-1-5-21-631271675-1031378978-415638407-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

    I read the article in the reply to Charly's question and it does not apply in my situation. I suspect the answer is to "correct the problem".....but I'm always wary about anything to do with the Registry so I thought I'd ask.

    Thanks very much!

    Ron in RI

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Ron in RI:

    Quote Originally Posted by Ron in RI View Post
    I read the article in the reply to Charly's question and it does not apply in my situation.
    Can you explain exactly what your situation is?

    In referencing that article, I was trying to point out that there may be a valid reason to intentionally change those registry entries from their default settings of dword:00000001.

    However, if you did not intentionally change those entry entries from default setting of dword:00000001, because of that particular problem or some other specific problem, there may be a reason for concern.

    Did you intentionally change the following registry entry?

    Code:
    [HKEY_USERS\S-1-5-21-631271675-1031378978-415638407-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe]

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    Feb 2006
    Posts
    9

    Default My situation is.....

    md usa...

    No, I did not intentionally change that registry entry. (I never touch the Registry.)

    All I can say is that the HKEY_USERS...etc entry showed up, as cited, on my Spybot scan report. I'd never had anything like it show up on Spybot.

    Thanks

    Ron in RI

  6. #6
    Junior Member
    Join Date
    Aug 2006
    Posts
    5

    Default

    I'm in the same boat as Ron. I never change the registry myself but starting yesterday I am get exactly the same warning from Spybot

    Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
    HKEY_USERS\...\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
    I fixed this on my wife's user last night, rescanned and all was fine. Now it's back on my user.

    Is this really something we should worry about? I only noticed this after I updated Spybot last night and no other virus scan or spyware scan finds any errors.

    I read on this msdn article that the correct value for this key should be 1, but I don't know what to make of the value shown of "=W=1".
    http://msdn.microsoft.com/security/p...llockdown.aspx

    Can someone help...

    Chris

  7. #7
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Quote Originally Posted by UserChris View Post
    I read on this msdn article that the correct value for this key should be 1, but I don't know what to make of the value shown of "=W=1".
    The detection reads "!=W=1" which indicates "!=" (not equal) "W=1" (dword=1). In other words the registry entry is something other than a "dword:00000001".

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  8. #8
    Junior Member
    Join Date
    Aug 2006
    Posts
    5

    Default

    Update -- I just tried having S&D fix it on my user, restarted, and it's back yet again. Plus, I have my system restore turned off.

    I guess I could try to fix it in safe mode, but that get's back to the question, is this really a problem or could it be a false-positive?

    Chris

  9. #9
    Junior Member
    Join Date
    Dec 2005
    Posts
    13

    Question

    Hello again:

    I had posted about this issue yesterday:

    http://forums.spybot.info/showthread.php?t=6766

    and was referred to this thread.

    I'm still somewhat puzzled as to why this Security Lockdown issue only appeared after I downloaded the new Spybot definitions. It didn't show on a Spybot scan earlier this month. It could well be that the new definitions look for this particular problem, but I'm concerned because it isn't showing on online security checks I've run, such as Sygate, Symantec, GRC

    Nor does it show on AdAware or A-Squared [Emsisoft] scans.

    When I read that UserChris noted that the alert returns after his fixing it, I had second thoughts about fixing this entry.

    It might help to hear if other users are getting similar odd findings with this entry.

    Thanks in advance:

    -Eliuri

    Windows XP Professional Edition

    Internet Explorer 6.0

    Spybot 1.4

    Ad-Aware SE

    A-Squared Free Trojan Scanner

    Zone Alarm Security Suite 6.1.744.001

  10. #10
    Junior Member
    Join Date
    Aug 2006
    Posts
    5

    Default

    2nd update -- I've tried to fix it in safe mode and it is fine for my wife's user, but keeps coming back on my user - even when I fix it in safe mode.

    Every time Spybot reports that it was able to fix it, but when I run another spybot check (regardless if I restart or not) the same warning comes up.

    Oddly, when I navigate to that exact key using regedit, I can't find any binary data for iexplore.exe. There is a key for LOCALMACHINE_CD_UNLOCK of "0x00000001" but no associated binary data for iexplore.exe.

    md usa spybot fan, since you don't have this issue coming up on your system, can you navigate to the iexplore key and see if it has binary data for you and what it is set at? FYI, I'm running Windows XP Home, SPII, with all the latest updates.

    Any thoughts on how to fix this?

    Chris

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •