Scan Result

**folsombob** · 2006-08-26, 07:13

Thanks, Eliuri!

**folsombob** · 2006-08-26, 07:14

Thanks, Eliuri!!

Originally Posted by eliuri

Hello folsombob:

You might wish to try the following:

In IE go to: Tools--->Internet Options--->Advanced.

Scroll down to Security.

Uncheck the following top two boxes [if checked]:

--Allow active content from CDS to run on My Computer

--Allow active content to run on files on My Computer

If you run the Spybot scan again, you might not get that

Windows.Security.Internet Explorer

-Eliuri

**Charly** · 2006-08-27, 02:42

Hi Eliuri,

I unchecked the second item (the first one was unchecked already) and a
consequent scan revealed the following:-
--- Search result list ---
Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Regards,

**folsombob** · 2006-08-27, 05:22

Eliuri and all

Recently I installed Adobe Creative Suite 2 (CS2), downloaded the new definitions, got the same error as those on this thread, but also, ALL of my .htm and .html file icons have turned to the generic icon, as if there were no program to open the files.

They are clearly associated with IE, open with IE when double-clicked upon, and in Folder Options/File Types/ I can see the association, and they open with IE when double-clicked upon.

Coincidence? Related? Bad timing? Bad luck?

Thanks,

folsombob

**eliuri** · 2006-08-27, 08:11

Folsombob wrote:

"They are clearly associated with IE, open with IE when double-clicked upon, and in Folder Options/File Types/ I can see the association, and they open with IE when double-clicked upon."

Hello folsombob:

I really don't know much about the technical aspects here, and what I posted last week was based on my own experience with this. I'm not familiar with Adobe Creative Suite.

But having said that, let me hazard a guess as to what might have happened here, and I suppose you can test it out rather easily.

When you prevented active content from running files on your computer, you essentially told IE not to run active content associated with .htm or .html files. Perhaps that's what's needed to enable those particular file icons from showing in their non-generic form. You might test this out by rechecking in that box in the Advanced--> Security scroll down in Internet Options. By reallowing it, you might get those icons to display as before. If so, I guess it's up to you if you wish to override this security setting of IE.

Another approach might be to install Mozilla-Firefox and to set it as your default browser , just to see if those earlier icons are restored. You can readily switch back to Internet Explorer as your default browser if you want to or if it doesn't resolve this. I find it much easier to get customized icons on Firefox than it is with IE and supposedly, they incur little if any security risks.

Might help and unlikely to hurt...

Good luck:

-Eliuri

**eliuri** · 2006-08-27, 12:03

Originally Posted by Charly

Hi Eliuri,

I unchecked the second item (the first one was unchecked already) and a
consequent scan revealed the following:-
--- Search result list ---
Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
Regards,

Hi again, Charly:

The possibility of this being a false positive has recently been raised in a few microsoft.public newsgroups. Hopefully, this will be sorted out soon. Might be best to leave it alone till the matter is resolved.

Check at:

microsoft.public.internetexplorer.security

and

microsoft.public.internetexplorer.general

with regard to an August 25 post on this matter.

I access those newsgroups via Outlook Express.

If I were you, I'd leave it as is till this matter is clarified.

Take care:

-Eliuri

**Viral** · 2006-08-27, 20:22

Spybot was reporting Windows.Security.InternetExplorer continuously on my machine too, even after repeated 'cleans'. I checked my Internet Explorer advanced options and none of the following suspect options was checked (first three items under the sub-heading Security):

Allow active content from CDs to run on My Computer
Allow active content to run in files on My Computer
Allow software to run or install even if the signature is invalid

So I checked and then unchecked each of them and clicked Apply. Then I clicked OK to close the Internet Options dialogue and reran Spybot; no problems!

**Mele20** · 2006-08-28, 01:30

What I'd like to know is why when I right click on this key which Spybot has flagged after the latest definitions were installed

Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1627089689-3221996064-4092179728-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

Spybot takes me to this key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates
\AuthRoot\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C

A key regarding Root Certs has nothing to do with the key detected by Spybot as having changed. This odd discrepancy alerted me immediately to the possibility of a FP. I am telling Spybot to ignore this until we get some official determination about it.

**md usa spybot fan** · 2006-08-28, 06:08

Mele20:

I believe that you may be misinterpreting what is happening.

It appears that expanding the Windows.Security.InternetExplorer detection, highlighting and right clicking on the detailed entry > selecting "More details" > "Jump to location" opens the Registry Editor. However, it appears to me that the Registry Editor opens to wherever it was left when it was last use, not to the specific registry key in the detection or any other specific entry.

**Charly** · 2006-09-03, 12:21

Hi Eliuri,
sorry for pestering you again but the latest scan result still show the same old findings:-

--- Report generated: 2006-09-03 16:56 ---

Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
---------------------------------------------------
I followed the recommendations as posted by "Viral" dated 08/27/06 19:22 but without any success.
Was wondering if anything *new* has transpired to rectify these persistent findings.
I am a novice and my computer terminologies are not up to scratch but am willing to try anything. If available, would appreciate some easy-to-read 'cum' easy-to-implement guidance.

With best regards,
Charly.

Thread: Scan Result

Thread Tools

Display

Me, too!

Me, too!

Related or coincidence?

IE oddity

Posting Permissions