forgot one
Desktop.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2092520369-249521480-832726913-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMovingBands!=W=0
forgot one
Desktop.Explorer: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2092520369-249521480-832726913-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMovingBands!=W=0
scoutt:
Several of the detections that you are getting seem to point to Windows 2000 policy registry entries. What software are you running and is this a stand-alone system or a workstation?
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Same thing here; using WinXP Pro... This happens since 2005-11-13 in the Fixes Logs.Originally Posted by WDGCR
How can I fix this? I DO want to hide my desktop icons but Spybot keeps reactivating them...
Thanks for your help!
WDGCR:
sbourdon:
If you do not want Spybot to scan for these potential security risks on future scans, exclude them from further searches. I suggest that you use the "Exclude this detection from further searches" option as follows:
- To "Exclude this detection from further searches":
- After a scan and before fix the problems, expand the detection (+ to the left of the detection).
- Select the item (entry) that you want to exclude by left clicking on it to highlight it.
- Then right click on highlighted detection to bring up the context menu.
- In the context menu select "Exclude this detection from further searches".
In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.
To reverse the exclusion of single detections from scans:
- Go into Spybot > Mode > Advanced mode > Settings > Ignore single entries > right click on the item and select "Remove this exclude from the list".
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
We get them on both XP and 2000. but on XP we only get 2 as in 2000 we get all three. We run Novell Desktop that will let us push down policies to the end user. No other special software running.Originally Posted by md usa spybot fan
Perfect; thanks!Originally Posted by md usa spybot fan
Originally Posted by md usa spybot fan
Thank you for your reply, although I was aware of how to exclude the entry, and had, indeed, done so.
My reason for posting was a desire to have this false positive detection corrected in a future update.
I hope this will be the case.
I'm pleased to report the Desktop.Explorer: User settings entry,
HKEY_USERS\S-1-5-21-3342786949-2224112030-3715366460-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\HideIcons!=W=0
isn't detected after the 2005/11/18 update.
Such prompt attention is to be commended.
sorry for not replying earlier, I have been sick (actually still at it :( )
well ok, now to these Policy settings:
as you have already found out by now, some are to be considered false positives, actually my fault for forgetting that there are people out there using the XP Style or similar , sorry for that. :p
I added a little description to the entries, so that it will be cleared up a little.
It goes like this: "If this Item is beeing found, it does not necessarily mean an infection.
Some Malware like CWS and Smitfraud variants change these settings.
It is also possible that these settings have been changed by an administrator (if you have one) or by a legitimate software.
These settings can normally not be reversed via the normal Windows User Interface.
Some settings pose security risks and some are just annoyances.
Also , some settings are redundant, meaning that they can be changed at various positions in the registry thus changing one value may not be enough."
This is going to be added with the next update, expected for the end of the week.
Maybe I should add by saying that by using the wrong entries for the policies, one can render a Windows Operatingsystem crippled and totally useless.
At least without external tools to undo the changes.
Forgot to mention, that I also changed the Naming, it is now as follows:
Windows.Explorer
Windows.System
Windows.ActiveDesktop
so am I to understand that they will still be reported but indicated not to be a threat?
if this it to be true how can we push those settings down to the user.
the latest update did not show my policy entries either.
thank you very much, job well done.