 |  |  |  |  |  |  |  |
Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 |
I spent part of yesterday defragging and running all my AV and spyware programs. Everything was clean until I ran PestPatrol, which found a pest named CWS.GoogleMS.3 located in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com. I Googled the xxxtoolbar to try to get some info on it, but all I could find were removal instructions, which I went through, but I didn't have any of the associated files. I set a reatore point and went ahead and deleted it. Here are my questions:
When I went into that Domains Registry, I was shocked by the long list of what appeared to be porn-related entries. I'd like to know
1.) Where could these have come from?
2.) Is there anything in that folder that should not be deleted?
3.) Is the folder itself necessary?
I tried to Google that Registry folder too, to find out it's purpose, but no luck with that either.
When I went into that Domains Registry, I was shocked by the long list of what appeared to be porn-related entries. I'd like to know
1.) Where could these have come from?
2.) Is there anything in that folder that should not be deleted?
3.) Is the folder itself necessary?
I tried to Google that Registry folder too, to find out it's purpose, but no luck with that either.
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#2 Sep 15th, 2004
I was just looking through the list more carefully and it's not all porn-related, there's a lot of typical spyware and adware stuff too. I don't see anything in the list that looks like it would be necessary.
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#3 Sep 15th, 2004
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#4 Sep 16th, 2004
Is it possible this is where the stuff Spyware Blaster installed is kept?
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#5 Sep 17th, 2004
Do you have ie-spyad installed? It enters over 4000 sites to your registry so that IE cannot go there.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#6 Sep 17th, 2004
I don't have ie-spyad (though it appears a good thing to have), and there is not 4,000 entries there, I'd guess 100-200.
Is "...\Internet Settings\ZoneMap\Domains" the place where this type of information would be stored? Or should I delete all the entries there?
Is "...\Internet Settings\ZoneMap\Domains" the place where this type of information would be stored? Or should I delete all the entries there?
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#7 Sep 18th, 2004
Check out this link. http://www.jsiinc.com/subk/tip5100/rh5130.htm
It appears to be whatever is in your restricted zone so that IE cannot go there.
It appears to be whatever is in your restricted zone so that IE cannot go there.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
0
#8 Sep 18th, 2004
Thanks crunchie! That site is a bit complicated (for me), but you were able to find what I wasn't. After looking at the list, I suspected it was from SpyWareBlaster, and this confirms it. I updated SpyWareBlaster, had it enable all protection and, low and behold, xxx.toolbar.com (the one I originally deleted) is back! From now on, I know that if any of my anti-pest-ware programs find anything in here, I should just ignore it.
You can mark this one as solved! Thanks again!
(I would add to your rep again, but I have to 'spread it around' first. If anyone else reads this, give crunchie some cudos for me!)
You can mark this one as solved! Thanks again!
(I would add to your rep again, but I have to 'spread it around' first. If anyone else reads this, give crunchie some cudos for me!)
|
Similar Threads
- Help! Can't get rid of security software that mimics windows! (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: help stopping spyware
- Next Thread: NPF Driver?!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit facebook fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista war warning windows worm yahoo zeroday
