Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Question

dlh6213 27 Posting Maven

19 Years Ago

I spent part of yesterday defragging and running all my AV and spyware programs. Everything was clean until I ran PestPatrol, which found a pest named CWS.GoogleMS.3 located in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com. I Googled the xxxtoolbar to try to get some info on it, but all I could find were removal instructions, which I went through, but I didn't have any of the associated files. I set a reatore point and went ahead and deleted it. Here are my questions:

When I went into that Domains Registry, I was shocked by the long list of what appeared to be porn-related entries. I'd like to know
1.) Where could these have come from?
2.) Is there anything in that folder that should not be deleted?
3.) Is the folder itself necessary?

I tried to Google that Registry folder too, to find out it's purpose, but no luck with that either.

windows-virus

3 Contributors
7 Replies
936 Views
3 Days Discussion Span
Latest Post 19 Years Ago Latest Post by dlh6213

All 7 Replies

Catweazle 140 Grandad

19 Years Ago

Moved to Security section

crunchie 990 Most Valuable Poster

19 Years Ago

Do you have ie-spyad installed? It enters over 4000 sites to your registry so that IE cannot go there.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

dlh6213 27 Posting Maven Team Colleague · Answer 1 · 2004-09-15T19:30:33+00:00

I was just looking through the list more carefully and it's not all porn-related, there's a lot of typical spyware and adware stuff too. I don't see anything in the list that looks like it would be necessary.

dlh6213 27 Posting Maven Team Colleague · Answer 2 · 2004-09-16T15:08:19+00:00

Is it possible this is where the stuff Spyware Blaster installed is kept?

dlh6213 27 Posting Maven Team Colleague · Answer 3 · 2004-09-17T23:24:02+00:00

I don't have ie-spyad (though it appears a good thing to have), and there is not 4,000 entries there, I'd guess 100-200.

Is "...\Internet Settings\ZoneMap\Domains" the place where this type of information would be stored? Or should I delete all the entries there?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2004-09-18T12:05:33+00:00

Check out this link. http://www.jsiinc.com/subk/tip5100/rh5130.htm
It appears to be whatever is in your restricted zone so that IE cannot go there.

dlh6213 27 Posting Maven Team Colleague · Answer 5 · 2004-09-18T14:21:02+00:00

Thanks crunchie! That site is a bit complicated (for me), but you were able to find what I wasn't. After looking at the list, I suspected it was from SpyWareBlaster, and this confirms it. I updated SpyWareBlaster, had it enable all protection and, low and behold, xxx.toolbar.com (the one I originally deleted) is back! From now on, I know that if any of my anti-pest-ware programs find anything in here, I should just ignore it.

You can mark this one as solved! Thanks again!
(I would add to your rep again, but I have to 'spread it around' first. If anyone else reads this, give crunchie some cudos for me!)

Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Recommended Answers Collapse Answers

All 7 Replies

Recommended Answers