Is YOUR registry safe?????

dragonV8dragonV8 not here much New
edited November 2004 in Science & Tech
Sally was reading a report from "Spyware Doctor". One the the links metioned, caused her to check the registry on some of our other computers.

This is the registry link in question.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\******

****** representing folders found in Domains\

A few of the 1,000's found:

Domains\about-blank.biz
Domains\absolutdialer.com
Domains\activexupdate.com
Domains\adult-engine-search.com
Domains\coolwebsearch.com

I purposely left some the more obtrusive ones out as this is a family friendly site. Some, few and far between, are sites i actively use, like:

Domains\extremeoverclocking.com

Could some of you guys check your computers and see if you have these also. We found them on computers that don't surf (fold only), XP Pro, XP Home, SP1, SP2.

Is it safe to delete these? Is there a need to delete these as there are no values set.

We have NO idea where they come from as they are sites we don't frequent. :mad:

It would be interesting to know what you might find and what we can/need to do about them. :)

Also, how the hell did we get them!!

Jon

Comments

  • ketoketo Occupied. Or is it preoccupied? Icrontian
    edited November 2004
    The one and only domain there on my machine, which hasn't been reformatted in 18 months and is my every-day-all-day-XPPro surfing machine is...MSN, with '0's in the value as I don't use or ever go to MSN.

    I would *expect* that they are safe to delete, but this is a non-expert opinion. I would set a restore point and delete them - it's not like you can screw up the OS by deleting some domains ... I think, with about a 99% certainty.
  • entropyentropy Yah-Der-Hey (Wisconsin)
    edited November 2004
    attotech.com is all I found...
  • dragonV8dragonV8 not here much New
    edited November 2004
    What gets me is, we run so much protective stuff that i would like to know how it got there. With the variety of blockers in use giving an option to accept/decline, i know we would decline. :(

    I can go and delete them i guess, however with 1,000's to do it would take a while. :rolleyes:

    Makes you wonder about all these "protective" type programs. Maybe they put them on themselves to create more business for themselves. :scratch:
  • MERRICKMERRICK In the studio or on a stage
    edited November 2004
    I just looked up the reg entry that you posted (HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains\)

    Woh!!
    I can't believe how many domains are listed here. I want to delete them I think but a thought has occured to me, I use spyware blaster and the S & D Immunization tool. Perhaps these entries are put here by those progs?

    This is on my office machine which never goes anywhere that isn't 100% legit (but what does that mean?) I am confused now.

    As I look through the domains Dwords they all have the same entry except for the "legitimate" domains e.g. tucows. The DWORD values are all the same and I wonder if anyone can shed light on this. I've attached a pic:
  • AnimalAnimal
    edited November 2004
    i didn't have any on my windows xp sp1.... :confused::confused:
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    MERRICK, just wondering, do you have Spyware Shooter installed? My program will add thousands of entries into the registry, including all of the ones you listed above, in order to block those malicious sites from downloading (using the Restricted Sites feature in IE). I have SS installed (of course, since I am the creator), and my registry has the same entries in it.
  • dragonV8dragonV8 not here much New
    edited November 2004
    SpywareShooter, it appears your comments about your program adding those folders into the registry may have been the cause with our computers. Though we have not used your program, we are using Spyware Doctor, along with Adaware and Spybot S&D.

    MERRICK, our DWORD values are the same as yours. I feel we can now rest easy.

    Thanks for the replies, which i believe got to the bottom of it all. :thumbsup:

    Jon (and his Handbrake) :)
  • PauleyPauley
    edited November 2004
    I was intrested to see this thread. Hadent a clue what I was seeing when i saw the Registry Editor entries. I tried deleting them, but they came back again after a while.
  • MERRICKMERRICK In the studio or on a stage
    edited November 2004
    DragonV8 this thread has been a real gem! Thanks for starting it!
    SpywareShooter wrote:
    MERRICK, just wondering, do you have Spyware Shooter installed? My program will add thousands of entries into the registry, including all of the ones you listed above, in order to block those malicious sites from downloading (using the Restricted Sites feature in IE). I have SS installed (of course, since I am the creator), and my registry has the same entries in it.

    Hi Spyware Shooter!
    To answer your question, no I do not have (nor previously heard of) Spyware Shooter. But now you've gone and done it! You've piqued my intrest :D

    I tried the link to your web page but it came up dead so I did the direct download. I've opened it and compared the entries to my current registy I'm hesitant to install since I'd like to know if it will conflict with my current S & D and SpywareBlaster settings (I presume it won't)

    Can you give me more info on what SS is and what your development/update plans etc. are? Are you looking for input from users? I do have a "surfing computer" and I'd be open to helping out if I can.
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    No, it will not interfere with Spybot's registry entries, it will just add more malicious sites to them. If there are any that are in Spybot's database that are not in my block list, it will leave them alone. Spyware Shooter is almost like IE-SpyAd, but I have taken it a step further, and blocked sites that are not yet infecting, but are owned by the same people as the sites that currently infect computers.

    I am sorry that my site is down, my free webserver (I'm hoping to get a domain soon) goes down quite a bit. As of now it's been down for 4 days straight, so it should be coming back any time now. The FAQ on spywareshooter.50free.net will tell you a little bit about it, and if you need any more info just email me at tests@spywareshooter.50free.net (not until the host comes back up, or I will not get your email).
  • MERRICKMERRICK In the studio or on a stage
    edited November 2004
    Thanks I'm merging as we speak and feel free to PM me if you need volunteers for reg info or what not.
  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited November 2004
    OK, I blew a big chunk of time on this as well. It was simply impossible that that all those crazy domans had ever been visited by us on either of our home computers. Well, after removing the entries (and reading the latest posts in this thread), I updated SpywareBlaster (activeX, dialer, BHO prevention program), re-"immunized" the system, and voila, all the entries have returned.....as they should!
  • dragonV8dragonV8 not here much New
    edited November 2004
    MERRICK wrote:
    DragonV8 this thread has been a real gem! Thanks for starting it!





    No probs. It was Sally, the "Handbrake" that found the original entries in her computer. Upon checking found them in the rest of them also. Since she is the rather shy one in the family, left it to me to start the thread.

    We are grateful for all the replies that brought the answer to the fore. :thumbsup:
    Never too old to learn something new, especially with the variety of problems computers can bring. :)
Sign In or Register to comment.