You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- Editing the Registry
Computer Security & Viruses/Editing the Registry
Advertisement
Question
Hey,
Hopefully I can make this clear! Thanks in advance for the advice...I've looked around and was boggled by the sheer amount of info and want to ask someone who knows more than I do :)
Anyway, I have Windows XP Home, running ZoneAlarm Free, AVG free, and Spybot SD 100% of the time. About two weeks ago I noticed that whenever another computer in my network was turned on I would start getting ingoing/outgoing data requests that ZA would block. I ran full scans with AVG and Spybot and turned up nothing, so I went to download.com and added Webroot Spy Sweeper and Spy Doctor to the mix.
Now, WSS automatically detects that my comp tries to send info to about 8 different "bad" sites (oo8.com, etc...I have the list if it's important...) as soon as I turn it on, but then it quiets down. Unfortunately, it does not find anything upon a scan.
Spyware doctor, however, does! It appears I have a dialer on my machine. Spyware doctor, unfortunately, will not fix the problem as I have the free version, but it will list the registry entries that are "bad." They are:
HKCU\Software\Microsoft\Windows\CurrentVersions\InternetSettings\Zonemap\Domains\1987324.com
HKCU\Software\Microsoft\Windows\CurrentVersions\InternetSettings\Zonemap\Domains\1987324.com##
HKCU\Software\Microsoft\Windows\CurrentVersions\InternetSettings\Zonemap\Domains\1987324.com##*
HKCU\Software\Microsoft\Windows\CurrentVersions\InternetSettings\Zonemap\Domains\1987324.com\www
HKCU\Software\Microsoft\Windows\CurrentVersions\InternetSettings\Zonemap\Domains\1987324.com\www##
HKCU\Software\Microsoft\Windows\CurrentVersions\InternetSettings\Zonemap\Domains\1987324.com\www##*
So I figure I can load regedit in "run" and just delete them, correct? In fact, I even do so! As I was expecting, one of the spyware programs (Webroot SS) pops up a message saying "Regedit.exe is trying to change your security settings for Internet Explorer"
This is not the message I was expecting...I was thinking something like "Your registry is being changed" not a message dealing with protected sites. So I browsed around and started thinking that this list in the registry might be the list of protected sites (uploaded by Spybot S/D or somesuch) and what I'm about to do will actually free up the virus, or it's a false positive. The other entries in this folder are pretty suspicious looking, sex, gambling, dialer-data, etc...and there's about a million of them. If they're all bad I have some seriously horrible problems :)
Can I/Should I just go ahead and delete it out of the registry? In general, is it okay to do that? In this particular instance, do you think this could be a false positive?
Thanks for reading it all! Hope I painted a clear enough picture. I also have hijackthis logs available if you want them!
Thanks again!
Hi Blake,
It sounds like the problem is stemming from the other computers on the network, therefore the first thing I would suggest wouldbe to run a virus and spyware scan on those computers. Keep the computers disconnected from the network until you run the scans and can verify that they are clean, otherwise the problems will just return.
On each computer, using Internet Explorer, go to:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
Click the GO button, then under Virus Detection, click Start. You might be told that you need to download and install ActiveX Controls for the scan to work, answer Yes.
Write down exactly anything it finds, then go to: http://www.symantec.com/search/ and do a search for what was found. Symantec usually has a removal tool and/or directions for removing manually. Make sure that you follow the instructions for removal, step by step, especially the part regarding disabling System Restore.
Regarding spyware, I would suggest downloading Spybot - Search & Destroy 1.4, a program that removes spyware, available from:
http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp
Check for updates before running. If you have trouble getting the updates, near the top of the Update Window, click the little arrow next See-Cure #1(Europe), highlight the next one on the list, See-Cure #2 and try to download the updates. If that doesn't work, try the next one the list. until you get one you can download from. Being a free program, if too many people are using the same site to download the updates, some people will not get them.
Hope this helps!
Lorry
- Add to this Answer
- Ask a Question
Questioner's Rating
| Rating(1-10) | Knowledgeability = 9 | Clarity of Response = 10 | Politeness = 10 |
| Comment | Thanks! | ||
Related Articles
- Desktop Publishing Software for Windows - The Big List of Desktop Publishing Software for Windows
- HCL- What is the Windows Hardware Compatibility List? - Windows HCL
- Client for Microsoft Networks - How to Install the Client for Microsoft Networks
- Is Windows 7 VoIP-Friendly? Will Your VoIP Applications Work on Windows 7?
- Duload
Computer Security & Viruses
Answers by Expert:
Lorry
Expertise
I can answer most questions regarding viruses/Trojans and help to remove them.
Experience
This happens to be of interest to me as it boggles my mind that people have nothing better to do than to write a virus. Wish these people, the ones who write viruses would put the knowledge to good use instead. My job as a local tech involves removing viruses and/or spyware.
©2012 About.com, a part of The New York Times Company. All rights reserved.