Jump to content

Manually Removing Certain Registry Key Types

Guest Scott

By Guest Scott
in Windows XP

 Share

Recommended Posts

Guest Scott

Guest Scott

Posted
Posted

What are the possible consequences of manually removing the following type

of registry key:

 

hkey_local_machine \software\microsoft\windows\currentversion\internet

settings\zonemap\domains\ (website)

 

If my understanding is correct, the values of this key will set the

security/privacy settings of the IE browser for the specified website. For

the case of malware, the malware would create this key and set the security

level to "Trusted" for the website. It would then direct the browser to the

website and run more malicious code from that site.

 

Using REGEDIT, I looked to see how many keys I had of this type and found a

huge amount. I estimate about 500. None of the websites are those that I

visit regularly, or maybe never visited at all. A lot of them seem to have

foreign domains. I want to get rid of them. It seems like the registry saves

everything.

 

There is also the potential embarrassment factor. A worst case scenario is

that a computer savy girlfriend inspects my registry and demands to know why

I have a key from moscowwhores.com. I don't remember ever visiting this site

and it's not really the way I roll.

 

These keys have two parameters: REG_SZ (value not set) and REG_DWORD =

0x00000004 (4)

Can anyone tell me what these values mean?

 

What could go wrong if I engage in mass deletement of these type of keys.

 

Thanks

Scott

Los Angeles

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Alan Edwards

Guest Alan Edwards

Posted
Posted

Re: Manually Removing Certain Registry Key Types

 

If you remove them, you won't have any sites there and I suspect they

are Restricted sites as indicated by REG_DWORD = 0x00000004 (4), not

Trusted sites and probably put there by one of your security programs

(Spybot perhaps?)

 

The key,

"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains" is empty by default.

 

Read here for a bit more information:

 

Description of IE Security Zones Registry Entries [182569]

http://support.microsoft.com?kbid=182569

 

or here:

Adding unwanted sites to the Internet Explorer Restricted Zone

http://mvps.org/winhelp2002/restricted.htm

 

....Alan

--

Alan Edwards, MS MVP Windows -Internet Explorer

http://dts-l.com/index.htm

 

On Fri, 29 Aug 2008 17:19:49 -0700, in

microsoft.public.windowsxp.general, "Scott" <scott@adelphia.net>

wrote:

>What are the possible consequences of manually removing the following type

>of registry key:

>

>hkey_local_machine \software\microsoft\windows\currentversion\internet

>settings\zonemap\domains\ (website)

>

>If my understanding is correct, the values of this key will set the

>security/privacy settings of the IE browser for the specified website. For

>the case of malware, the malware would create this key and set the security

>level to "Trusted" for the website. It would then direct the browser to the

>website and run more malicious code from that site.

>

>Using REGEDIT, I looked to see how many keys I had of this type and found a

>huge amount. I estimate about 500. None of the websites are those that I

>visit regularly, or maybe never visited at all. A lot of them seem to have

>foreign domains. I want to get rid of them. It seems like the registry saves

>everything.

>

>There is also the potential embarrassment factor. A worst case scenario is

>that a computer savy girlfriend inspects my registry and demands to know why

>I have a key from moscowwhores.com. I don't remember ever visiting this site

>and it's not really the way I roll.

>

>These keys have two parameters: REG_SZ (value not set) and

>Can anyone tell me what these values mean?

>

>What could go wrong if I engage in mass deletement of these type of keys.

>

>Thanks

>Scott

>Los Angeles

>

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: Manually Removing Certain Registry Key Types

 

You'll totally reset most of your settings in IE Tools | Internet Options |

Security | [zone] | Sites, including sites put in Restricted Sites zone by

your security applications (e.g., Spybot).

 

If running IE7 and rather than going & messing about in the Registry, use

this option instead: IE Tools | Internet Options | Security | Reset all

zones to default level

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

Scott wrote:

> What are the possible consequences of manually removing the following type

> of registry key:

>

> hkey_local_machine \software\microsoft\windows\currentversion\internet

> settings\zonemap\domains\ (website)

<snip>

Guest Alec S.

Guest Alec S.

Posted
Posted

Re: Manually Removing Certain Registry Key Types

 

Scott wrote (in news:ORomdYjCJHA.2496@TK2MSFTNGP04.phx.gbl):

> What are the possible consequences of manually removing the following type

> of registry key:

>

> hkey_local_machine \software\microsoft\windows\currentversion\internet

> settings\zonemap\domains\ (website)

 

That key is good, don’t delete it. SpyBot and SpywareBlaster regularly add

things to it to protect you from those bad websites. Of course if you don’t go

to them, then there’s no problem, but even if you don’t go on purpose, you never

know when a rogue hyperlink or script redirect will send you to one. It’s just

like the HOSTS file. SpyBot adds entries to that as well to block bad sites.

 

As Martha Stweart would say, it’s a good thing.

 

> If my understanding is correct, the values of this key will set the

> security/privacy settings of the IE browser for the specified website. For

> the case of malware, the malware would create this key and set the security

> level to "Trusted" for the website. It would then direct the browser to the

> website and run more malicious code from that site.

 

SpyBot and its ilk check to see if any of the keys they know are set to trusted

and set them back to blocked.

 

> Using REGEDIT, I looked to see how many keys I had of this type and found a

> huge amount. I estimate about 500. None of the websites are those that I

> visit regularly, or maybe never visited at all. A lot of them seem to have

> foreign domains. I want to get rid of them. It seems like the registry saves

> everything.

 

Yup, some security app added them to protect you. Unfortunately a lot of the bad

sites are indeed foreign (to North America). McAfee recently released a list of

the most dangerous places on the web and foreign domains dominated.

 

http://www.mcafee.com/us/about/press/corporate/2008/20080604_181010_g.html

 

> There is also the potential embarrassment factor. A worst case scenario is

> that a computer savy girlfriend inspects my registry and demands to know why

> I have a key from moscowwhores.com. I don't remember ever visiting this site

> and it's not really the way I roll.

 

What’s embarrassing about Moscow Whores? :D A computer savvy girlfriend who

inspects your registry would be savvy enough to know about security software,

and would be a heck of a catch. ;)

 

I just checked moscowwhores.com and was blocked by Spybot; it didn’t even give

the option to allow, only deny was enabled. (I’ve always wondered what the

block-pages-in-IE option of Spybot is, but I’d never seen it in action before.

Now, I finally know what it does. Thanks!)

 

> These keys have two parameters: REG_SZ (value not set) and REG_DWORD =

> 0x00000004 (4)

> Can anyone tell me what these values mean?

 

The string is not actually a value, that’s just part of every registry key and

unless it’s specifically set, it means nothing. The * value determines IE’s

security setting for that domain. You can view a list of domains the “safe way”

by going to IE->Tools->Options->Security->Restricted Sites->Sites.

 

> What could go wrong if I engage in mass deletement of these type of keys.

 

You won’t be protected. It’s like uninstalling your anti-virus/firewall/etc.;

chances are that nothing will happen, but chances are you will get infected.

 

 

--

Alec S.

news/alec->synetech/cjb/net

Guest Anteaus

Guest Anteaus

Posted
Posted

Re: Manually Removing Certain Registry Key Types

 

These settings only affect IE in any case. Get a better browser would be my

advice, then the issue is academic.

 

"Scott" <scott@adelphia.net>

wrote:

>What are the possible consequences of manually removing the following type

>of registry key:

>

>hkey_local_machine \software\microsoft\windows\currentversion\internet

>settings\zonemap\domains\ (website)

Guest Alec S.

Guest Alec S.

Posted
Posted

Re: Manually Removing Certain Registry Key Types

 

Anteaus wrote (in news:A9072823-4258-48FC-83EE-D2EE9E1D6B64@microsoft.com):

> These settings only affect IE in any case. Get a better browser would be my

> advice, then the issue is academic.

 

 

First of all, “better” is subjective; I have recently stopped using FireFox and

gone back to IE for most things because FireFox was a huge pita and has recently

started locking up when I exit it—not to mention that it becomes slow and

bloated once you start adding extensions to make it useful.

 

Second, your statement is not really true anyway; the policies affect the IE web

engine which is used in things other than just the IE browser. For example, any

app that uses the CHtmlView class would be subject to these security policies

and any vulnerabilities.

 

--

Alec S.

news/alec->synetech/cjb/net

 

 

> > What are the possible consequences of manually removing the following type

> > of registry key:

> >

> > hkey_local_machine \software\microsoft\windows\currentversion\internet

> > settings\zonemap\domains\ (website)

 Share
Go to topic listing
×
×
  • Create New...