Where Do These Come From..

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

HKEY_USERS\S-1-5-21-602162358-813497703-725345543-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap

I had an occasion yesterday when I found that a password to a website
had been cancelled as the site said it had been used too many
times,including in Japan and Germany .I got it reset altho' I hadnt
been responsible as I am the only person using the PC.
I found that using Spybot S+D several instances of Smitfraud-C but
Spybot wasn't able to delete them so i printed out the log..
I went in to Regedit and found a load of folders mainly with porn
related url's under the above key and deleted them all.I ran Spybot
again and they were definitely gone.
I take it that there is a connection betwen the two things.the
password useage and the Smitfraud-C instance.
i also use Norton Ant-Virus Internet Security/AdAware/Spybot and
Spyspotter.

tia
Stuart


--

Shift THELEVER to reply.
3 answers Last reply
More about where from
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Stuart wrote:
    >
    HKEY_USERS\S-1-5-21-602162358-813497703-725345543-500_Classes\Software\Micro
    soft\Windows\CurrentVersion\Internet
    > Settings\ZoneMap
    >
    > I had an occasion yesterday when I found that a password to a website
    > had been cancelled as the site said it had been used too many
    > times,including in Japan and Germany .I got it reset altho' I hadnt
    > been responsible as I am the only person using the PC.
    > I found that using Spybot S+D several instances of Smitfraud-C but
    > Spybot wasn't able to delete them so i printed out the log..
    > I went in to Regedit and found a load of folders mainly with porn
    > related url's under the above key and deleted them all.I ran Spybot
    > again and they were definitely gone.
    > I take it that there is a connection betwen the two things.the
    > password useage and the Smitfraud-C instance.
    > i also use Norton Ant-Virus Internet Security/AdAware/Spybot and
    > Spyspotter.
    >
    > tia
    > Stuart

    First thing to do is to uninstall SpySpotter! Look Here:
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    After that rescan with Spybot and Ad-Aware
    Ad-Aware SE - http://majorgeeks.com/Ad-Aware_SE_Personal_d506.html

    Smitfraud-C is a trojan used to steal info,like the website password you
    mentioned.
    http://www.windowsecurity.com/trojanscan/


    --
    Mike Pawlak
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    The Smitfraud-C is not completely removed by deleting the reg entry's only.
    I have manual delete instructions if you want me to post them. The
    Smitfraud-C makes a lot of changes to the infected system.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Stuart" <stuart@xpozureTHELEVER4u.plus.com> wrote in message
    news:bmnpe19r4bs2ej7n2tsmsb86boo4dtplri@4ax.com...
    > HKEY_USERS\S-1-5-21-602162358-813497703-725345543-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings\ZoneMap
    >
    > I had an occasion yesterday when I found that a password to a website
    > had been cancelled as the site said it had been used too many
    > times,including in Japan and Germany .I got it reset altho' I hadnt
    > been responsible as I am the only person using the PC.
    > I found that using Spybot S+D several instances of Smitfraud-C but
    > Spybot wasn't able to delete them so i printed out the log..
    > I went in to Regedit and found a load of folders mainly with porn
    > related url's under the above key and deleted them all.I ran Spybot
    > again and they were definitely gone.
    > I take it that there is a connection betwen the two things.the
    > password useage and the Smitfraud-C instance.
    > i also use Norton Ant-Virus Internet Security/AdAware/Spybot and
    > Spyspotter.
    >
    > tia
    > Stuart
    >
    >
    >
    >
    >
    >
    > --
    >
    > Shift THELEVER to reply.
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "Stuart" <stuart@xpozureTHELEVER4u.plus.com> wrote in message
    news:bmnpe19r4bs2ej7n2tsmsb86boo4dtplri@4ax.com...
    > HKEY_USERS\S-1-5-21-602162358-813497703-725345543-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings\ZoneMap
    >
    > I had an occasion yesterday when I found that a password to a website
    > had been cancelled as the site said it had been used too many
    > times,including in Japan and Germany .I got it reset altho' I hadnt
    > been responsible as I am the only person using the PC.
    > I found that using Spybot S+D several instances of Smitfraud-C but
    > Spybot wasn't able to delete them so i printed out the log..
    > I went in to Regedit and found a load of folders mainly with porn
    > related url's under the above key and deleted them all.I ran Spybot
    > again and they were definitely gone.
    > I take it that there is a connection betwen the two things.the
    > password useage and the Smitfraud-C instance.
    > i also use Norton Ant-Virus Internet Security/AdAware/Spybot and
    > Spyspotter.


    Spybot's Immunize and also SpywareBlaster have options to let you add
    their list of "bad" sites to the Restricted Sites security zone (and
    also optionally to block cookies from "bad" domains). So if you used
    those features then that is why all those bad sites were listed in that
    security zone: you put them there.

    I'm not familiar with SmitFraud and would have to perform the same
    Googling as yourself to get info on it, how it behaves, and what files
    and registry entries it injects. I've seen plenty of users asking about
    it so I'm sure the anti-pestware makers have it in their databases by
    now. The first place I checked, CA's virus/spyware databases, had some
    info on it; see
    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094215.

    --
    ____________________________________________________________
    For e-mail, remove "NIX" and add "#LAH" passcode to Subject.
    ____________________________________________________________
Ask a new question

Read More

Spybot Microsoft Windows XP