topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 9:43 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Strange sites in my registry  (Read 11157 times)

tinyvillager

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 444
    • View Profile
    • Donate to Member
Strange sites in my registry
« on: November 22, 2005, 07:11 PM »
I practice good computer hygene,anti-virus,anti-malware,reg cleaners,and anti-spyware.
I was going through my registry last night and found this list of sites from casinos to porn.
Could this be a preconfigured list of no-no's from a security app i have installed or could
something funky be going on?

I have spybot and adaware for anti-spyware,f-prot for anti-virus,Outpost Pro for firewall and Boclean for malware.

 

tinyvillager

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 444
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #1 on: November 22, 2005, 07:15 PM »
It's under a key which  is called zone map which trickles down to a domain folder which trickles down to like a hundred or so domain names that look like porn or gambling.

And honestly i don't go to these types of sites,honestly,seriously.

brotherS

  • Master of Good Ideas
  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 2,260
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #2 on: November 23, 2005, 03:39 AM »
I just checked and also found a few casino URLs in my registry. I believe some adware that's long gone placed them there and don't think they can do any harm where they are.

It really seems to be true that if you want a 'clean' system you need to format C: and install everything from scratch again at least once a year...  :(

Btw, statistics showed that
- 98 out of 100 men visit XXX sites every now and then
- ...and that 2 out of 100 were lying when asked

;)

tinyvillager

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 444
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #3 on: November 23, 2005, 06:45 AM »
 ;D

This leaves me miffed,i just did a fresh install like two weaks ago.I've been using Opera,holding off on installing
Firefox until 1.5 lands stable.But back on point i don't see how something could seep into the registry when
my cookies are always disabled,firewall up,anti-spyware ah'scann'in(btw anti-spyware,anti-virus did no alert
me of this)after i uninstall software, i use total uninstall, i still go through the registry manually,that's how i
found this,and i'll be honest :-\ the skin pix i look at are on ,well, not the hardest of core sites,none of that
fourth level domain,"virgin teen" being abused by a horse crap.Not knock'n it if your into that sort of thing.

This reponse is getting too honest,what's up with my Registry dammit :mad:

P.S.
If i don't respond to this thread until monday,it's because i'm leaving town for Thanksgiving.
Have a great Holiday.
« Last Edit: November 23, 2005, 06:47 AM by tinyvillager »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Strange sites in my registry
« Reply #4 on: November 23, 2005, 06:54 AM »
it seem like that it could be from a spam BLOCKER.

m_s

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 433
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #5 on: November 24, 2005, 05:55 AM »
I wondered if this might be related to your Hosts file, so I did a Google search on one of the registry locations (yes, I have these URLs in my registry too), and it turns out they are put there by Internet Explorer security settings - here's a link to a MS site: http://support.micro...92121124120121120120

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Strange sites in my registry
« Reply #6 on: November 24, 2005, 07:07 AM »
Hmm, didn't think Opera had the kind of security holes that lets sites add themselves to the "trusted zone" (which I believe is what those registry entries are all about).
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Strange sites in my registry
« Reply #7 on: November 24, 2005, 07:44 AM »
doesnt it seem more likely that they are in a list of sites that are initialized as being NOT trusted.

m_s

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 433
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #8 on: November 24, 2005, 08:14 AM »
That's how the Hosts file works, so that's what I figured they must be. 

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Strange sites in my registry
« Reply #9 on: November 24, 2005, 08:25 AM »
That's how the Hosts file works, so that's what I figured they must be. 

No, the hosts file simply overrides normal DNS name resolution.
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Strange sites in my registry
« Reply #10 on: November 24, 2005, 08:41 AM »
first, when did we say these were in the hosts file?
second, if the hosts file pointed them to a nonexistent url or a special blocked url then it would serve as a block against them.

randiroo76073

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 27
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #11 on: November 24, 2005, 08:42 AM »
It's definitly host file connected, I've got a custom host file that runs to several thousands & I think they were all listed under that key[got tired of scrolling & cross cking] ;D
Randy
98se/sp2/982ME/Revolutions 2.1
Firefox/Kmeleon
ASUS-A7V400MX,AMD-2400+Sempron,1gb-Kingston ddr2700

Some ask Y, I say Ynot!

m_s

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 433
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #12 on: November 24, 2005, 08:53 AM »
I didn't mean that was its mechanism, but its result.  The sites listed in your hosts file and mapped to 127.0.0.1 or 0.0.0.0 will not be reachable; my guess is that this registry list of strange sites is doing something similar.  

m_s

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 433
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #13 on: November 24, 2005, 08:59 AM »
Here's another little something from an antiquated discussion on a site called TechWeb (http://www.techweb.c.../fixes/2000/0811.htm):

"For Internet sites, IE assumes they're in the Internet zone unless they're listed in the zone map, which you can find at HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap . Of particular interest is the Domain key under ZoneMap. If a domain is listed in the zone map, it also contains the zone number it's been assigned. So, if you put doubleclick.com into the Restricted Sites zone, it would be listed here with a value of 4. There's also a Ranges subkey of ZoneMap that is used to block specific ranges of IP addresses. If you put an IP like "123.45.67.89" (instead of a domain) in the sites list, it ends up here."


So if something is listed in the ZoneMap, it does the same thing - I mean it has the same effect! - as when it's included in the Hosts file and mapped to 127.0.0.1 or 0.0.0.0

tinyvillager

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 444
    • View Profile
    • Donate to Member
Re: Strange sites in my registry
« Reply #14 on: November 28, 2005, 12:27 AM »
Thanks for reponses.Seeing how i've scanned with all sorts of scanners(rootkit,ant-virus;malware,etc)I think it's just part of a blocklist.Opera does imitate IE,so that might be something,don't know.I'm thinking it's nothing major
at this moment.Outpost tracks all incoming and outgoing and i've never seen them show up in the outpost logs.