Ice Sword, Gmer, (and finally, Spybot)...

a) Any good tutorials about, for these two programs? As they are supposed to be the current top dogs, I'd like to learn about them.

b) Spybot found that localmachine lockdown had apparently been altered and set it back to correct status, re MS site info (for SP2). My brother uses IE for surfing, I don't, but he is not a porno/music/swapping or downloading sort and so I wondered, what/how was the possible cause of lockdown change - assuming this wasn't another Spybot FP?

 

Going only by the info supplied....would my assumption be right if I said Spybot reported the Windows.Security.InternetExlorer product and the below registry entry ?

If that is the case that Security.sbi(Windows.Security.InternetExlorer) file set entry was added to Spybot's 2006-8-11 updates due to the fact certain downloaded toolbars of late are being found to alter that setting which can affect a users "My Computer Zone" settings.

However....that same entry will be flagged if a user has altered an IE recommended default setting under Tools\Internet Options\Advanced tab....Security section....Allow active content to run in files on My Computer. If that entry has a check mark next to it....the FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe registry dword entry mentioned above will be changed from a recommended setting of 1(unchecked) to a 0(zero) signifying checked and it is that setting that causes Spybot to flag that entry.

While that informational find can not be classified as a False Positive....it will cause a level of concern for some users in regards to thinking they have a malware type problem.

Bubba

 

http://www.castlecops.com/t161249-Rootkit_removal_tools.html

Cheers.

Alphalutra1