Mysterious "Domains" folder in Registry.

Discussion in 'SpywareBlaster & Other Forum' started by Mike Goodfellow, Jan 12, 2005.

Thread Status:
Not open for further replies.
  1. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    I have Spyware Blaster 3.2 installed.

    Sometimes, when I run it, I get the message that 1524 items (in the Restricted Sites list) have protection disabled. When I click on the Enable all Protection instruction, the message changes to Zero items have protection disabled. However, whenever I carry out this operation, a folder called "domains" appears in the Registry loaded with about 1514 undesirable websites (dialers, sex sites, coolwebsearch sites, etc). The pathway is HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\ Internet Settings\Zonemap\Domains.

    This happens every time I run Spyware Blaster and the message about the 1524 items appears, requiring protection to be enabled.

    It happens even when the computer is disconnected from the internet.

    The inference is that it is something to do with Spyware Blaster only.

    Has this problem affected anyone else's computer?

    Has anyone got an explanation?

    Can anyone suggest what I should do about the problem other than to uninstall Spyware Blaster, or, at least, never run it.

    Mike
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Mike....Welcome to Wilders,

    Concerning the....Mysterious "Domains" folder in Registry....that is nothing more than the actual location Interent Explorer stores URL's that are added to the Restricted Zone and\or Trusted Zone. In the case of SpywareBlaster(SB)....when a user selects the Restricted Sites protection of SB....those database entries are then added to IE's designated registry location for Restrcited Sites.

    What I am not quite clear on is the part concerning 1524 entries versus 1514 entries ?

    Whether it's a coincidence or not....I don't know....but do you also use a program called IE-Spyad ?

    The reason I ask is because if I Enable SB's Restricted Sites protection....and then un-install the IE-Spyad entries via it's ie-ads-uninst.reg file....I then show 1514 items have protection disabled in SB ?
     

    Attached Files:

  3. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    Thanks for your reply. I don't have IE Spyad installed, but I do have the following, apart from SB:

    Norton Internet Security 2005
    CWShredder
    Skybot - Search and Destroy
    Lavasoft's Ad-Aware SE Personal
    Skyware Doctor

    I have done another count of the items in the Domains list in the Registry. The total is not 1514 but 1515. This includes about 22 folders, each with just one item in it. Furthermore, the list of Restricted Sites in SB is, or seems, very different form the list of items in the Domains folder, though many items are common to both. Have you an explanation for this? Is it an indication of any problem?


    Mike
     
  4. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    The message I just sent you requires an amendment: One sentence should have read: ".....but 1515. This includes about 22 folders marked with a plus sign, but each has only one item it. Furthermore, the list...."

    Apologies

    Mike
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Concerning your use of Spybot - Search and Destroy....do you use it's Immunization feature ? That feature places sites in Internet Explorer's Restricted Zone also which could be causing the confusion your having in regards to protection being disabled ? Also....since I do not use Spyware Doctor....I can not answer whether it has a feature to add sites to IE's Restricted Zone.

    I'll also add....in case you are not aware....that SpywareBlaster's 3 main features....ActiveX(clsid), Cookie and Restrcited Sites protection....are the same features Spybot impliments with it's Immunization feature. While their respective databases are not identical....they definetly share some of the same items in their database....which is where the problems\questions arise for users. When a user disables for instance....Spybot's Immunization feature....it then causes those respective entries in SpywareBlaster to then become disabled.

    The + sign your seeing next to some of the Domains are Sub-Domains. Almost ALL programs out there that add sites to IE's Domains registry key....will add them to block the whole Domain. However....there will be some entries that will be added to IE's Restricted Zone that concern only a single Sub-Domain of a particular Domain.

    For example....I might want to add Yahoo's Mail sub-domain to the Restrcited Zone but not the whole Yahoo Domain. What you would see in that valid Domains key that you mentioned above would be a Yahoo.Com folder....with a + sign next to it and a Mail folder would be visible if you clicked on the + sign.

    Hopefully your understanding that the "mystery" Domains key is a valid Internet Explorer key ?
     
    Last edited: Jan 12, 2005
  6. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    Thanks for your speedy reply and your many explanations.

    I am relieved to know that the computer has not been invaded by various undesirable programs. And I can see that I was playing ping-pong by deleting the Domains folder containing the list of undesirable sites and then re-installing it by enabling protection against them in Spyware Blaster. But, given the direct link between enabling protection in SB and the installation of the Domains folder in the Registry, can you explain why the list in SB's Restricted Sites list is not the same as the list in the Domains folder. And, surely, Spybot would set up its own folder of restricted sites in the Registry without any reference to SB, a completely different program.

    The presence of Spyware Doctor is unlikely to be relevant because I only downloaded it two days ago.

    Mike
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yep....you were deleting a valid Internet Explorer registry key....or as you refer to it....a folder.

    First and foremost....SpywareBlaster is not installing that Domains folder....or registry key to be exact....it is however adding URL's sites to that Internet Explorer Domains registry key.

    Also....the part about the "list is not the same". SpywareBlaster's Restricted Sites are listed alpha\numeric according to the column labeled Item Name and it's associated URL in the Address column. What you see in the registry is simply the URL addresses alpha\numerically....nothing referencing Item Name....because it's an Internet Explorer registry key and it does not care about Item Name.

    Same answer as above....Spybot places it's Restricted Site entries in the Internet Explorer Domains key. Neither Spybot nor SpywareBlaster installed that folder(reg key)....Internet Explorer installed that registry key.
     
    Last edited: Jan 12, 2005
  8. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    Thanks for your further informative reply. I note your correction of my terminology. I used to call folders "directories" until everyone took to calling them "folders". I now learn that folders in the Registry are called "registry keys". One lives and learns.

    I thank you for your explanations and your help.

    Bye

    Mike
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Your more than Welcome Mike....and Hopefully I didn't muddy the water in my attempt to explain.
     
  10. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    I said "bye", yesterday, but something still puzzles me. So I'm coming back to you for a further explanation.

    If the number of restricted sites in SB which have protection enabled is 1524, and, for which, the URLs are listed in the Domains registry key, and if the restricted sites, many of which, I expect are different from the SB list, in Spybot are also listed in the self-same registry key, why is the Domains key not very much larger than 1515 on my computer?

    Also, if the sites covered by Spybot are listed in some other registry key, and that particular Domains registry key relates only to SB, why the discrepancy between the 1515 and 1524 totals?

    Mike
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Mike,

    The best I can do for the above question is ask you to read the last part of my post # 7 answer and if it still doesn't make sense....Please ask again....but as I said in that answer...."Spybot places it's Restricted Site entries in the Internet Explorer Domains key". Neither....Spybot nor SpywareBlaster installed that folder(reg key)....Internet Explorer installed that registry key. Spybot does not store it's sites in a different registry key....it places it's entries in the same Domains key that SpywareBlaster does....the Internet Explorers Domains key.

    If....for example....SpywareBlaster placed an entry of www.abc.com into Internet Explorers Domains key and then you enable Spybot's Immunization feature and it has a www.abc.com entry in it's database also....it will technically overwrite the same entry that SpywareBlaster placed there because both Programs place their respective database entries in Internet Explorers Domains key.

    That implies to me that your guessing the number ?....or....are you actually counting the entries ?

    In either case....I'll do my best to try to help explain why you have a descrepancy of 9 missing entries ?

    1524-1515=9
     
    Last edited: Jan 13, 2005
  12. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Bubba

    I think you are teasing me.

    I understood what you said about IE, itself, chosing to put the list of restricted sites in the Domains registry key, whether from SB or Spybot. However, I am assuming that the list obtained from SB is different from the list obtained from Spybot but with, I expect, considerable overlap. Now, the list in the Domains registry key totals 1515 (65 pages @ 23 per page plus 20 on the final page) and the list of restricted sites in SB, alone, totals 1524. If one adds in, for example, hundreds of additional sites listed only in Spybot, then the Domains registry key total should be much higher than 1515.

    There is a discrepancy between 1515 sites in the Domains registry key, and the 1524 restricted sites in SB.

    There is an even greater discrepancy between 1515 sites in the Domains registry key and the 1524 sites in SB plus a large unknown number of sites from Spybot.

    I do understand that 1524 - 1515 = 9. But thanks for pointing it out.

    Mike
     
  13. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    Before I put the Domains topic to rest, I would appreciate a reply to my last message in which I noted certain discrepancies which puzzle me.


    A totally unrelated question: does Wilders Security Forums accept computer-related questions which have nothing to do with computer security?

    I have a question related to a malfunction in Yahoo Messenger. I have tried to get help from Yahoo's own help sites but could not find anyone whom I could contact directly, and their FAQs were of no help. I guess it would not be appropriate to submit the question to WSF. But I would appreciate it if you could direct me to a site where I can communicate directly with an expert on Yahoo systems.

    Thanking you in anticipation.

    Mike
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    No Mike....I really was attempting to assist you....and in my own way....explain it the best I could.

    On the surface you might view that as a smart ass response....but....I can assure you I in no way meant it that way. I was....as you can see in my above posts....spelling it out the best I could and that was simply part of the post....nothing more nothing less.

    Concerning your problems and Yahoo.
    You might not choose to use my assistance as a yard stick....but I am somewhat prejudice with the wonderful help we have in our Forums here and Yahoo type questions would be placed in our Software & Services Forum

    If ever in doubt....feel free to start a thread in our General Topics Forum....and we as Moderators will find it's more appropriate home.
     
    Last edited: Jan 17, 2005
  15. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    First of all thanks for suggesting the Software & Services Forum (and also General Topics Forum) as a suitable place to air my Yahoo Messenger problem.

    Until a few days ago, I did not know of the existence of Computer Forums, coming across them in Yahoo Groups when trying to find a solution to my Messenger problem. When I presented my "domains folder" problem to them, the replies I got were unhelpful and obviously provided by people who knew as little about computers as myself. A Google search for Spyware Blaster, which I suspected to be at the root of the problem, threw up the name of the Wilders Security Forum, and I was greatly surprised to have my problem addressed by a computer expert - and free of charge. You, and other moderators, seem to be working full time. So who pays your wages? How is WSF (and how are other similar sites listed on ASAP's home page) funded?

    You have answered the problem I presented originally by explaining that Internet Explorer transfers the list of restricted sites provided by SB and Spybot into the Domains registry key, but what I do not understand is the discrepancies between the numbers as explained in message No #12.

    Saying this: "In either case....I'll do my best to try to help explain why you have a descrepancy of 9 missing entries ?

    1524-1515=9"

    in response to the following: "Quote:
    why is the Domains key not very much larger than 1515 on my computer

    That implies to me that your guessing the number ?....or....are you actually counting the entries ? "

    makes no sense to me.

    Maybe I am missing something, but please re-read message No #12 and then see if I have point that needs elucidation.

    The numbers don't make sense !!!


    Mike
     
  16. Mike Goodfellow

    Mike Goodfellow Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    17
    Hi, Bubba

    I'm still waiting and hoping for a reply to my last message (No #15).

    I just checked with Spybot, and here are some further figures. Spybot tells me that there are "1482 bad products already blocked. 850 aditional protections possible. Please immunize. OK".

    Spyware Blaster enables protection against 1524 items.

    The Registry Domains key contains 1515 itmes.

    Now, even if there is considerable overlap of the bad items in Spybot and SB, the list of URLs in the Domains registry key should, surely, be very much larger than 1515.

    If, as you tell me, IE creates only one registry key to hold the list of undesirable URLs - from both SB and Spybot - can you, please, explain, why the list in the Domains key is not very much larger than it is?

    And why does Spybot continually ask me to immunize the additional 850 items? Isn't one request, and one OK, enough to add the 850 to the 1482 to make 2332?

    Mike
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Mike,

    Sorry for not responding sooner....my duties here the last few days has taken a back seat to offline life.

    I'll be glad to attempt to assist you on the 1515 items vs 1524 items....but....only if we take Spybot out of the loop and any other programs that place Restricted Sites in IE's Restricted Zone....and one of the reasons being....there is definetly overlap in the Restricted Site entries contained in Spybot's database....and while I have the latest #'s for Spybot in respect to it's Restricted Sites list....I'd rather not have to cross check that database with SpywareBlaster's database....Fair enough ?

    If by chance you care to continue in that direction....I'll ask you to export the below Domains registry key....then delete that Domains registry key only.... and then enable SpywareBlaster's Restricted Sites protection. This will then assure us that you are then counting only the Restricted Sites that SpywareBlaster is adding. If you need assistance of how to export a single registry key....do not hesitate to ask.

    This registry key:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    Also....I'd like to ask you to take a look at your post # 3 above....in particular where you mention...."includes about 22 folders, each with just one item in it." That may add to your confusion concerning one of the questions you are having....considering you should be seeing....with the latest database of 1/08/05....24 Domain folders with a + sign(Sub-Domains) next to them and a couple of those Domains definetly have more than one item in it. In fact there should be 31 Sub-Domains counted if you count them after selecting the + sign next to those Domains. If we take that into account....and only what Spywareblaster adds to the Domains key....you definetly should see less Domain folders than a number of 1524.

    I'll attempt to assist you with that question when we your post # 15 is answered....or we reach a point of I can't explain what you are seeing as far as difference in numbers.

    Also....since this Spybot question involves Spywareblaster to a small degree....I'll assist with that problem in this thread up until the point I might have to ask you to pose that question in our privacy software Forum....where issues for Adware\Spyware Programs are discussed.
     
    Last edited: Jan 17, 2005
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Mike,

    I was able to do a little checking....and below is what I found as far as the numbers go.

    As of the 1/08/05 SpywareBlaster update....Restricted Sites only:

    • 1546 total Domain and Sub-Domain registry keys created....1515 Domains & 31 Sub-Domains
    • 24 of the Domain keys created the 31 Sub-Domain keys....with 2 of the 24 Domains having protection....and the other 22 Domains not having protection.
    • 1546 total Domains minus 22 Domains not having protection equals the 1524 entries reported by SpywareBlaster

    If you agree with that....we can then talk about your Spybot question if you wish.
     
  19. guy

    guy Guest

    The "850 Additional Bad Products'" in Spybot includes kill bits and cookie protections so as long as he's not deleting the keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

    AND

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

    This messege should not be reappearing and Immunizing 'once' should be enough. :)
     
Thread Status:
Not open for further replies.