Remove domains in Registry

Discussion in 'other anti-malware software' started by raydem, May 5, 2008.

Thread Status:
Not open for further replies.
  1. raydem

    raydem Registered Member

    Joined:
    May 5, 2008
    Posts:
    1
    I was following up on some responses to a search and found Wilders. One of the responses in this forum related to ... HKEY_Current_User\Software\Microsoft\Windows\Current Version\Internet Settings\Zone Map\Domains\... and Dword value's etc.

    I have recently visited my registry in an attempt to get rid of the AVS reference in Add/Remove Programs. When I looked in the above location, I saw several domains with nasty or tasteless titles. I have had some of these come up on my screen unsolicited.

    My question is whether the HKEY_ ... file can just be deleted or if it will remain there forever?

    Thanks
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    You can delete those, however, you really need to know where they came from in the first place because of the purpose of those entires.

    That is the place where the domains are stored for Internet Explorer's "sites" lists (i.e. the restricted sites and trusted sites). You can tell which those are based upon the numeric value in the dword entry. A "restricted site" would have "*"=dword:00000004 under the domain name. If that is what those are, then they are a good thing. Those entries would force IE to use the tight restricted zone security settings in case you ever browsed to any of those sites.

    If the value set is "*"=dword:00000002 then it is a trusted zone site, and the IE browser would run with trusted security levels if you visited those sites.

    Be aware that the trusted and restricted sites are all in that same exact tree structure, the only difference between them being the dword value. If you use IE's trusted sites, then deleting the entire registry key would remove your trusted sites, as well.

    Common ways the restricted sites get into that list are from tools like: SpywareBlaster, Spybot S&D, Eric Howes IE-SpyAd and similar programs that provide protection against known malicious sites. If you've used any of those, then that is where those entries came from, and they'd be worth leaving there as protection.

    If the nasty sites are all listed as trusted ("*"=dword:00000002) then that is a real problem. It could mean malware got in and added bad sites as trusted to infect you. That's less likely though then those being restricted sites added by some anti-spyware application.
     
Loading...
Thread Status:
Not open for further replies.