Zonemap Domains

[Bernardus]

In the register I found even hundreds of strings with this kind of links.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\beautypornpost.com

Also many with "casino"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casino-onlines.net

Since I didn't trust it, I removed them, but some time later again hundreds showed up.
Found out that Spybot may use this strings?
Are they safe or should I destroy these?

If safe, how to restore that list?

 

[4wd]

ZoneMap\Domains shows the sites set as 'Trusted Sites' in IE (fyi, I only got paypal and my bank in that list). You very probably got some malware that needs to be found and eradicated.

 

[Bernardus]

So it is safe to eliminate all further stuff?
I have read that some of that malicous casino's installed a bug to spybot because they detected their malware..
Spybot than replied with legal charges.

Thanks for you reply

 

[4wd]

Hello, you can delete all these socalled trusted sites. Some hints: full scan with malwarebytes, then your usual antivirus. Then run full scan with this: aswMBR (click 'yes' to include the latest virus definitions), and these junk removers: Junkware Removal Tool | Information about the tool & AdwCleaner Download

 

[Bernardus]

After a clearing of this crap, I ran an update and "immunisation" of Spybot,
I got 926 pornsites back in the reg.!
Zonemap/ domains and Zonemep esc.domains????

Plus 754 Casino's, also in Zonemap/ domains plus Zonemap/ esc. domains!!!
See what your suggestion wil change to this.

Think I found the cause.
In Windows/sys32/drivers/etc/hosts there is a list with thousands of pornsites which probably? belongs to Spybot search and destroy.

It contains something like this

127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 xxokoriq.cn
127.0.0.1 www.xxxallvideo.com
127.0.0.1 xxxallvideo.com
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 xxxl-cash.net
127.0.0.1 www.xxxl-cash.net
127.0.0.1 xxxmovietour.com
127.0.0.1 www.xxxmovietour.com
127.0.0.1 xxxpornmovs.com
127.0.0.1 www.xxxpornmovs.com
127.0.0.1 xxxteenfilm.com
127.0.0.1 www.xxxteenfilm.com
127.0.0.1 xxx-testen.de
127.0.0.1 www.xxx-testen.de
127.0.0.1 xxxtoolbar.com
127.0.0.1 xxxvideos.sso9523.com
127.0.0.1 www.xxxzonevideo.com
127.0.0.1 xxxzonevideo.com

 

[Callender]

Spybot S&D

Hi,

I haven't used Spybot S&D for some time. Last time was a couple of years ago. As far as I know the Immunize feature adds some websites to the restricted zone in Internet Explorer. That means that they're blocked.

As far as the hosts file entries go - it's nothing to worry about. It just means that connection to the sites listed will not be possible.

The only problem that you'll encounter is when you want to visit a site that's blocked. Or if you use a very large hosts file that contains thousands of entries like the one that I'm using it will drastically slow down the machine. There's a workaround.

 

[Bernardus]

I understand your argument, however there are Zone Domains and Esc. domains and I don't know which one is OK?
Thought that Zone Domains contained the bad guys and Esc. Domains the good one's ?
Thanks for your replies.

 

[Callender]

Zone Map

See the explanations here:

Internet Explorer security zones registry entries for advanced users

Internet Explorer: Enhanced Security Configuration

I suppose that the test is to reset IE to defaults or reset all security zones to default.

Resetting IE will mean needing to re-enable add ons.

Personally I'd only ever use Sybot S&D to scan on demand and then only on rare occasions. It can be configured so that real time protection and immunization is disabled - then it can be used as an on demand scanner. Currently I don't have it installed.