weird site entries in domain section of windows reg

[mentalcrisis00]

Hey all

I'm wondering if anyone knows what kind of entries are held in: HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Internet Settings/ZoneMap/Domains

I did a registry search for keyword xupiter the other day and found this folder and it literally has 100's of entries in there named after .com and .net sites some of which are like diet sites, online game sites, porn sites, other stuff I've never even heard of ALL of which I have never gone to in my entire life EVER. And one entry includes yes xupiter.com which to my knowledge was a scammer site that was shut down awhile ago. I'm curious if anyone knows what these entries are for? Are they part of the anti phishing filter in one of my web browsers or something? I found these entries on my desktop, my laptop, and my dads pc which are all used for totally different things. My desktop is mostly for play and movies, laptop is for work, and my dad uses his pc for storing pictures and e-mailing occasionally. Should I worry about these entries or are they just there all the time for everyone?

Tried a google search for the registry folder but there was no information about it.

 

[Sam25]

I googled with this: HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Internet Settings/ZoneMap/Domains and came up with these 2 links:

http://www.daniweb.com/forums/thread10863.html

http://www.symantec.com/securi...080918-0007-99&tabid=2

I'm a bit confused after reading the first one though, because Symantec lists them as Adware.

 

[mentalcrisis00]

Ah well the first site brings me to another site that states it's the deny list for SpywareBlaster WHICH I do have installed on my dads pc, my pc, and my laptop. So I guess it's the 4000 some entries that spyware blaster archives so that IE and Mozilla can't go there.

I looked on symantec's sight and I didn't find any of the specific registry entries it lists. I also don't have pop up windows coming up on startup now programs being installed without my say so, at that point I would write zeros to the drive and reformat lol. Anyhow thanks for linking me, I will e-mail Javacool to confirm that these entries are native to spywareblaster and report back.

-Ray

 

[Crusty]

You could install spyware blaster while running a tool like regmon to see if it places those entries.

 

[Sam25]

No problem, I'm happy I could help out. It would be interesting to know what Javacool says regarding SpywareBlaster and those entries though.

 

[RebateMonger]

If you look at the ZoneMap Doman entries in the Registry, check out the "http" line. A "REG_DWORD" value of "(4)" means the Domain is in your "Restricted Sites" zone of Internet Explorer.

Internet Explorer doesn't put any Domains into "Restricted Sites" by default, so they'd have to be put there by 3rd-party software.

 

[Crusty]

Originally posted by: RebateMonger
If you look at the ZoneMap Doman entries in the Registry, check out the "http" line. A "REG_DWORD" value of "(4)" means the Domain is in your "Restricted Sites" zone of Internet Explorer.

Internet Explorer doesn't put any Domains into "Restricted Sites" by default, so they'd have to be put there by 3rd-party software.

If you expand the "Zones" entry, you can see entries for zones 0-4 which represent the different security levels. I would imagine all the entries the OP is seeing all belong to same Zone which should be easy to check

 

[mentalcrisis00]

did a quick check, I didn't scroll threw the THOUSANDS of entries but I did skim them. They all seem to have REG_WORD as 0x00000004 (4) so i guess that means spyware blaster is doing it's job and sets them to value 4 restricted

thanks again

 

[Sam25]

Originally posted by: mentalcrisis00
did a quick check, I didn't scroll threw the THOUSANDS of entries but I did skim them. They all seem to have REG_WORD as 0x00000004 (4) so i guess that means spyware blaster is doing it's job and sets them to value 4 restricted

thanks again

Aah...that settles it then.