Spybot Update.

[Robinb]

also i am confused because going to spybots website you posted, some are
seeing it with third party software like commodo and some not.
Also it looks like a communication via networking between computers and if
you fix the registry key you might not be able to see the network, which
would be a huge problem for me since i have 6 computers networked.

Until someone can clearify what to do here (and since there is no ignore in
spybot) I am leaving it unchecked.
robin

 

[Guest]

Robin,

Could you link to the information about "looks like a communication via
networking between computers".

Thanks in advance,
?
Tim

 

[Alan]

Robin,

Your observation matches what I posted yesterday about getting no messages
with the latest SpyBot update.

I DO use ZA Free and I have my XP firewall turned off.

Alan

 

[Robinb]

it was posted by Yodama
http://forums.spybot.info/showthread.php?t=14824

"This is not considered a false positive, though fixing it may be
inconvenient if you mirgrate your windows over the network very often
If you let spybot fix this, the Windows Firewall will ask if you want to
block migwiz.exe or not, usually it is no when you want to migrate over the
network.

So the impact on the workflow is relatively small if you let Spybot fix
this, while it gives you more security against a fake migwiz.exe that
receives commands through the opened Windows Firewall.
__________________

 

[Robinb]

here is something interesting too
On 2 machines running xp pro sp2 where I have a third party firewall, I went
into the exceptions in Windows Firewall (which is turned off btw) and did
not see an entry there for IE Explorer.There I did not see the vulnerbility
come up either.

I am in the middle of doing a scan on the test computer that does have ie in
there checked off but it is running ZA and see what happens after it
finishes.
I cannot test the other one that only has windows firewall on it because it
is in use right now but i will let you know when the other one finishes what
it comes up with

robin

 

[Robinb]

ok on the computer that is running ZA free it found the vulnerbility, xp
firewall is off but the entry is in windows firewall even though it is
turned off.
I am going to fix it on that computer only because it is a test computer and
I want to see what happens.

So the 2 computers that do NOT show IE explorer in windows firewall in
exceptions and running third party firewall did not find the vulnerbility.

One that runs ZA and shows up in windows firewall/exceptions is coming up
with the vulnerbility.
I think i am going to sign in and post these findings on the forum
robin

robin

 

[Alan D]

The question is "is it a True vulnerability"?

Well, I'm beginning to think it's a bit of a phantom, Tim. See this thread,
and my posts in it:
http://forums.spybot.info/showthread.php?p=97273#post97273

There's a whole stack of things I don't understand here. Like, for starters:
1. How did IE get into my (and your) Windows firewall exception list in the
first place?
2. IE is in in my AVG exception list (as it has to be to connect out), but
according to Spybot philosophy that must be a vulnerability because AVG will
allow communication both ways. The Spybot 'fix' will 'fix' this for Windows
firewall, but for nothing else. (If it IS a 'fix', which I increasingly
doubt.)

I'm thinking of things like storms in teacups, white elephants, pigs in
pokes, and the like

 

[Robinb]

i agree
robin

Well, I'm beginning to think it's a bit of a phantom, Tim. See this
thread, and my posts in it:
http://forums.spybot.info/showthread.php?p=97273#post97273

There's a whole stack of things I don't understand here. Like, for
starters:
1. How did IE get into my (and your) Windows firewall exception list in
the first place?
2. IE is in in my AVG exception list (as it has to be to connect out), but
according to Spybot philosophy that must be a vulnerability because AVG
will allow communication both ways. The Spybot 'fix' will 'fix' this for
Windows firewall, but for nothing else. (If it IS a 'fix', which I
increasingly doubt.)

I'm thinking of things like storms in teacups, white elephants, pigs in
pokes, and the like

 

[Guest]

I am just a normal home user, I thought I would let you know that I updated
SpyBot and it did not find anything, scan came up clean.

I am running Windows XP SP2 with Kaspersky Internet Security with the
Windows firewall disabled.

 

[Alan D]

"Tim Clark"

The question is "is it a True vulnerability"?

Now that the dust has settled, has anyone made a decision what to do about
this new Spybot detection? Should we:

1. Ignore it?
2. "Exclude this detection from further searches"?
3. Let Spybot 'fix' it?

After all the discussion on the Spybot forum I'm still not clear whether any
of it matters, and my current position is still option 1. (I wish I knew how
IE got onto our Windows firewall exception lists though, when it's not on
there in the normal default setup of XP.)

 

[Robinb]

I allowed the fix on 6 computers with no problems
Hope that helps you Alan
robin

 

[Alan D]

I allowed the fix on 6 computers with no problems

Thanks Robin. Yes that does help. I guess I'll let it do the fix next time I
run Spybot.

 

[Guest]

I noticed this after installing LogMeIn.com's free remote software which
turns IE into a remote terminal. Never saw it before and have deleted it many
times and it comes back. and explaination below in theis forum ties to that
scenario. I'm classifying this as nothing more dangerous than when i tell
security center not to scan for security center notifications being disabled.

Kenny

 

[Guest]

did you get this fixed. Normally if your network setting are automatic you
would have no specific settings in your dns. I found that malware/trojan etc
puts in a DNS setting into "use DNS" to point you to another server which
sounds well dodgy so removed DNS setting and put settings back to auto - all
ok and IE problem resolved.

 

[Guest]

I wish I knew how
IE got onto our Windows firewall exception lists though, when it's not on
there in the normal default setup of XP.

Ladies and Gentlemen, I believe that at last there is a likely (and entirely
innocent) answer to this question. See here:
http://forums.spybot.info/showthread.php?t=14824&page=4

Once more, we can sleep easy in our beds.

 

[Guest]

I have been receiving this same thing too. Just the name of it "Firewall
Bypass" makes me wonder if it's harmful or not.

None the less here's what I came up with and has been coming up for a few
days.


Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry
change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride!=dword:0

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
Files\Internet Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
Files\Internet Explorer\IEXPLORE.EXE


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2007-04-13 unins000.exe (51.41.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-23 advcheck.dll (1.5.3.0)
2007-07-31 Tools.dll (2.1.2.0)
2007-08-15 Includes\Cookies.sbi (*)
2007-08-15 Includes\Revision.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Malware.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-08-15 Includes\TrojansC.sbi (*)
2007-08-15 Includes\SpybotsC.sbi (*)
2007-08-15 Includes\SecurityC.sbi (*)
2007-08-15 Includes\PUPSC.sbi (*)
2007-08-15 Includes\MalwareC.sbi (*)
2007-08-15 Includes\KeyloggersC.sbi (*)
2007-08-15 Includes\HijackersC.sbi (*)
2007-08-15 Includes\DialerC.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

I also keep getting this one and have been getting it for I don't know how
many months.
Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry
change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride!=dword:0

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
Files\Internet Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
Files\Internet Explorer\IEXPLORE.EXE


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2007-04-13 unins000.exe (51.41.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-23 advcheck.dll (1.5.3.0)
2007-07-31 Tools.dll (2.1.2.0)
2007-08-15 Includes\Cookies.sbi (*)
2007-08-15 Includes\Revision.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Malware.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-01 Includes\Trojans.sbi (*)
2007-08-15 Includes\TrojansC.sbi (*)
2007-08-15 Includes\SpybotsC.sbi (*)
2007-08-15 Includes\SecurityC.sbi (*)
2007-08-15 Includes\PUPSC.sbi (*)
2007-08-15 Includes\MalwareC.sbi (*)
2007-08-15 Includes\KeyloggersC.sbi (*)
2007-08-15 Includes\HijackersC.sbi (*)
2007-08-15 Includes\DialerC.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

I may have posted something twice by accident.

 

[Randy Knobloch]

<snip>
Please post your SpyBot issues to the experts.
Note: Registration *is* required *prior* to posting.
<http://forums.spybot.info/index.php>

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates:
http://aumha.net/viewforum.php?f=31

Please reply to group, as return address is invalid that, we may all benefit.