Hi, I recently ran a scan with spybot, and ad aware, and they both found a whole heap of problems, all of which were related to corrupted immunization of either spybots immunization feature, or spyware blasters’ protection.
I had previously tested BOClean against leaktest.exe, and I was wondering how BOClean resets the security zones. Does BOClean actually delete everything in the various zones, or just render all the entries invalid?
Now that I’ve established that all the detections were fp’s I’m trying to work out how the immunizations came to be corrupted, and BOClean seems the most likely culprit.
My understanding is that BOClean removes all entries in HOSTS file, etc, in order to return the system to a “clean” state. The logic is that if it were to create backups to restore to, the backups would likely become infected as well, cuz that’s pretty much what happens. So, to make sure all malware is gone once encountered, it clears everything out, regardless.
I have not heard anyone complaining of “corrupt” entries. Not sure exactly what that would mean… Do you have any more specific details from those AS programs? (warnings, messages, etc)
Hi LM,
There were no warnings as such, but adaware detected 46 “possible browser hijack attempts - trusted zone presumable compromised” entries, and spybot found a whole heap of things as well, all of which were gone after disabling the immunization feature of spybot, and the protection of spyware blaster.
All of what spybot found were marked !W=4 or something like that, apparently it means “not in restricted sites zone”.
I wondering about the actual mechanism that BOClean uses, ie does it actually delete all security zone entries altogether(ie trusted, restricted, etc), or does it just alter the entries to make them inoperable?
In the registry, where it should have said www, it said *, for all the entries I looked at.
(I’m “bumping” this after seeing the unanswered original question has scrolled to page 3)
According to the BOClean docs, the zone entries are “reset to the default settings”. I would be surprised to find that a cleanup resulted in “asterisked” entries so I too am eager to read a definitive answer.
ALL sites settings are dumped if the checkbox is left checked. And the HOSTS file is indeed set back to precisely the same as HOSTS.SAM
. Whatever was contained in HOSTS.SAM is what it will be replaced with. If you don’t feel that answers the question, you may always keep asking Kevin to answer it again in a different way…
If you have concern because there was not an immediate change in the programming of the software, followed by a release of the same, that’s something I guess you will just have to wait for. Kevin noted that he would take your suggestions into consideration when the next version is developed.
