BOCleans zone reset and immunization? [Closed]

Hi, I recently ran a scan with spybot, and ad aware, and they both found a whole heap of problems, all of which were related to corrupted immunization of either spybots immunization feature, or spyware blasters’ protection.

I had previously tested BOClean against leaktest.exe, and I was wondering how BOClean resets the security zones. Does BOClean actually delete everything in the various zones, or just render all the entries invalid?

Now that I’ve established that all the detections were fp’s I’m trying to work out how the immunizations came to be corrupted, and BOClean seems the most likely culprit.

Has anyone else experienced anything like this?

My understanding is that BOClean removes all entries in HOSTS file, etc, in order to return the system to a “clean” state. The logic is that if it were to create backups to restore to, the backups would likely become infected as well, cuz that’s pretty much what happens. So, to make sure all malware is gone once encountered, it clears everything out, regardless.

I have not heard anyone complaining of “corrupt” entries. Not sure exactly what that would mean… Do you have any more specific details from those AS programs? (warnings, messages, etc)


Hi LM,
There were no warnings as such, but adaware detected 46 “possible browser hijack attempts - trusted zone presumable compromised” entries, and spybot found a whole heap of things as well, all of which were gone after disabling the immunization feature of spybot, and the protection of spyware blaster.

All of what spybot found were marked !W=4 or something like that, apparently it means “not in restricted sites zone”.

I wondering about the actual mechanism that BOClean uses, ie does it actually delete all security zone entries altogether(ie trusted, restricted, etc), or does it just alter the entries to make them inoperable?

In the registry, where it should have said www, it said *, for all the entries I looked at.

I think Spybot may have a problem. Here is a link with somebody else showing many entries in spybot and adaware. It’s not clear from that thread whether or not they are running BOClean.

(I’m “bumping” this after seeing the unanswered original question has scrolled to page 3)

According to the BOClean docs, the zone entries are “reset to the default settings”. I would be surprised to find that a cleanup resulted in “asterisked” entries so I too am eager to read a definitive answer.

Not sure what you mean by

after seeing the unanswered original question has scrolled to page 3
since this is the first page of this thread…

At any rate, it appears that Kevin very definitively answered the question over here:,8179.msg59426.html#msg59426 with the statement

ALL sites settings are dumped if the checkbox is left checked. And the HOSTS file is indeed set back to precisely the same as HOSTS.SAM
. Whatever was contained in HOSTS.SAM is what it will be replaced with. If you don’t feel that answers the question, you may always keep asking Kevin to answer it again in a different way… :wink:

If you have concern because there was not an immediate change in the programming of the software, followed by a release of the same, that’s something I guess you will just have to wait for. Kevin noted that he would take your suggestions into consideration when the next version is developed.


Hi Innerpeace, that’s me! I am running boclean, but didn’t think of it at the time all the “detections” popped up .

At Kevin’s request, please report the issue in this thread:,8915.0/topicseen.html, where he can provide some diagnostics.

This topic will now be closed; Qwerty, if you need it reopened, just PM a Moderator (please include a link) and we’ll be glad to do so.