in my ie5.5 sp2 security zone trusted sites, I have the entry:
*.bay15.hotmail.msn.com
If I delete it it reapears immediately...
same when trying with hijackthis...
any ideas? what am I missing here?
Printable View
in my ie5.5 sp2 security zone trusted sites, I have the entry:
*.bay15.hotmail.msn.com
If I delete it it reapears immediately...
same when trying with hijackthis...
any ideas? what am I missing here?
Have you run Ad-aware and Spybot?
Until you can get rid of it you may, for safety, want to reset the default level in trusted sights to high security. You can easily reset it to low when you fix the problem.
Unless your DNS has been hijacked, this should be a safe entry. Because it terminates in the .msn.com domain, only a nameserver authoritative for msn.com (or the subdomain hotmail.msn.com) can provide a different IP. So, unless your ISP is cahoots with the Evil Ones, or your HOSTS file has been tampered with, you should be fine.
Quote:
alaricd@ns1:~ (21)$ dig @ns1.hotmail.com hotmail.msn.com
; <<>> DiG 8.3 <<>> @ns1.hotmail.com hotmail.msn.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; hotmail.msn.com, type = A, class = IN
;; ANSWER SECTION:
hotmail.msn.com. 1H IN A 64.4.32.7
hotmail.msn.com. 1H IN A 64.4.33.7
;; AUTHORITY SECTION:
hotmail.msn.com. 1H IN NS ns1.hotmail.com.
hotmail.msn.com. 1H IN NS ns2.hotmail.com.
hotmail.msn.com. 1H IN NS ns3.hotmail.com.
hotmail.msn.com. 1H IN NS ns4.hotmail.com.
;; ADDITIONAL SECTION:
ns1.hotmail.com. 1H IN A 216.200.206.140
ns2.hotmail.com. 1H IN A 216.200.206.139
ns3.hotmail.com. 1H IN A 209.185.130.68
ns4.hotmail.com. 1H IN A 64.4.29.24
;; Total query time: 78 msec
;; FROM: ns1 to SERVER: ns1.hotmail.com 216.200.206.140
;; WHEN: Tue Jun 8 15:48:04 2004
;; MSG SIZE sent: 33 rcvd: 209
alaricd@ns1:~ (23)$ dig @ns1.hotmail.com bay15.hotmail.msn.com
; <<>> DiG 8.3 <<>> @ns1.hotmail.com bay15.hotmail.msn.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; bay15.hotmail.msn.com, type = A, class = IN
;; AUTHORITY SECTION:
hotmail.msn.com. 1H IN SOA cpipsdnsp01.phx.gbl. dns.hotmail.com. (
2004052401 ; serial
8H ; refresh
1H ; retry
1W ; expiry
1H ) ; minimum
;; Total query time: 69 msec
;; FROM: ns1 to SERVER: ns1.hotmail.com 216.200.206.140
;; WHEN: Tue Jun 8 15:50:03 2004
;; MSG SIZE sent: 39 rcvd: 106
usil - yes
fink - great idea - done
*EDIT - now found not only that I cannot remove the trusted zone entry, but also that I cannot seem to "reset custom settings" to HIGH security in the "Trusted sites" zone - it just goes back to LOW.
AlaricDthere's plenty over my melon here, AlaricD. I have an extensive HOSTS file with additions to the spybot set. I've found nothing in it with "hotmail" in it, however. Any suggestions for what I could do to check these things out further?Quote:
Unless your DNS has been hijacked, this should be a safe entry. Because it terminates in the .msn.com domain, only a nameserver authoritative for msn.com (or the subdomain hotmail.msn.com) can provide a different IP. So, unless your ISP is cahoots with the Evil Ones, or your HOSTS file has been tampered with, you should be fine.
:confused:
Thanks gang
It was just the roundabout way of saying that bay15.hotmail.msn.com was a Microsoft thing.
I suspect that hostmask is in your trusted sites for use by MSN Messenger or possibly Outlook Express, especially if it's configured to check your Hotmail or MSN account.
If you REALLY want to remove it, follow these instructions:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255176
well, that did get rid of the entry, AlaricD. Thanks. As your linked site instructed, I found and deleted the reg key. Just a couple of things still puzzling me...Quote:
If you REALLY want to remove it, follow these instructions:
http://support.microsoft.com/default...b;en-us;255176
As the hotmail entry was the only one left showing via
tools-internet options-security-Trusted sites-sites
I'm wondering what all the other keys are doing in the registry location from which I'd deleted the hotmail key - like what zone are THOSE entries in :confused:
In other words, the hotmail key was certainly not alone in that registry location.
The other puzzling thing is that I'm still not able to change the security setting out of LOW security...any thoughts?
Thanks again!
Do you trust them, or not? Trusted sites are sites you trust. If they are in that zone then you trust them unequivocably.
No, I do not - I understand what 'trusted sites' are, so I guess it's supposed to be okay that I cannot change the security setting above LOW?
i have put nothing in the trusted zone but there were many entries alongside the hotmail reg key that I'd deleted (but nothing showing up in "trusted sites" via internet options, security, etc...). since I haven't decided to put anything there, I'm wondering why there were so many other sites/keys listed in the registry where the deleted hotmail key was.
The sites inare sites that have entries in one of the 4 internet zones. Their presence in that key does not mean they are trusted. The value of the DWORD "http" describes which zone it goes into. Perhaps one of your anti-hijacking programs made entries for certain sites and put them in the "restricted" (or other) zone.Code:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
that certainly explains that, AlaricD!
as for the other matter, not being able to change security levels out of LOW, I was just curious as to why it cannot be changed. Of course, since it IS the Trusted zone, LOW is the setting that makes most sense at any rate, as you'd suggested, AlaricD
Thanks again!!
After trying it myself just now it appears that you have to go in and manually change each setting. Just setting the main switch to high doesn't "stick". Never knew that.
thanks for the heads-up and input, fink ;)