|
-
June 8th, 2004, 02:40 PM
#1
trusted sites - sticky entry?
in my ie5.5 sp2 security zone trusted sites, I have the entry:
*.bay15.hotmail.msn.com
If I delete it it reapears immediately...
same when trying with hijackthis...
any ideas? what am I missing here?
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
-
June 8th, 2004, 04:39 PM
#2
Have you run Ad-aware and Spybot?
-
June 8th, 2004, 04:46 PM
#3
Until you can get rid of it you may, for safety, want to reset the default level in trusted sights to high security. You can easily reset it to low when you fix the problem.
-
June 8th, 2004, 04:55 PM
#4
Unless your DNS has been hijacked, this should be a safe entry. Because it terminates in the .msn.com domain, only a nameserver authoritative for msn.com (or the subdomain hotmail.msn.com) can provide a different IP. So, unless your ISP is cahoots with the Evil Ones, or your HOSTS file has been tampered with, you should be fine.
alaricd@ns1:~ (21)$ dig @ns1.hotmail.com hotmail.msn.com
; <<>> DiG 8.3 <<>> @ns1.hotmail.com hotmail.msn.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; hotmail.msn.com, type = A, class = IN
;; ANSWER SECTION:
hotmail.msn.com. 1H IN A 64.4.32.7
hotmail.msn.com. 1H IN A 64.4.33.7
;; AUTHORITY SECTION:
hotmail.msn.com. 1H IN NS ns1.hotmail.com.
hotmail.msn.com. 1H IN NS ns2.hotmail.com.
hotmail.msn.com. 1H IN NS ns3.hotmail.com.
hotmail.msn.com. 1H IN NS ns4.hotmail.com.
;; ADDITIONAL SECTION:
ns1.hotmail.com. 1H IN A 216.200.206.140
ns2.hotmail.com. 1H IN A 216.200.206.139
ns3.hotmail.com. 1H IN A 209.185.130.68
ns4.hotmail.com. 1H IN A 64.4.29.24
;; Total query time: 78 msec
;; FROM: ns1 to SERVER: ns1.hotmail.com 216.200.206.140
;; WHEN: Tue Jun 8 15:48:04 2004
;; MSG SIZE sent: 33 rcvd: 209
alaricd@ns1:~ (23)$ dig @ns1.hotmail.com bay15.hotmail.msn.com
; <<>> DiG 8.3 <<>> @ns1.hotmail.com bay15.hotmail.msn.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; bay15.hotmail.msn.com, type = A, class = IN
;; AUTHORITY SECTION:
hotmail.msn.com. 1H IN SOA cpipsdnsp01.phx.gbl. dns.hotmail.com. (
2004052401 ; serial
8H ; refresh
1H ; retry
1W ; expiry
1H ) ; minimum
;; Total query time: 69 msec
;; FROM: ns1 to SERVER: ns1.hotmail.com 216.200.206.140
;; WHEN: Tue Jun 8 15:50:03 2004
;; MSG SIZE sent: 39 rcvd: 106
Welcome to the Eclipse(C). The Evolution of an Idea
Options: DCM3 LCR VMS CVM Sil CPI VMI ANI 648 CA1 SACD500 Att CID RLS TIME DLG
Version: ECLIPSE 2.0.0 09/09/98 System is BUSY Thu 07-21-05 1:31 pm
Access Level = 10 Port = 10
-
June 8th, 2004, 11:07 PM
#5
usil - yes
fink - great idea - done
*EDIT - now found not only that I cannot remove the trusted zone entry, but also that I cannot seem to "reset custom settings" to HIGH security in the "Trusted sites" zone - it just goes back to LOW.
AlaricD
Unless your DNS has been hijacked, this should be a safe entry. Because it terminates in the .msn.com domain, only a nameserver authoritative for msn.com (or the subdomain hotmail.msn.com) can provide a different IP. So, unless your ISP is cahoots with the Evil Ones, or your HOSTS file has been tampered with, you should be fine.
there's plenty over my melon here, AlaricD. I have an extensive HOSTS file with additions to the spybot set. I've found nothing in it with "hotmail" in it, however. Any suggestions for what I could do to check these things out further?
Thanks gang
Last edited by ^dAvEy^; June 8th, 2004 at 11:41 PM.
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
-
June 9th, 2004, 01:17 AM
#6
It was just the roundabout way of saying that bay15.hotmail.msn.com was a Microsoft thing.
I suspect that hostmask is in your trusted sites for use by MSN Messenger or possibly Outlook Express, especially if it's configured to check your Hotmail or MSN account.
If you REALLY want to remove it, follow these instructions:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255176
-
June 9th, 2004, 05:35 PM
#7
well, that did get rid of the entry, AlaricD. Thanks. As your linked site instructed, I found and deleted the reg key. Just a couple of things still puzzling me...
As the hotmail entry was the only one left showing via
tools-internet options-security-Trusted sites-sites
I'm wondering what all the other keys are doing in the registry location from which I'd deleted the hotmail key - like what zone are THOSE entries in
In other words, the hotmail key was certainly not alone in that registry location.
The other puzzling thing is that I'm still not able to change the security setting out of LOW security...any thoughts?
Thanks again!
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
-
June 9th, 2004, 06:07 PM
#8
Do you trust them, or not? Trusted sites are sites you trust. If they are in that zone then you trust them unequivocably.
-
June 9th, 2004, 06:38 PM
#9
No, I do not - I understand what 'trusted sites' are, so I guess it's supposed to be okay that I cannot change the security setting above LOW?
i have put nothing in the trusted zone but there were many entries alongside the hotmail reg key that I'd deleted (but nothing showing up in "trusted sites" via internet options, security, etc...). since I haven't decided to put anything there, I'm wondering why there were so many other sites/keys listed in the registry where the deleted hotmail key was.
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
-
June 9th, 2004, 06:59 PM
#10
The sites in
Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
are sites that have entries in one of the 4 internet zones. Their presence in that key does not mean they are trusted. The value of the DWORD "http" describes which zone it goes into. Perhaps one of your anti-hijacking programs made entries for certain sites and put them in the "restricted" (or other) zone.
-
June 9th, 2004, 10:35 PM
#11
that certainly explains that, AlaricD!
as for the other matter, not being able to change security levels out of LOW, I was just curious as to why it cannot be changed. Of course, since it IS the Trusted zone, LOW is the setting that makes most sense at any rate, as you'd suggested, AlaricD
Thanks again!!
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
-
June 10th, 2004, 10:07 AM
#12
After trying it myself just now it appears that you have to go in and manually change each setting. Just setting the main switch to high doesn't "stick". Never knew that.
-
June 10th, 2004, 04:38 PM
#13
thanks for the heads-up and input, fink 
^dAvEy^
Wow!!! Love at first byte. Ain't it grand.
Scottlr
Registered VDr (at 50+/- yrs): 10-03-1999
Offline: 06-05-2002
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
