It seems that my computer has been infected with spyware and not only did it add many crap sites on my "trusted sites" zone, it caused my browser to use the "trusted sites" setting as the DEFAULT zone setting... meaning all the sites I visit use the unsafe settings of "trusted sites". I've already removed all the crap sites from the "trusted zone", but whenever I visit a site, I can still see the "trusted site" mark below the right side of my IE browser. I don't know how to change the default settings back to "internet" zone settings. Can anybody please help me with this? Anyway, I've done some googling and I found out a few things. Using the registry editor (regedit) and going to this area HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains I see 2 items: (Default) "" Trusted "1" Should I delete or modify the "Trusted" item? Is the "trusted" item the reason my internet zone settings are set to "trusted"?

Open the Control Panel > Internet Options > Privacy Tab & click the Default button. Take a look here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;301689 Have you checked your system out using Spybot Search & Destroy and AdAware SE Personal? Delete what they find. These are available from the links here: http://www.computing.net/security/wwwboard/tools.html Also download and run HijackThis 1.98.2 from here: http://www.majorgeeks.com/download3155.html Save the Log then copy and paste the results here: http://www.hijackthis.de/index.php?langselect=english Click the Analyse button and when finished scroll down to see the results. Use your own judgement on the results supplied and delete/fix the nasty's with HJT accordingly. HTH M

Open the Control Panel > Internet Options > Privacy Tab & click the Default button. No, the problem I currently have right now is that all the sites I visit (whether it's harmless google.com or some other sites), my browser uses "trusted sites" as default main setting (you can see it's symbol at the bottom right corner of your browser). (shouldn't "Internet" zone be the default setting?) But right now, I've customized the "trusted sites" settings to high, to protect my computer when I surf the net. I have spybot and adaware and I used it to remove some bad registries. I'll try downloading HJT and check out the results.

I ran Norton antivirus and found out that i've been infected with trojan.byteverify. Here are some technical info from the page that might provide some clues: <blockquote>When Trojan.ByteVerify is executed, it performs the following actions: Escapes the sandbox restrictions, using Blackbox.class, by doing the following: -Declares a new PermissionDataSet with setFullyTrusted set to TRUE. -Creates a trusted PermissionSet. -Sets permission to PermissionSet by creating its own URLClassLoader class, derived from the VerifierBug.class.</blockquote> And here are the results from HJT: Logfile of HijackThis v1.98.2 Scan saved at 2:22:30 PM, on 10/2/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe C:\WINDOWS\EXPLORER.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.exe C:\PROGRAM FILES\NORTON INTERNET SECURITY\SYMPROXYSVC.exe C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\DU METER\DUMETER.exe C:\WINDOWS\MIXER.exe C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.exe C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.exe C:\PROGRAM FILES\MICROSOFT REFERENCE\BOOKSHELF 2000\QSHELF2K.exe C:\WINDOWS\NOTEPAD.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\WINDOWS\SYSTEM\TAPISRV.exe D:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=29126 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=29126 O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: Implements TweakBHO - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TWEAKBHO.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [DU Meter] C:\PROGRAM FILES\DU METER\DUMETER.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ccEvtMgr] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.exe O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security\NISSERV.exe O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.exe O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

i have this same problem- harmless sites like google automatically have the security setting changed to trusted site, as for all other pages that are browsed. even after removing the "trusted sites" from the tools internet options security settings trusted site tab, all pages still default to trusted site with the green checkmark in the corner. im using IE 5.0 and win98. already tried clearing the IE temp folder cache and deleting active x programs. any other suggestions to fix this?

I have same problem too. please help. Libra

I had some spyware change the default security zone for http: & https: in the key - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zonemap/ProtocolDefaults The setting should be 3 (Internet) and it was set to 2 (Trusted). <clipped from forums.spywareinfo.com>