We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

how to fix hijackthis issues-they keep showing up after a deletion?


theDarkness
Resolved

Likes # 0

I have had a couple of issues pop up within hijackthis.

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

and

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

I cannot fix or remove them, they just reappear in the next scan. This is surely a major issue if all http connections are being treated as if they were non public. I am on windows 7, using Avast with Online Armor and malwarebytes. I have scanned the system with RogueKiller, tdsskiller, adwcleaner. I also tried ad-aware.

No issues, aside from 3 wallpaper jpgs, supposedly trojan detected by adaware as infected 'trojan.win32.trojaniframe (v)' files - possible false positives or not a major issue. I do not believe these files are related to the protocol issue, as they are old wallpapers I have used on xp in the past, and the protocol issue did not show up in hijackthis.

After a google, one forum suggests to delete the registry entries at 'HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults', but in 7, 'ProtocolDefaults' is missing. I know HijackThis is an old program, but if there are no compatibility issues with 7, it is surely still a problem that needs fixed. Any ideas on how to permanently change these protocols back to default? Is it situated elsewhere in the registry? Thanks for any info.

Like this post
theDarkness

Likes # 0

update-i think i may have answered my own question. As hijackthis is an old program and the 'ProtocolDefault' registry location does not exist in windows 7, hijackthis may simply be thinking that its in the wrong zone by default, as it expects it to always exist.

If anyone knows another program i can use to double check whether the http and https protocols are in the Internet zone and not My Computer, that would be of great help. Thanks

Like this post
Jock1e

Likes # 0

Last updated March 2013.

enter link description here

Not got a clue how to read it for faults so can't help you that way.

Like this post
Secret-Squirrel

Likes # 0

"I cannot fix or remove them, they just reappear in the next scan."

As far as I know, you first need to launch HijackThis by right-clicking its executable and choosing "Run as Administrator". If you don't do it that way then HJT can't make any changes to the Windows Registry.

"'HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults', but in 7, 'ProtocolDefaults' is missing."

That key is present on my Windows 7 PC, and because HJT can see it, it's probably on yours too.

A Google search tells me that you probably shouldn't have those two Registry keys so have another go at running HJT. Make sure you create a Windows System Restore point first just in case.

Like this post
theDarkness

Likes # 0

I forgot to mention that I have run HijackThis as admin right from the start, as if I didnt then it would not complete a scan, it would stop with a 'denied access to the hosts file' message.

Jock1e-thanks for link, I added my issue there in case anyone decides to reply, but I havent read any similar issues on there.

SecretSquirrel-'ProtocolDefaults' is definately not present at that one location on my version of 7. With 'its on yours too', Im assuming you think its present and hidden as a result of HijackThis results message, but I think HijackThis may just be out of date, and if the values are definately not present, it assumes they are in the wrong zone just because of that. If ProtocolDefaults shows in 7 for you at HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefault, can you show me a printscreen of what your settings are? I believe they should be set to 3 for http and https, the internet zone.

These are mine. As you can see, there is no ProtocolDefaults section within ZoneMap at this location, so I cannot show any protocol content. This may or may not be why HijackThis believes I have an issue, as every other location that does have ProtocolDefaults, which shows it is set to 3, the internet zone. I could add ProtocolDefaults to ZoneMap as a test, but then editing the registry in this way without knowing the consequences may not be a good idea based on the questionable results of one program.

Like this post
Secret-Squirrel

Likes # 0

" I have run HijackThis as admin right from the start, as if I didnt then it would not complete a scan, it would stop with a 'denied access to the hosts file' message."

Actually, after you OK the warning message, the scan resumes and does complete ;)

"can you show me a printscreen of what your settings are?"

Here you go.

Sorry but I'm out of ideas with this issue.

PS: Thanks for bringing postimage.org to my attention. It's such a quick 'n' easy way to post screenshots for basic forums like this one which don't support attachments.

Like this post
theDarkness

Likes # 0

Thanks. I forgot to say its 7 home, what version are you using? Perhaps a registry cleaner (eg ccleaner, which is installed) may have deleted the files, although I tend not to use it. I do not know of any microsoft registry repair tools which may reinsert any missing registry values, if there is definately a problem with the system.

Like this post
theDarkness

Likes # 0

update-Ive added your ProtocolDefault values to ZoneMap, and the warning is no longer popping up in hijackthis, but since my version of ZoneMap has no other entries aside from the protocol (domains,escdomains and ranges missing), it may well make no difference regarding security. I wondered at first if any of these registry entries not available may be to do with my wifi set up, related programs installed, or if windows only adds them after a certain action is taken (eg IE not set to default-although that made no difference). I dont know.

Like this post
Secret-Squirrel

Likes # 0

".....what version are you using?"

Home Premium 64-bit.

Like this post
theDarkness

Likes # 0

I have forgotten to do one thing, and thats to check the registry of all other accounts on this system. They all have the correct full 'ZoneMap\ProtocolDefaults' content. My own account with missing content was created long after installation, so I am assuming either a firewall may have prevented the content of 'HKEYCURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' being written, or a malicious program may have simply deleted them.

I have now created a new account which is showing all protocol content, and will likely shift over to that one now, to be sure nothing else has been tampered with. No malware has ever been detected on this system. I believe the adaware jpg 'trojans' may be false positives, as avast, malwarebytes and virustotal.com detected nothing for those suspect wallpapers.

I dont know why my registry settings could not have been corrected within hijackthis, but perhaps hijackthis just doesnt understand how to fix registry entries that are missing, only incorrect settings. Thanks for the replies :)

Like this post  
theDarkness

Likes # 0

ps after a google, winpatrol looks like a good tool to keep on eye on any changes made to the registry, so I might try that out to keep an eye on protocol defaults. I think it only works for the paid for version though, and I dont think my firewall or antivirus (online armor+avast) have similar features.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Android One vs Android Silver vs Google Nexus: What is the difference?

IDG UK Sites

Apple updates MacBook Pro line-up: Price cuts & spec boosts for 6 MacBook Pro models

IDG UK Sites

Long live the internet fridge: the Internet of Things is coming

IDG UK Sites

How Prometheus' colourist Juan Ignacio Cabrera gave a tense, edgy feel to Chosen