1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

P3P History in Current User in registry

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by nipperread, Feb 8, 2005.

  1. nipperread

    nipperread Techie7 New Member

    I looked at all the possible areas I could 'pitch' this query in on the site, and this seemed probably the most appropriate, please advise if I'm wrong...

    You know how it is, you're always looking and tweaking and not believing that AdAware and Spybot and HijackThis and anti-virus software etc are fully protecting and cleaning your PC.

    Right now my PC 'feels' quite clean; HijackThis and F-Prot Antivirus and Adaware and Spybot all report no problems. Then this happens:

    I'm always connected to the web via a cable modem. I had performed a full sweep with the above programmes F-Prot found a problem called setdbg.exe which I manually searched for and right clicked, looking to delete it. I couldn't do this so left it to F-Prot. During all this clicked on to internet explorer to do a google search for setdbg.exe and instead of going to my homepage, which is google, it went to a site called 777.com . None of the programmes above had ever found this site - my guess is that it is some sort of executable(?) triggered by rousing the setdbg.exe instruction. Anyway, I managed to get rid of this in time, but the process led, during my investigations, to this part of the registry:

    current user / software / microsoft / windows / current versions / internet settings / p3p / history:
    In here were a whole list of sites I've never knowingly visited including gator.com, sunpalacecasino.com, shopathomeselect.com - there were over a hundred of them.

    Ok, my questions are these:

    1. Who is putting these sites into this history cache?
    2. Why?
    3. How?
    4. Are they interfacing with servers etc and sending info out of my pc?
    5. Can I delete them permanently?
    6. Can I prevent them returning?
    7. What is this P3P folder anyway? (lol)

    Please help if you can - thanks in anticipation...
  2. owen

    owen D-A-L Team Member (UK)

    1. They are not putting sites in your history. This is just a location in the Registry. They have just hijacked your home and possibly search pages.
    2. They hijack to make money through affiliate programs. For every click they get, they will earn revenue.
    3. General lack of security, settings incorrect, not all Windows Updates installed and whole lot of other possibilities, of course I can't be specific to your computer
    4. You have a trojan, see here for a description of the Trojan.
    5. Of course, but I'll need to see a Hijack This log.
    6. Of course, there is plenty of info in this forum to help you do just that.
    7. First of all, its not a folder, its a registry key. It isn't harmful. All the websites you said in the P3P folder are on my PC as well. These registry entries are the result of immunizations performed with antispyware software, probably Spybot. They are to help stop the installation of spyware from the blocked domains.