Keith -- I hope you're still monitoring this thread!
I was incorrect above. Here's the deal:
I thought that the 139mm site was added to the restricted list after all in IE, but only a *version* of it. On the IE safelist are the following:
...BUT, *not* 139mm.com on it's own. THAT is the thing that IE will not let you add to the restricted sites list because it says it's already listed somewhere else (i.e. the "allowed sites" list) -- however, it's NOT on the allowed sites list! It's because there's a registry value that has been added to mark it as safe that you can't see when you immunize with SpyBot 1.4.
So if you have immunized with SpyBot 1.4, can you go to your IE and try to add 139mm.com (Typed just like that) to the restricted sites list? I bet it won't let you...
On the XP machine at work (which I'm on now), the MS Anti-spyware caught it and I "blocked" it. Here's the entry:
Internet Explorer Trusted Site: Trusted Site 139mm.com
Disabled date: 6/10/2005 3:39:35 PM
Details: Internet Explorer Trusted Site deactivated
Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com\www decativated on
Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com\www * = 4 decativated on
Registry Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com decativated on
So something weird is going on with that after all! (You could probably check your Windows 98 machine for those entries to verify...)
Now, I have the option to "permanently remove" the "Internet Explorer Trusted Site deactivated" -- or "unblock it" (which I'd think would then make it so it's no longer blocked). So will "permanently remove" remove those registry entries associated with 139mm.com shown above or just pemanently remove the block?
Also, since I don't have MS Anti-spyware at home, I can't do any of that, but I bet the registy values are on my home computer too (since I can't add 139mm.com to my restricted sites list in IE). So how can I go into the registry and find those entries above at home on my Windows 98 machine and remove them? And is it safe to do so?
However, I did try going to www.139mm.com in Firefox because someone said it would get blocked (I know, dumb of me!), and what happened was it showed the name in the tab at the top, then it changed to something like ???.139mm.com (or something like that), then it sounded like my hard drive starting running a lot for some reason, so I quickly shut the window before I saw anything visually load in the window. So is it possible that something bad got on my computer from there now (even though my HijackThis log is clear)? This has got me really worried.
Any further help would be greatly apprecaited -- thanks so much!