Possible False/Positve

Computer Help and Discussions Software
1

I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? :unsure:

Removing Spyware Hijacker.InternetExplorerZoneHijack...

Removing Registry Hijacker.InternetExplorerZoneHijack...

[Deleting Key...]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com

[Key Deleted]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com

Removing RegValues Hijacker.InternetExplorerZoneHijack...

Fixing RegValue dataHijacker.InternetExplorerZoneHijack...

Removing Cookies Hijacker.InternetExplorerZoneHijack...

Removing Files Hijacker.InternetExplorerZoneHijack...

Removing Folders Hijacker.InternetExplorerZoneHijack..

2
I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? :unsure:

Quit using NoAdware, or at least scan with some more reliable programs to find out for yourself if its a false positive. You've already seen for yourself it gives false positives.

3
Quit using NoAdware, or at least scan with some more reliable programs to find out for yourself if its a false positive. You've already seen for yourself it gives false positives.

SURE THING. JDPOWER.!!!!!!! B)

4

"ZoneMap\Domains\defaultbar.com" Is probably added by SpywareBlaster, or Spybot-S&D because I also have it blocked.

It seems NoAdware can't figure out a safely blocked site from actual hijack, but then again there's more than enough antispyware apps that also have false positives, yet they're not considered "rogue". :rolleyes:

Note: I'm not stating NoAdware is rogue, in fact I haven't even looked up any info on the program whatsoever.

5
"ZoneMap\Domains\defaultbar.com" Is probably added by SpywareBlaster, or Spybot-S&D because I also have it blocked.

It seems NoAdware can't figure out a safely blocked site from actual hijack, but then again there's more than enough antispyware apps that also have false positives, yet they're not considered "rogue". :rolleyes:

Note: I'm not stating NoAdware is rogue, in fact I haven't even looked up any info on the program whatsoever.

THANK YOU VERY MUCH FOR ANSWERING MY QUESTION. ;)

EDIT

Uncalled for remark edited out by moderator

6
SURE THING. JDPOWER.!!!!!!! B)

Well its your choice. You've had two false positives from it in as many weeks, if you want to keep using it then the least you can do is scan with one or two other scanners to at least try to find out for yourself if its a false positive.

One things for sure, if you keep letting it remove Spyware Blaster or Spybot blocked zones you'll soon start getting real spyware.

7
Well its your choice. You've had two false positives from it in as many weeks, if you want to keep using it then the least you can do is scan with one or two other scanners to at least try to find out for yourself if its a false positive.

One things for sure, if you keep letting it remove Spyware Blaster or Spybot blocked zones you'll soon start getting real spyware.

Thanks for the very informative information. I didn't know that if I keep allowing NoAdware to keep removing Spyware Blaster and Spybot blocked Zones that I may start getting spyware because of it. That's why I keep posting these threads because at times I don't know what to do so I COME TO THIS FORUM FOR HELP. I don't mean to be a bother. Thanks Again. :)

8

I have the same problem; however, SOPHOS ID's this as a trojan....Troj/LowZone-EX.

So it seems that it's not a false positive after all. See "Hi-Lited" area below.

[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]

Troj/LowZone-EX is a Trojan for the Windows platform.

When first run Troj/LowZone-EX copies itself to the Desktop and User folders and creates the following files:

<Desktop>\Calciopoli.lnk

<Desktop>\Cerca Amici.lnk

<User>\My Documents\My Music\U2 - Collection.lnk

<User>\PrintHood\Epson Stylus Photo 3BN.lnk

<User>\Start Menu\Conigliette del Mese.lnk

Troj/LowZone-EX changes the Start Page for Microsoft Internet Explorer by setting the registry entry:

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

The following registry entries are set, affecting internet security:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www\

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www

*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

1004

0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

1201

0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

MinLevel

0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

RecommendedLevel

0

[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]

So, what do we do now? I can't pay over $200 bucks to get rid of one bug. I'll do a fresh install before I do that.

Anyone have any suggestions?

9

Go to the "hijackthis log analysis" section of this forum, and post a log file, then you will be helped remove it for free.

By the way welcome to the forum KachinaPeak.