False/Positive?

[KS-FINN]

I ran a scan using a commercial software (NoAdware V5.0) and it detected the following spyware but I'm unsure if it's a False/Positive. How an you tell the difference.? SORRY for the stupid question.

Noadware 5.0

 

---------------------

 

 

 

Removing Spyware Hijacker.InternetExplorerZoneHijack...

 

Removing Registry Hijacker.InternetExplorerZoneHijack...

 

 

 

[Deleting Key...]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net

 

 

 

[Key Deleted]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net

 

 

 

[Deleting Key...]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www

 

 

 

[Key Deleted]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www

 

Removing RegValues Hijacker.InternetExplorerZoneHijack...

 

Fixing RegValue dataHijacker.InternetExplorerZoneHijack...

 

Removing Cookies Hijacker.InternetExplorerZoneHijack...

 

Removing Files Hijacker.InternetExplorerZoneHijack...

 

Removing Folders Hijacker.InternetExplorerZoneHijack...

[fireryone]

I ran a scan using a commercial software (NoAdware V5.0) and it detected the following spyware but I'm unsure if it's a False/Positive. How an you tell the difference.? SORRY for the stupid question.

Noadware 5.0

 

<cut>

 

[Deleting Key...]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net

 

<cut>

 

Here is some really good info about that area in the registry.

http://www.microsoft.com/technet/scriptcen...05/hey0502.mspx

 

So it was probably marked as a trusted site, in which case it was placed there by some kind of virus/spyware.

 

hope that answers your question.

[KS-FINN]

Here is some really good info about that area in the registry.

http://www.microsoft.com/technet/scriptcen...05/hey0502.mspx

 

So it was probably marked as a trusted site, in which case it was placed there by some kind of virus/spyware.

 

hope that answers your question.

 

Yes you answered my question. I thank you very much. !!!

[alexander33]

I have Noadware V4.0 and it was detecting this very same threat. It would remove it but it kept coming back. Then I ran a search on my C drive to find the exact location of archiviosex and found out I wasn't infected at all. Archiviosex was listed as a site/threat I'm protected against in one of my other scanners and that's what Noadware was detecting.

[JDPower]

I have Noadware V4.0 and it was detecting this very same threat. It would remove it but it kept coming back. Then I ran a search on my C drive to find the exact location of archiviosex and found out I wasn't infected at all. Archiviosex was listed as a site/threat I'm protected against in one of my other scanners and that's what Noadware was detecting.

Yup, that seems quite common in some poorly written programs. I tried a free download of Glary Utilities recently and its reg scanner was picking up one of my Spyware Blaster blocked sites as adware.

[Andavari]

Sounds similar to Spybot-S&D's false positive detections of blocked sites in the HOSTS file that have been unfixed for 1-2 years now which is why I've disabled the HOSTS scanning in it.