KS-FINN Posted May 4, 2007 Share Posted May 4, 2007 I ran a scan using a commercial software (NoAdware V5.0) and it detected the following spyware but I'm unsure if it's a False/Positive. How an you tell the difference.? SORRY for the stupid question. Noadware 5.0 --------------------- Removing Spyware Hijacker.InternetExplorerZoneHijack... Removing Registry Hijacker.InternetExplorerZoneHijack... [Deleting Key...] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net [Key Deleted] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net [Deleting Key...] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www [Key Deleted] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www Removing RegValues Hijacker.InternetExplorerZoneHijack... Fixing RegValue dataHijacker.InternetExplorerZoneHijack... Removing Cookies Hijacker.InternetExplorerZoneHijack... Removing Files Hijacker.InternetExplorerZoneHijack... Removing Folders Hijacker.InternetExplorerZoneHijack... Link to comment Share on other sites More sharing options...
fireryone Posted May 4, 2007 Share Posted May 4, 2007 I ran a scan using a commercial software (NoAdware V5.0) and it detected the following spyware but I'm unsure if it's a False/Positive. How an you tell the difference.? SORRY for the stupid question. Noadware 5.0 <cut> [Deleting Key...] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net <cut> Here is some really good info about that area in the registry. http://www.microsoft.com/technet/scriptcen...05/hey0502.mspx So it was probably marked as a trusted site, in which case it was placed there by some kind of virus/spyware. hope that answers your question. fireryone Link to comment Share on other sites More sharing options...
KS-FINN Posted May 4, 2007 Author Share Posted May 4, 2007 Here is some really good info about that area in the registry.http://www.microsoft.com/technet/scriptcen...05/hey0502.mspx So it was probably marked as a trusted site, in which case it was placed there by some kind of virus/spyware. hope that answers your question. Yes you answered my question. I thank you very much. !!! Link to comment Share on other sites More sharing options...
alexander33 Posted May 19, 2007 Share Posted May 19, 2007 I have Noadware V4.0 and it was detecting this very same threat. It would remove it but it kept coming back. Then I ran a search on my C drive to find the exact location of archiviosex and found out I wasn't infected at all. Archiviosex was listed as a site/threat I'm protected against in one of my other scanners and that's what Noadware was detecting. Link to comment Share on other sites More sharing options...
JDPower Posted May 19, 2007 Share Posted May 19, 2007 I have Noadware V4.0 and it was detecting this very same threat. It would remove it but it kept coming back. Then I ran a search on my C drive to find the exact location of archiviosex and found out I wasn't infected at all. Archiviosex was listed as a site/threat I'm protected against in one of my other scanners and that's what Noadware was detecting. Yup, that seems quite common in some poorly written programs. I tried a free download of Glary Utilities recently and its reg scanner was picking up one of my Spyware Blaster blocked sites as adware. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted May 19, 2007 Moderators Share Posted May 19, 2007 Sounds similar to Spybot-S&D's false positive detections of blocked sites in the HOSTS file that have been unfixed for 1-2 years now which is why I've disabled the HOSTS scanning in it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now