Jump to content
CCleaner Community Forums
KS-FINN

Possible False/Positve

Recommended Posts

I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? :unsure:

 

 

Removing Spyware Hijacker.InternetExplorerZoneHijack...

 

Removing Registry Hijacker.InternetExplorerZoneHijack...

 

 

 

[Deleting Key...]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com

 

 

 

[Key Deleted]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com

 

Removing RegValues Hijacker.InternetExplorerZoneHijack...

 

Fixing RegValue dataHijacker.InternetExplorerZoneHijack...

 

Removing Cookies Hijacker.InternetExplorerZoneHijack...

 

Removing Files Hijacker.InternetExplorerZoneHijack...

 

Removing Folders Hijacker.InternetExplorerZoneHijack..

Share this post


Link to post
Share on other sites
I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? :unsure:

Quit using NoAdware, or at least scan with some more reliable programs to find out for yourself if its a false positive. You've already seen for yourself it gives false positives.

Share this post


Link to post
Share on other sites
Quit using NoAdware, or at least scan with some more reliable programs to find out for yourself if its a false positive. You've already seen for yourself it gives false positives.

 

 

SURE THING. JDPOWER.!!!!!!! B)

Share this post


Link to post
Share on other sites

"ZoneMap\Domains\defaultbar.com" Is probably added by SpywareBlaster, or Spybot-S&D because I also have it blocked.

 

It seems NoAdware can't figure out a safely blocked site from actual hijack, but then again there's more than enough antispyware apps that also have false positives, yet they're not considered "rogue". :rolleyes:

Note: I'm not stating NoAdware is rogue, in fact I haven't even looked up any info on the program whatsoever.

Share this post


Link to post
Share on other sites
"ZoneMap\Domains\defaultbar.com" Is probably added by SpywareBlaster, or Spybot-S&D because I also have it blocked.

 

It seems NoAdware can't figure out a safely blocked site from actual hijack, but then again there's more than enough antispyware apps that also have false positives, yet they're not considered "rogue". :rolleyes:

Note: I'm not stating NoAdware is rogue, in fact I haven't even looked up any info on the program whatsoever.

 

THANK YOU VERY MUCH FOR ANSWERING MY QUESTION. ;)

 

EDIT

Uncalled for remark edited out by moderator

Share this post


Link to post
Share on other sites
SURE THING. JDPOWER.!!!!!!! B)

Well its your choice. You've had two false positives from it in as many weeks, if you want to keep using it then the least you can do is scan with one or two other scanners to at least try to find out for yourself if its a false positive.

 

One things for sure, if you keep letting it remove Spyware Blaster or Spybot blocked zones you'll soon start getting real spyware.

Share this post


Link to post
Share on other sites
Well its your choice. You've had two false positives from it in as many weeks, if you want to keep using it then the least you can do is scan with one or two other scanners to at least try to find out for yourself if its a false positive.

 

One things for sure, if you keep letting it remove Spyware Blaster or Spybot blocked zones you'll soon start getting real spyware.

 

Thanks for the very informative information. I didn't know that if I keep allowing NoAdware to keep removing Spyware Blaster and Spybot blocked Zones that I may start getting spyware because of it. That's why I keep posting these threads because at times I don't know what to do so I COME TO THIS FORUM FOR HELP. I don't mean to be a bother. Thanks Again. :)

Share this post


Link to post
Share on other sites

I have the same problem; however, SOPHOS ID's this as a trojan....Troj/LowZone-EX.

 

So it seems that it's not a false positive after all. See "Hi-Lited" area below.

 

[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]

 

Troj/LowZone-EX is a Trojan for the Windows platform.

 

When first run Troj/LowZone-EX copies itself to the Desktop and User folders and creates the following files:

 

<Desktop>\Calciopoli.lnk

<Desktop>\Cerca Amici.lnk

<User>\My Documents\My Music\U2 - Collection.lnk

<User>\PrintHood\Epson Stylus Photo 3BN.lnk

<User>\Start Menu\Conigliette del Mese.lnk

 

Troj/LowZone-EX changes the Start Page for Microsoft Internet Explorer by setting the registry entry:

 

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

 

The following registry entries are set, affecting internet security:

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

1004

0

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

1201

0

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

MinLevel

0

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

RecommendedLevel

0

[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]

 

So, what do we do now? I can't pay over $200 bucks to get rid of one bug. I'll do a fresh install before I do that.

 

Anyone have any suggestions?

Share this post


Link to post
Share on other sites

Go to the "hijackthis log analysis" section of this forum, and post a log file, then you will be helped remove it for free.

 

By the way welcome to the forum KachinaPeak.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...