Jump to content
CCleaner Community Forums

Possible False/Positve


Recommended Posts

I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? :unsure:

 

 

Removing Spyware Hijacker.InternetExplorerZoneHijack...

 

Removing Registry Hijacker.InternetExplorerZoneHijack...

 

 

 

[Deleting Key...]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com

 

 

 

[Key Deleted]

 

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com

 

Removing RegValues Hijacker.InternetExplorerZoneHijack...

 

Fixing RegValue dataHijacker.InternetExplorerZoneHijack...

 

Removing Cookies Hijacker.InternetExplorerZoneHijack...

 

Removing Files Hijacker.InternetExplorerZoneHijack...

 

Removing Folders Hijacker.InternetExplorerZoneHijack..

Link to post
Share on other sites
I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? :unsure:

Quit using NoAdware, or at least scan with some more reliable programs to find out for yourself if its a false positive. You've already seen for yourself it gives false positives.

Link to post
Share on other sites
Quit using NoAdware, or at least scan with some more reliable programs to find out for yourself if its a false positive. You've already seen for yourself it gives false positives.

 

 

SURE THING. JDPOWER.!!!!!!! B)

Link to post
Share on other sites
  • Moderators

"ZoneMap\Domains\defaultbar.com" Is probably added by SpywareBlaster, or Spybot-S&D because I also have it blocked.

 

It seems NoAdware can't figure out a safely blocked site from actual hijack, but then again there's more than enough antispyware apps that also have false positives, yet they're not considered "rogue". :rolleyes:

Note: I'm not stating NoAdware is rogue, in fact I haven't even looked up any info on the program whatsoever.

Link to post
Share on other sites
"ZoneMap\Domains\defaultbar.com" Is probably added by SpywareBlaster, or Spybot-S&D because I also have it blocked.

 

It seems NoAdware can't figure out a safely blocked site from actual hijack, but then again there's more than enough antispyware apps that also have false positives, yet they're not considered "rogue". :rolleyes:

Note: I'm not stating NoAdware is rogue, in fact I haven't even looked up any info on the program whatsoever.

 

THANK YOU VERY MUCH FOR ANSWERING MY QUESTION. ;)

 

EDIT

Uncalled for remark edited out by moderator

Link to post
Share on other sites
SURE THING. JDPOWER.!!!!!!! B)

Well its your choice. You've had two false positives from it in as many weeks, if you want to keep using it then the least you can do is scan with one or two other scanners to at least try to find out for yourself if its a false positive.

 

One things for sure, if you keep letting it remove Spyware Blaster or Spybot blocked zones you'll soon start getting real spyware.

Link to post
Share on other sites
Well its your choice. You've had two false positives from it in as many weeks, if you want to keep using it then the least you can do is scan with one or two other scanners to at least try to find out for yourself if its a false positive.

 

One things for sure, if you keep letting it remove Spyware Blaster or Spybot blocked zones you'll soon start getting real spyware.

 

Thanks for the very informative information. I didn't know that if I keep allowing NoAdware to keep removing Spyware Blaster and Spybot blocked Zones that I may start getting spyware because of it. That's why I keep posting these threads because at times I don't know what to do so I COME TO THIS FORUM FOR HELP. I don't mean to be a bother. Thanks Again. :)

Link to post
Share on other sites
  • 1 month later...

I have the same problem; however, SOPHOS ID's this as a trojan....Troj/LowZone-EX.

 

So it seems that it's not a false positive after all. See "Hi-Lited" area below.

 

[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]

 

Troj/LowZone-EX is a Trojan for the Windows platform.

 

When first run Troj/LowZone-EX copies itself to the Desktop and User folders and creates the following files:

 

<Desktop>\Calciopoli.lnk

<Desktop>\Cerca Amici.lnk

<User>\My Documents\My Music\U2 - Collection.lnk

<User>\PrintHood\Epson Stylus Photo 3BN.lnk

<User>\Start Menu\Conigliette del Mese.lnk

 

Troj/LowZone-EX changes the Start Page for Microsoft Internet Explorer by setting the registry entry:

 

HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

 

The following registry entries are set, affecting internet security:

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acquadirose.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cywanstorage.biz\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com\www*

2

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\forteforte.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gooogle.bz\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\playmore.biz\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scalalap.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\semeterapia.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www\

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tuttaqualita.com\www

*

2

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

1004

0

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

1201

0

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

MinLevel

0

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

RecommendedLevel

0

[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]][[]

 

So, what do we do now? I can't pay over $200 bucks to get rid of one bug. I'll do a fresh install before I do that.

 

Anyone have any suggestions?

Link to post
Share on other sites

Go to the "hijackthis log analysis" section of this forum, and post a log file, then you will be helped remove it for free.

 

By the way welcome to the forum KachinaPeak.

fireryone

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...