5 replies to this topic

[KS-FINN]

I ran a scan using a commercial software (NoAdware V5.0) and it detected the following spyware but I'm unsure if it's a False/Positive. How an you tell the difference.? SORRY for the stupid question.
Noadware 5.0

---------------------



Removing Spyware Hijacker.InternetExplorerZoneHijack...

Removing Registry Hijacker.InternetExplorerZoneHijack...



[Deleting Key...]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net



[Key Deleted]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net



[Deleting Key...]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www



[Key Deleted]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www

Removing RegValues Hijacker.InternetExplorerZoneHijack...

Fixing RegValue dataHijacker.InternetExplorerZoneHijack...

Removing Cookies Hijacker.InternetExplorerZoneHijack...

Removing Files Hijacker.InternetExplorerZoneHijack...

Removing Folders Hijacker.InternetExplorerZoneHijack...

[fireryone]

KS-FINN, on May 4 2007, 10:24 AM, said:

I ran a scan using a commercial software (NoAdware V5.0) and it detected the following spyware but I'm unsure if it's a False/Positive. How an you tell the difference.? SORRY for the stupid question.
Noadware 5.0

<cut>

[Deleting Key...]

Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net

<cut>

Here is some really good info about that area in the registry.
http://www.microsoft.com/technet/scriptcen...05/hey0502.mspx

So it was probably marked as a trusted site, in which case it was placed there by some kind of virus/spyware.

hope that answers your question.

[KS-FINN]

fireryone, on May 3 2007, 08:08 PM, said:

Here is some really good info about that area in the registry.
http://www.microsoft.com/technet/scriptcen...05/hey0502.mspx

So it was probably marked as a trusted site, in which case it was placed there by some kind of virus/spyware.

hope that answers your question.

Yes you answered my question. I thank you very much. !!!

[alexander33]

I have Noadware V4.0 and it was detecting this very same threat. It would remove it but it kept coming back. Then I ran a search on my C drive to find the exact location of archiviosex and found out I wasn't infected at all. Archiviosex was listed as a site/threat I'm protected against in one of my other scanners and that's what Noadware was detecting.

[JDPower]

alexander33, on May 19 2007, 04:40 PM, said:

I have Noadware V4.0 and it was detecting this very same threat. It would remove it but it kept coming back. Then I ran a search on my C drive to find the exact location of archiviosex and found out I wasn't infected at all. Archiviosex was listed as a site/threat I'm protected against in one of my other scanners and that's what Noadware was detecting.

Yup, that seems quite common in some poorly written programs. I tried a free download of Glary Utilities recently and its reg scanner was picking up one of my Spyware Blaster blocked sites as adware.

[Andavari]

Sounds similar to Spybot-S&D's false positive detections of blocked sites in the HOSTS file that have been unfixed for 1-2 years now which is why I've disabled the HOSTS scanning in it.