Jump to content

Was this a false positive?


Recommended Posts

Sometimes JRT Version: 8.0.9 (09.30.2016) will delete the following registry key:

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{815BDD98-12E6-49EC-9F07-0D457FAE7A95}

I first noticed this on November 12.  I ran a few random test scans and this didn't reoccur until the 18th.  This hasn't happened again when I ran another test scan a few days ago.  I haven't been able to find much about that key online.  It might be some sort of Amazon-related preset, but I'm confused as to why it returned.  Is this a false positive or should I be more concerned about this?

Link to post
Share on other sites

16 hours ago, pondus said:

Remove “Ads by SearchScopes” virus (Easy Removal Guide)  >  https://malwaretips.com/blogs/ads-by-searchscopes-removal/

 

I had ran what they suggested and was told I was clean both before and after JRT removed that key.  I did some more research online and it seems like "SearchScopes" isn't always malware according to https://technet.microsoft.com/en-us/library/cc721975(v=ws.10).aspx.  I wonder if this has anything to do with my having to reinstall avast the day before I first noticed the issue.  It is possible I forgot to uncheck something during the process.  Did anyone else experiencing the issue do a similar reinstall beforehand? 

Link to post
Share on other sites

Hi,

I don't consider this a false positive but I'd like to gather some more information as to why it keeps returning. Would you mind providing a couple of logs for me to analyze? If you don't mind, follow these steps:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach logs to your reply if possible. Otherwise you may copy/paste the logs directly if you have to. You can also send these to me via private message if you'd prefer.

Thanks!

Link to post
Share on other sites

  • 4 months later...
On 4/20/2017 at 11:37 AM, street9009 said:

What was the result of this research? I seem to be having the same trouble on multiple computers. Was there a false positive or was a cause of that registry entry determined?

Hi, sorry for the delay

I wasn't able to find a conclusive answer online but I suspect it's a searchscope with an affiliate referral tracker between Amazon and Hewlett Packard (HP). I don't consider it a false positive and this detection remained in JRT. While not malicious, it's also not needed and was mostly likely pre-installed/bundled with certain models of HP computers.

Hope this helps. Let me know if you have any other questions

Regards

Edited by thisisu
Link to post
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.