Perski Posted March 30, 2017 ID:1113696 Share Posted March 30, 2017 I did a search in this forum for AdAware, and got no hits, which surprises me. Anyway, it seems like Malwarebytes gets a false positive on AdAware Ad Block. This is an addon made for Firefox (and Chrome). Info about the actual addon can be found on LavaSoft's website here: http://www.lavasoft.com/products/ad_block.php Also, LavaSoft acknowledged this problem, and said they were going to try to contact Malwarebytes about this problem, which I found in this forum: http://www.lavasoftsupport.com/index.php?/topic/34848-adware-ad-block/ In my case Malwarebytes complains about the Firefox file, prefs.js, where it detects it as a PUP, and also as Adware.Elex. (which seems to be caused by the blacklisting URLs in the prefs.js file, made by AdAware Ad Block) Can you please look into this, and clear this false positive. If you actually let Malwarebytes remove the "threat", you loose all your settings in Firefox... very annoying... If you want to troubleshoot/replicate this problem, please install the AdAware Ad Block on a clean computer, and you should see the same results. (which I did) Thanks! Link to post Share on other sites More sharing options...
Fatdcuk Posted March 30, 2017 ID:1113714 Share Posted March 30, 2017 Hi Perski and welcome to the Malwarebytes support forums. I am unable to replicate your reported detection so please could you attach a Malwarebytes scan log where the detections are made to a reply. Thank in advance Link to post Share on other sites More sharing options...
Perski Posted March 30, 2017 Author ID:1113726 Share Posted March 30, 2017 Hey Fatdcuk! Interesting, it may be because you right clicked on the prefs.js file to scan it? I just noticed this inconsistency as well. If I right click it to scan it, MWB detects no problems. However if I open MWB, and I pick custom scan, with all check boxes checked, and then make a custom scan of the Firefox profile folder, then it detects the problems I mentioned in the prefs.js file. Very odd. Could you try a custom scan as well, and see if you get the same problem? I've attached the result of the custom scan. Thanks! Malwarebytes_FalsePos.txt Link to post Share on other sites More sharing options...
Fatdcuk Posted March 30, 2017 ID:1113743 Share Posted March 30, 2017 Many thanks Perski. Yes it was a case of the blacklist( bad URL's) inserted into Prefs.js and we were not differentiating between what was is seen set by the Elex hijacker and what was set by the 3rd party sofware to block them. I have tweaked our defs to take this into account and the adjustments just went live with the last database update. Please can you update the Malwarebytes database and confirm whether the detection(s) still persist. Thanks in advance Link to post Share on other sites More sharing options...
Perski Posted March 30, 2017 Author ID:1113749 Share Posted March 30, 2017 (edited) Fatdcuk, It's better, not detecting it as Adware.Elex anymore, but it is still complaining about it as: PUP.Optional.HohoSearch.YSSRHS1 Thank you very much! ps. And I see Hohosearch multiple times in the blacklist, so that is why I guess... Edited March 30, 2017 by Perski Link to post Share on other sites More sharing options...
Fatdcuk Posted March 30, 2017 ID:1113759 Share Posted March 30, 2017 Hi and thank you for the assist and your patience with this. That detection should be fixed with DB 2017.03.30.08 that just went live. I have just scanned through 4k+ in lines of code looking for any other potential faulting defs. Fingers crossed they are gone now but feeling totally boss-eyed none the less lol If you can update and recheck (and fingers crossed). Thanks in advance. Link to post Share on other sites More sharing options...
Perski Posted March 30, 2017 Author ID:1113763 Share Posted March 30, 2017 Awesome! That fixed it!! I really appreciate it! And big thanks for the quick resolution! Link to post Share on other sites More sharing options...
Fatdcuk Posted March 30, 2017 ID:1113767 Share Posted March 30, 2017 Great Maany thanks again for reporting and assisting in fixing this problem. I will now lock the topic as resolved Link to post Share on other sites More sharing options...
Recommended Posts