Jump to content
Perski

AdAware - Ad Block

Recommended Posts

I did a search in this forum for AdAware, and got no hits, which surprises me.

Anyway, it seems like Malwarebytes gets a false positive on AdAware Ad Block. This is an addon made for Firefox (and Chrome). Info about the actual addon can be found on LavaSoft's website here: http://www.lavasoft.com/products/ad_block.php

Also, LavaSoft acknowledged this problem, and said they were going to try to contact Malwarebytes about this problem, which I found in this forum: http://www.lavasoftsupport.com/index.php?/topic/34848-adware-ad-block/

In my case Malwarebytes complains about the Firefox file, prefs.js, where it detects it as a PUP, and also as Adware.Elex. (which seems to be caused by the blacklisting URLs in the prefs.js file, made by AdAware Ad Block)

Can you please look into this, and clear this false positive. If you actually let Malwarebytes remove the "threat", you loose all your settings in Firefox... very annoying...

If you want to troubleshoot/replicate this problem, please install the AdAware Ad Block on a clean computer, and you should see the same results. (which I did)

Thanks!

Share this post


Link to post
Share on other sites

Hi Perski and welcome to the Malwarebytes support forums.

 

I am unable to replicate your reported detection so please could you attach a Malwarebytes scan log where the detections are made to a reply.

 

Thank in advance :)

Share this post


Link to post
Share on other sites

Hey Fatdcuk!

Interesting, it may be because you right clicked on the prefs.js file to scan it? I just noticed this inconsistency as well. If I right click it to scan it, MWB detects no problems. However if I open MWB, and I pick custom scan, with all check boxes checked, and then make a custom scan of the Firefox profile folder, then it detects the problems I mentioned in the prefs.js file. Very odd. Could you try a custom scan as well, and see if you get the same problem?

I've attached the result of the custom scan.

Thanks!

Malwarebytes_FalsePos.txt

Share this post


Link to post
Share on other sites

Many thanks Perski.

Yes it was a case of the blacklist( bad URL's) inserted into Prefs.js and we were not differentiating between what was is seen set by the Elex hijacker and what was set by the 3rd party sofware to block them.

 

I have tweaked our defs to take this into account and the adjustments just went live with the last database update.

 

Please can you update the Malwarebytes database and confirm whether the detection(s) still persist.

 

Thanks in advance :)

Share this post


Link to post
Share on other sites

Fatdcuk,

It's better, not detecting it as Adware.Elex anymore, but it is still complaining about it as:

PUP.Optional.HohoSearch.YSSRHS1

Thank you very much!

ps. And I see Hohosearch multiple times in the blacklist, so that is why I guess...

Edited by Perski

Share this post


Link to post
Share on other sites

Hi and thank you for the assist and your patience with this.

That detection should be fixed with DB 2017.03.30.08 that just went live.

I have just scanned through 4k+ in lines of code looking for any other potential faulting defs. Fingers crossed they are gone now but feeling totally boss-eyed none the less lol

If you can update and recheck (and fingers crossed).

Thanks in advance.

 

 

 

Share this post


Link to post
Share on other sites

Awesome! That fixed it!! :)

I really appreciate it! And big thanks for the quick resolution!

Share this post


Link to post
Share on other sites

Great :)

Maany thanks again for reporting and assisting in fixing this problem.

I will now lock the topic as resolved :)

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.