Jump to content

Firefox 57 False Positive


Pkshadow

Recommended Posts

No idea always telling people to come here to remove it. 

As per screen would think so as person who made that is good at code.

Mine came in Conduit in another program using for years. Took 2 days getting rid of it all until this popped up tonight in nightly scan.  It also changed the engine but not by request and would revert my google selection to bing. So no choice in the matter but think all that controlled it i got out already.   As have had no changing and no problems.  MBAM scan nightly, ADWcleaner scan every 2 days and SuperAntiSpyWare manual scan daily and a Norton Full System Scan today with quick scans couple X daily.

Edited by Pkshadow
speell fix
Link to post
Share on other sites

11 minutes ago, blender said:

It looks like the detections for those 2 files were just added yesterday (2nd) which explains why you are just seeing them now.

Do you or did you have Web Companion from Lavasoft?

Which program did you install that included Conduit?

No never had Web Companion from Lavasoft.

I believe it came in from Fileoptimizer from fileforum.betnews.com offsite download.  There was no warning from Norton download scan and MBAM caught it after the fact. It would not pull it out completely and had to use Hitman Pro to finish it off.  I downloaded the same file from Developers github site (redirect can not remember) and it was clean.

 

File got through fileforum was just called fileoptimzer.exe and file got from developer was fileoptimizersetup.exe

Edited by Pkshadow
Link to post
Share on other sites

Seems in AdwCleaner 12/15/17 I have entries in the log for PUP.Optional.Legacy, C:\ProgramData\lavasoft\web companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\lavasoft\web companion
PUP.Optional.Legacy, C:\Program Files (x86)\lavasoft\web companion
PUP.Optional.Legacy, C:\Users\All Users\lavasoft\web companion
PUP.Optional.Legacy, C:\Users\PK\AppData\Roaming\lavasoft\web companion
PUP.Optional.WebCompanion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion and

PUP.Optional.Legacy, C:\Users\PK\AppData\Roaming\Mozilla\Firefox\Profiles\0c2nnghq.default\searchplugins\bing-lavasoft.xml

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2930015934-539366596-2404163626-1001\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}  (might be Auslogic bought and is blocked from internet.
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}  (might be Auslogic
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

additionally entries in 2 more scans same day of various entries.

Link to post
Share on other sites

Hi Pkshadow

Just to confirm that dsengine.js and dsengine.cfg are not false positive detections.

Because the files are overriding any changes to default search engine selection in the Firefox browser UI then they are considered as potentially unwanted.

https://support.mozilla.org/en-US/questions/1194334
https://support.mozilla.org/en-US/questions/1197498

RE Lavasoft Web Companion detection by Adware Cleaner then I believe this is an intentional detection by them.

However if you require further clarification then please start a new topic in the following sub forum and the guys that work on it will be able to respond.

https://forums.malwarebytes.com/forum/187-malwarebytes-adwcleaner/

Since your initial report has been responded too i am now going to lock this topic as concluded.

 

 

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.