Jump to content
Pkshadow

Firefox 57 False Positive

Recommended Posts

Hello,

We're taking a look.

Going by the screenshot in your second post, it looks like you can adjust the home page & search engine through the web companion add-on. Correct?

Share this post


Link to post
Share on other sites

No idea always telling people to come here to remove it. 

As per screen would think so as person who made that is good at code.

Mine came in Conduit in another program using for years. Took 2 days getting rid of it all until this popped up tonight in nightly scan.  It also changed the engine but not by request and would revert my google selection to bing. So no choice in the matter but think all that controlled it i got out already.   As have had no changing and no problems.  MBAM scan nightly, ADWcleaner scan every 2 days and SuperAntiSpyWare manual scan daily and a Norton Full System Scan today with quick scans couple X daily.

Edited by Pkshadow
speell fix

Share this post


Link to post
Share on other sites

It looks like the detections for those 2 files were just added yesterday (2nd) which explains why you are just seeing them now.

Do you or did you have Web Companion from Lavasoft?

Which program did you install that included Conduit?

Share this post


Link to post
Share on other sites
11 minutes ago, blender said:

It looks like the detections for those 2 files were just added yesterday (2nd) which explains why you are just seeing them now.

Do you or did you have Web Companion from Lavasoft?

Which program did you install that included Conduit?

No never had Web Companion from Lavasoft.

I believe it came in from Fileoptimizer from fileforum.betnews.com offsite download.  There was no warning from Norton download scan and MBAM caught it after the fact. It would not pull it out completely and had to use Hitman Pro to finish it off.  I downloaded the same file from Developers github site (redirect can not remember) and it was clean.

 

File got through fileforum was just called fileoptimzer.exe and file got from developer was fileoptimizersetup.exe

Edited by Pkshadow

Share this post


Link to post
Share on other sites

Apparently it will take me a while to find a working mirror download since the default one tells me it will take hours to download. o.O. Installer is quite large.

Share this post


Link to post
Share on other sites
5 minutes ago, blender said:

Apparently it will take me a while to find a working mirror download since the default one tells me it will take hours to download. o.O. Installer is quite large.

71.7mb

Share this post


Link to post
Share on other sites

My MBAM has in Quarantine from  12/14/17

6 reg entries from SearchScopes   and  1 file from my Firefox Profile all labelled as Conduit

Share this post


Link to post
Share on other sites

Finally got one. Installed it & it did not make changes to Firefox directory at all. I probably got a clean one.

Share this post


Link to post
Share on other sites

Seems in AdwCleaner 12/15/17 I have entries in the log for PUP.Optional.Legacy, C:\ProgramData\lavasoft\web companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\lavasoft\web companion
PUP.Optional.Legacy, C:\Program Files (x86)\lavasoft\web companion
PUP.Optional.Legacy, C:\Users\All Users\lavasoft\web companion
PUP.Optional.Legacy, C:\Users\PK\AppData\Roaming\lavasoft\web companion
PUP.Optional.WebCompanion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion and

PUP.Optional.Legacy, C:\Users\PK\AppData\Roaming\Mozilla\Firefox\Profiles\0c2nnghq.default\searchplugins\bing-lavasoft.xml

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2930015934-539366596-2404163626-1001\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}  (might be Auslogic bought and is blocked from internet.
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}  (might be Auslogic
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

additionally entries in 2 more scans same day of various entries.

Share this post


Link to post
Share on other sites

Hi Pkshadow

Just to confirm that dsengine.js and dsengine.cfg are not false positive detections.

Because the files are overriding any changes to default search engine selection in the Firefox browser UI then they are considered as potentially unwanted.

https://support.mozilla.org/en-US/questions/1194334
https://support.mozilla.org/en-US/questions/1197498

RE Lavasoft Web Companion detection by Adware Cleaner then I believe this is an intentional detection by them.

However if you require further clarification then please start a new topic in the following sub forum and the guys that work on it will be able to respond.

https://forums.malwarebytes.com/forum/187-malwarebytes-adwcleaner/

Since your initial report has been responded too i am now going to lock this topic as concluded.

 

 

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.