Jump to content

christos1 adware cleaner

christos1

By christos1
in Malwarebytes AdwCleaner

 Share

Recommended Posts

christos1

christos1

Posted
Posted

should I restore these registry items found by adware cleaner


***** [ Registry ] *****

Adware.StartPage                HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\qwertysearch123.biz
Adware.StartPage                HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\quertysearch123.biz
Adware.StartPage                HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\qwertysearch123.biz
Adware.StartPage                HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\quertysearch123.biz
Adware.StartPage                HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\qwertysearch123.biz
Adware.StartPage                HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\quertysearch123.biz

 

Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the AdwCleaner Help forum.

Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue:

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)

If you use the Immunize function in Spybot Search & Destroy or Spywareblaster then these are false positives.  You can verify this by checking the registry entries.  If they show the value data as 4 then they are FPs as zone 4 is the restricted zone.  

You can learn more by reviewing the information on this page.

If these entries were set to 2, meaning the trusted zone, then they would not be false positives, however there has been a longstanding known issue with ADWCleaner detecting these types of entries.  Most were corrected in the last 2 releases however it appears that some of them still linger (assuming they are configured to 4 on your system).

The following is a quote from the Microsoft page linked above:

The Zones key contains keys that represent each security zone that is defined for the computer. By default, the following five zones are defined (numbered zero through four): 
   Value    Setting
   ------------------------------
   0        My Computer
   1        Local Intranet Zone
   2        Trusted sites Zone
   3        Internet Zone
   4        Restricted Sites Zone
Edited by exile360
Link to post
Share on other sites
christos1

christos1

Posted
  • Author
Posted

Thanks for the responce having looked in the registry and following exile 360 advice it looks like these are false positives in the registry i found

qwertysearch123.biz   Name        Type                             Data

                                          ab               Reg_S2                     (value not set)

                                         011              Reg_DWORD              0x0000004 (4)

                                         110

Not sure if this is any use as i am not really computer literate

Link to post
Share on other sites
christos1

christos1

Posted
  • Author
Posted
On 10/4/2018 at 1:07 PM, exile360 said:

If you use the Immunize function in Spybot Search & Destroy or Spywareblaster then these are false positives.  You can verify this by checking the registry entries.  If they show the value data as 4 then they are FPs as zone 4 is the restricted zone.  

You can learn more by reviewing the information on this page.

If these entries were set to 2, meaning the trusted zone, then they would not be false positives, however there has been a longstanding known issue with ADWCleaner detecting these types of entries.  Most were corrected in the last 2 releases however it appears that some of them still linger (assuming they are configured to 4 on your system).

The following is a quote from the Microsoft page linked above:

 

 

Link to post
Share on other sites
exile360

exile360

Posted
Posted

You're welcome :)

If you still aren't sure how to provide the contents of those keys, all you have to do is open regedit and go to the keys one at a time and for each, right-click on it and select Export and give it a name and save it somewhere convenient where you can easily locate it such as your desktop and after doing so, select all of them and right-click on one of them and hover your mouse over Send to and select Compressed (zipped) folder then attach the resulting ZIP file to your next reply in this topic.  That should give them all the info they need to troubleshoot and correct this issue.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.