False positive with antispyware beta

It reports Searchsquire found in
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\, but this entry is only listed as
a restricted site.

Presumably, allowing antispyware to remove the entry would
then remove the site from the restricted sites zone.

Got this same message too. This is from Spybot: search and
destroy adding a whole load of dodgy sites to this zone
when you click on 'immunise'.

Apart from that, great software guys!

mike

>-----Original Message-----
>It reports Searchsquire found in
>HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>Settings\ZoneMap\Domains\, but this entry is only listed
as
>a restricted site.
>
>Presumably, allowing antispyware to remove the entry would
>then remove the site from the restricted sites zone.
>
>
>
>.
>

I also have this issue. Both Spybot S&D and IE-spyad2 put sites in this
registry area to put them into the Restricted Sites zone (4) of IE security.
The entries are detected as "MediaTickets CDT(spyware)" with a rating of
severe.
Allowing Microsoft AntiSpyware (MSAS) to remove this detection does
remove these sites from the Resticted Sites zone, or it did on my
system, which of course reduces security.
Apparently, MSAS is only looking at whether the site is listed in this
particular location and not what the zone setting is. 4 is good, 3
(Trusted Sites) is bad.
That said, I do believe that MSAS should give a list of ALL sites in
the Trusted Zone, but allow the user to either Ignore, Ignore Always,
remove, etc., if so desired. Some scumware sites do try to put
themselves into the Trusted Sites zone in order to circumvent security.

Also, the RAdmin software was not detected. Not a problem as I loaded
it, but Spybot S&D detects it and I would think that MSAS should also.
One can always either Ignore or Ignore Always. I would think that a good
AntiSpyware program should detect ALL programs that can either "report
home" or allow an external user to remotely control a system.

Lastly, in the System Explorer, in the Downloaded ActiveX section, the
ActiveX control loaded by Microsoft for the WindowsUpdate page shows up
as "Unknown". Not an issue, but funny.

All in all a good program. A few tweeks and improvements and it will
be ready for "Prime Time".

Mike Vine wrote:
> Got this same message too. This is from Spybot: search and
> destroy adding a whole load of dodgy sites to this zone
> when you click on 'immunise'.
>
> Apart from that, great software guys!
>
> mike
>
>
>>-----Original Message-----
>>It reports Searchsquire found in
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>>Settings\ZoneMap\Domains\, but this entry is only listed
>
> as
>
>>a restricted site.
>>
>>Presumably, allowing antispyware to remove the entry would
>>then remove the site from the restricted sites zone.
>>
>>
>>
>>.
>>

I concur this entry is from the "immunize"-feature of Spybot S&D. MAS
detects the following entries of the restricted sites list from Spybot S&D:

"SearchSquire Adware more information...
Details: SearchSquire is an Internet Explorer sidebar containing paid links
that open when you use search engines.
Status: Ignored
Elevated threat - Elevated threats are usually threats that fall into the
range of adware in which data about a user's habits are tracked and sent
back to a server for analysis without your consent or knowledge.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com * 4"

"Mike Vine" <newsgroup@mikevine.com> wrote in message
news:139d01c4f587$f5e3e5c0$a401280a@phx.gbl...
> Got this same message too. This is from Spybot: search and destroy adding
> a whole load of dodgy sites to this zone when you click on 'immunise'.
>
> Apart from that, great software guys!
>
> mike
>
>>-----Original Message-----
>>It reports Searchsquire found in
>>HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
>>Settings\ZoneMap\Domains\, but this entry is only listed as a restricted
>>site.
>>
>>Presumably, allowing antispyware to remove the entry would then remove the
>>site from the restricted sites zone.