False positive with antispyware beta

A

Alan D

It reports Searchsquire found in
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\, but this entry is only listed as
a restricted site.

Presumably, allowing antispyware to remove the entry would
then remove the site from the restricted sites zone.
 
M

Mike Vine

Got this same message too. This is from Spybot: search and
destroy adding a whole load of dodgy sites to this zone
when you click on 'immunise'.

Apart from that, great software guys!

mike
 
H

Hoggman

I also have this issue. Both Spybot S&D and IE-spyad2 put sites in this
registry area to put them into the Restricted Sites zone (4) of IE security.
The entries are detected as "MediaTickets CDT(spyware)" with a rating of
severe.
Allowing Microsoft AntiSpyware (MSAS) to remove this detection does
remove these sites from the Resticted Sites zone, or it did on my
system, which of course reduces security.
Apparently, MSAS is only looking at whether the site is listed in this
particular location and not what the zone setting is. 4 is good, 3
(Trusted Sites) is bad.
That said, I do believe that MSAS should give a list of ALL sites in
the Trusted Zone, but allow the user to either Ignore, Ignore Always,
remove, etc., if so desired. Some scumware sites do try to put
themselves into the Trusted Sites zone in order to circumvent security.

Also, the RAdmin software was not detected. Not a problem as I loaded
it, but Spybot S&D detects it and I would think that MSAS should also.
One can always either Ignore or Ignore Always. I would think that a good
AntiSpyware program should detect ALL programs that can either "report
home" or allow an external user to remotely control a system.

Lastly, in the System Explorer, in the Downloaded ActiveX section, the
ActiveX control loaded by Microsoft for the WindowsUpdate page shows up
as "Unknown". Not an issue, but funny.

All in all a good program. A few tweeks and improvements and it will
be ready for "Prime Time".
 
E

Erwin Michiels

I concur this entry is from the "immunize"-feature of Spybot S&D. MAS
detects the following entries of the restricted sites list from Spybot S&D:

"SearchSquire Adware more information...
Details: SearchSquire is an Internet Explorer sidebar containing paid links
that open when you use search engines.
Status: Ignored
Elevated threat - Elevated threats are usually threats that fall into the
range of adware in which data about a user's habits are tracked and sent
back to a server for analysis without your consent or knowledge.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com * 4"
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Beta false positives 3
False positive? searchsquire in Zonemap\domains key * 4 3
False positives on restricted zone sites 3
false positive: searchsquire.com forced in to Restricted zone reported as threat 1
SearchSquire.com in "restricted sites" detected as AdWare 1
False positive, searchsquire 2
false positives 1
False positive due to Spybot S&D immunization 1

Top