False positives (ZoneMap\Domains * 4)

K

Klausen

Microsoft AntiSpyware (MAS) detected "SearchSquire"
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com * 4), i.e., SearchSquire with
a REG_DWORD value named *, and a a hex value data entry of 4.

What the MAS didn't realize is, that the * 4 =BLOCKS= the installation
of the zonemap domain by automatically blocking access to the specified
site from which its downloaded.

In my case, the entries were added by Spybot S&D, and after I allowed
MAS to remove the threat, Spyware later told me that there was one more
known threat against which I need to inocculate. Doing so added the
entry again.

I currently ignore the "threat" after each scan, but am reluctant to
"Always Ignore", in case I =do= get infected. I'm not sure if MAS would
be smart enough to ignore the * 4 DWORD, but not ignore a genuine
infection or other values, i.e., how specific is the "Ignore" setting:
the specific value or the entire branch?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

False positive, searchsquire 2
MAS Mis-Handles Restricted Site Entries 1
False positives on restricted zone sites 3
False positive? searchsquire in Zonemap\domains key * 4 3
139mm.com 3
false positives 1
SearchSquire.com in "restricted sites" detected as AdWare 1
removal of @surf.mar@ 5

Top