Today I stumbled upon this detection whilst using Adwcleaner 7.0.1.0:

***** [ Registry ] *****

PUP.Optional.YahooChrome, [Key] - HKLM\SOFTWARE\Yahoo\SS

Afterwards I scanned with other virusscanners (Malwarebytes, MBAR, and Roguekiller) and none of them detected aforementioned registery key. Thus, it seems like a false positive generated by adwcleaner. 

Can someone confirm this?

Kind regards, 

P.S. I noticed someone else reported it too: https://toolslib.net/forum/viewthread/13127-false-positives-v7/

Re: False Positive v7?

Can you post the full logs? Also, try downloading the newest beta version of Adwcleaner and see if that helps you out? In addition to that, try doing the scans in Windows "Safe mode with networking" as well as add Hitman Pro to your program list. That way you can be certain that the threats are removed. In theory, it should work.

Re: False Positive v7?

Sure, here they are:

# AdwCleaner 7.0.2.0 - Logfile created on Sat Aug 26 17:05:27 2017 # Updated on 2017/29/08 by Malwarebytes  # Database: 08-25-2017.1 # Running on Windows 8.1 (X64) # Mode: scan # Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.YahooChrome, [Key] - HKLM\SOFTWARE\Yahoo\SS

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

As you can see, I already tried running with the newest beta version (7.0.2.0). Furthermore, I deleted the "threat" at the end of the day (after running all other virusscanners) and it didn't come up again thereafter. Thus, I assume it was deleted correctly. Theoritically I could restore my PC back to a certain date, but it seems like a lot of work for what it seems is just a false positive. 

Lastly, my AdwCleaner scan on the 24th of August was clean. 

 

Re: False Positive v7?

Interesting development. Thanks for the logs, as expected they are clean. Successful removal could indicate that Adwcleaner stopped the threat further or was a false positive. Honestly, everything related to Yahoo is a massive security hole for me, and I would avoid it as much as possible. 

Upon further investigation, this looks like malware's registry file that wasn't removed correctly, but the rest of the issue was, which is why it is the only thing that is detected. You should be good now.

Re: False Positive v7?

Upon further investigation, this looks like malware's registry file that wasn't removed correctly, but the rest of the issue was

That seems rather unlikely, because the registery key was the only thing that was detected. To reiterate, before AdwCleaner's database update of August 25 my Adwcleaner scans (and other scans for that matter) were clean. In addition, other virusscanners weren't able to detect anything when AdwCleaner found aforementioned "threat". 

I appreciate the help, but if I understand correctly you are not part of the AdwCleaner team / staff right? If so, could a member of the team / staff comment on this issue?

Re: False Positive v7?

I am not, just a friendly individual who tries to help people solve problems and learn about the solutions myself :) What other virus scanners and anti-malware scanners have you tried?

Re: False Positive v7?

Hello,

We'll provide you with an answer asap but it's a tricky detection.

Regards.