I love the software, but it doesn't seem to get rid of the Positive Finds or Buzzdock adware viruses. Then again neither do any of the other scanners out there... Can you please help?
@Me1: I haven't used YTD Video Downloader in years, so I can't say anything about that. If I remember correctly Hotspot Shield had at least one banner that appeared when the user had the software running and disappeared when the user closed the software. What I meant is that it could be the bundleware / adware part of the installers and the banner ad in Hotspot Shield that is triggering the heuristic in AdwCleaner. I agree with you though, these softwares should be whitelisted.
@anonsubmitter, yes you are right. But, most free software downloaded on the Web come bundled up with useless crapware anyway. The YTD downloader box, if you don't want the app, can easily be unchecked while installing your main program. Unckeck all boxes for programs unrelated to the main program. If you need YTD or Hotspot Shield, they have a website where you can get them. No need to be bundled up to anything. They are already very popular. They both can be uninstalled very easily from Programs & Features, so they should not be removed by AdwCleaner. Removing Hotspot Shield this way messes up the Internet connection.
For those who don't usually pay attention while installing software, a program like Unchecky could be very useful. That way, you won't be flooding the malware removal forums all over the Web.
http://unchecky.com/
Just downloaded to update my version, but can't run it because Norton antivirus detects a thread and deletes it immediately. The threat is identified as 'Suspicious.Cloud.7.EP'.
Not sure if this is a false positive, but don't want to take a chance on it. Please verify the software, clean it if necessary and update the download link (or post a note). Txs.
False positives (it's a legitimate VPN extension):
C:\Users\User\AppData\Local\Hola
HKLM\SOFTWARE\Google\Chrome\Extensions\ncffjdbbodifgldkcbhmiiljfcbgjag
If I remember correctly there's also a false positive for the Hola Unblocker Firefox add-on. However, the Firefox add-on stopped working for me - possibly due to AdwCleaner cleaning away files needed for it to work - and re-installing it doesn't help, so I can't submit a report for that add-on. The add-on can be installed from here if anyone wants to have a look at it: http://hola.org/
The following entries are false positives:
C:\Documents and Settings\User\Application Data\ProgSense (included with some software to look for updates - nothing malicious or deceiving)
C:\Documents and Settings\User\Application Data\Simple Adblock (adblocker now known as Adblock Plus knowingly installed by user for Internet Explorer)
C:\Documents and Settings\User\Local Settings\Application Data\Hola (knowingly installed by user)
HKCU\Software\ProgSense (included with some software to look for updates - nothing malicious or deceiving)
HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} (belongs to ZoomBrowser EX, a Canon camera utility)
The following are proxy settings knowingly added by user:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - socks=localhost:1234
Thanks in advance for correcting the issue.
bonjour meme avec la version 4.110 il y a toujours un faux positif pour le logiciel IDM (Internet Download Manager http://www.internetdownloadmanager.com/download.html ) si on supprime les clé de registre affichés cela demande ensuite de reinstaller IDM et on a toujours ce faux positif Rapport pour IDM:
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Clé Trouvée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Clé Trouvée : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Clé Trouvée : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Clé Trouvée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
egalement faux positif pour les logiciel Lastpass https://lastpass.com/misc_download2.php et faux positif pour le logiciel Driver Genius http://www.driver-soft.com/
@cocochepeau
Here are most of the entries I could find. I believe the Hotspot Shield drivers might be the culprit. One user had a driver inside Device Manager. Replacing that driver with one from another working computer seems to have corrected the connection issue.
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
File Deleted : C:\Windows\System32\drivers\taphss6.sys
File Deleted : C:\Windows\System32\drivers\hssdrv6.sys
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKCU\Software\anchorfree
Folder Found : C:\Users\Sid\AppData\Roaming\hotspot shield
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Couldn't remember password..so I made a new account.
@cocochepeau I emailed VIPRE about 2 days ago, and yes they confirmed: IT IS A FALSE POSITIVE. They said to make sure your software has the newest VIPRE definitions to the latest version (36814 or higher) and scan the file again...it found no threats to Adwcleaner.
So, it is safe to use!
I used your software to try and delete V9 and DeltaHomes, but no luck. It seemed to 'clean' up alot of things, but I haven't noticed any change. Can I please get some help?