False positives (it's a legitimate VPN extension):
C:\Users\User\AppData\Local\Hola
HKLM\SOFTWARE\Google\Chrome\Extensions\ncffjdbbodifgldkcbhmiiljfcbgjag
If I remember correctly there's also a false positive for the Hola Unblocker Firefox add-on. However, the Firefox add-on stopped working for me - possibly due to AdwCleaner cleaning away files needed for it to work - and re-installing it doesn't help, so I can't submit a report for that add-on. The add-on can be installed from here if anyone wants to have a look at it: http://hola.org/
The following entries are false positives:
C:\Documents and Settings\User\Application Data\ProgSense (included with some software to look for updates - nothing malicious or deceiving)
C:\Documents and Settings\User\Application Data\Simple Adblock (adblocker now known as Adblock Plus knowingly installed by user for Internet Explorer)
C:\Documents and Settings\User\Local Settings\Application Data\Hola (knowingly installed by user)
HKCU\Software\ProgSense (included with some software to look for updates - nothing malicious or deceiving)
HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} (belongs to ZoomBrowser EX, a Canon camera utility)
The following are proxy settings knowingly added by user:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - socks=localhost:1234
Thanks in advance for correcting the issue.
@cocochepeau
Here are most of the entries I could find. I believe the Hotspot Shield drivers might be the culprit. One user had a driver inside Device Manager. Replacing that driver with one from another working computer seems to have corrected the connection issue.
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
File Deleted : C:\Windows\System32\drivers\taphss6.sys
File Deleted : C:\Windows\System32\drivers\hssdrv6.sys
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKCU\Software\anchorfree
Folder Found : C:\Users\Sid\AppData\Roaming\hotspot shield
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Bonjour,
Prévoyez vous de faire une version en ligne de commande et qui se met a jour automatiquement?
Nous voudrions utiliser ce soft sur un parc de milliers de machines.
Merci
New Malware
===========
Name: Searchult
Action: Change home page of Firefox/Chrome
Location: %UserProfile%\AppData\Roaming\Macwebtoise
*Need to close explorer.exe to disinfect
I had a computer that was infected with a browser hijacking called gamersinfo.org but Adwcleaner didn't pick it up. Maybe you haven't added it to the database so would really appriciate if you did.
Bitdefender Total Security 2014 me détecte une vérole dès que je veux télécharger la version 4.107.
"Le fichier C:\Users\[MonNom]\AppData\Local\Temp\a9B3yjOH.exe a été infecté par Gen:Variant.Graftor.171167."
Hello,
Everytime when I do a Scan, I get this thing:
***** [ Taken ] *****
Taak Gevonden : Dealply
Taak Gevonden : DealPlyUpdate
Taak Gevonden : Express FilesUpdate
Taak Gevonden : globalUpdateUpdateTaskMachineCore
Taak Gevonden : globalUpdateUpdateTaskMachineUA
Taak Gevonden : Searchya
I never get ride of it, it always return.
What do I have to do to get ride of it?
Please help!!!!
@tonypl6 : It was a "small" bug in the database. It has been fixed yesterday with the database update.
Sorry for the desagrement,
Salut à vous,
J'ai actuellement constaté une chose étrange sur AdwCleaner 4.106:
il me détecte le dossier qui contient Adblock comme malveillant:
C:\Users\nom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Suis-je le seul ?