Hi,

My F-Secure AV software identified Bargain Buddy and Adware.AdMedia last night, so I quarantined and subsequently deleted them (from within F-Secure).

However, when I searched here, I found that these 2 items are listed as 'false positives' in the latest definitions for Adaware. I believe F-Secure uses the Adaware engine for the Spyware check.

I've since done a check with Trend Micro online scan and all seems fine, but I'm wondering what damage I might have done, by deleting these files - assuming that they were indeed false positives.

Can anyone advise?
Thanks,

Alex.

Can't you restore them via the F-Secure GUI?

AsAware identified those also, and when I ran a scan with F-Secure it did the same. F-Secure uses AdAware as its anti spyware module, I feel pretty sure.

Having been warned I did not delete them. AdAware updated again today, and maybe they fixed those FPs.

Best,
Jerry

Nope. I've checked and I definitely deleted them from quarantine.

So does anybody know if I may have damaged my system and if so, how?

I'm a relatively new user to F-Secure (< 1 month) and have never encountered any malware or viruses with it, let alone false positives.

I set a System Restore checkpoint the day before this happened. If I restore to that point, will the deleted files be restored?

I could then update all my AV definitions and run a fresh scan.

If they're false positives, I suppose they would beidentified correctly now.

i have a simalar problem with an fp with f-secure antispyware when ever i go to this link whihc is a yahoo game called chuzzle f-secure says adware.pop which im guessing is an fp because my sister can play it on her laptop eith no warning from antivir and no toolbars or other funny stuff going on.

http://games.yahoo.com/games/downloads/cz.html;_ylt=AuACbknmD42TZDoH0r6pNAOQ6n0u

lodore

-{ Quote: "I set a System Restore checkpoint the day before this happened. If I restore to that point, will the deleted files be restored?

I could then update all my AV definitions and run a fresh scan.

If they're false positives, I suppose they would beidentified correctly now." }-
The system restore will only restore a certain set of files such as .exe .dll etc.
see list..
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sr/sr/monitored_file_extensions.asp

It doesnt back everything up so the files you deleted may still be gone.However if they are critical files then system restore should restore them.
ellison

-{ Quote: "My F-Secure AV software identified Bargain Buddy and Adware.AdMedia last night, so I quarantined and subsequently deleted them (from within F-Secure).

However, when I searched here, I found that these 2 items are listed as 'false positives' in the latest definitions for Adaware.

I'm wondering what damage I might have done, by deleting these files - assuming that they were indeed false positives" }-Hello alexei,

If you take a look at your F-Secure scan results or if you can recall if the below registry locations were reported as Bargain Buddy and Adware.AdMedia....then you will have no worries because you have deleted those registry items. That registry location is in regards to statistics of addons of BHO's, browser extensions or ActiveX controls and can be deleted if one so chooses without any adverse effect.

Adaware False Posiitves:
-{ Quote: "Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}" }-

Hi,

I saved the report at the time, before deleting the files.

There's a lot of information and I don't have enough knowledge about the registry to know if it's okay to have deleted these entries.

Thanks.


BargainBuddy (Malware)

* REGKEY:HKCR\clsid\{48e59293-9880-11cf-9754-00aa00c00908}
REGKEY:HKCR\interface\{48e59291-9880-11cf-9754-00aa00c00908}
REGKEY:HKCR\typelib\{48e59290-9880-11cf-9754-00aa00c00908}
REGKEY:HKCR\inetctls.inet
REGKEY:HKCR\inetctls.inet.1
* REGKEY:HKCR\clsid\{48e59293-9880-11cf-9754-00aa00c00908}
REGKEY:HKCR\inetctls.inet
REGKEY:HKCR\inetctls.inet.1
REGKEY:HKCR\interface\{48e59291-9880-11cf-9754-00aa00c00908}
REGKEY:HKCR\typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Action: quarantined

Adware.AdMedia (Data miner)

* REGKEY:HKU\S-1-5-21-1202660629-1425521274-682003330-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
REGKEY:HKU\.DEFAULT\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-19\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-20\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-21-1202660629-1425521274-682003330-1003\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-18\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\.DEFAULT\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com
REGKEY:HKU\S-1-5-19\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com
REGKEY:HKU\S-1-5-20\software\microsoft\windows\currentv
* REGKEY:HKU\.DEFAULT\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-19\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-20\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-21-1202660629-1425521274-682003330-1003\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\S-1-5-18\software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
REGKEY:HKU\.DEFAULT\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com
REGKEY:HKU\S-1-5-19\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com
REGKEY:HKU\S-1-5-20\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com
REGKEY:HKU\S-1-5-21-1202660629-1425521274-682003330-1003\software\microsoft\windows\currentvers Action: quarantined

As noted above....those registry entries you are showing were false positives and you did not do any real harm by deleting them if they no longer are available via quarantine.

The other internet settings\zonemap\domains entries you are showing were also False positives in AdAware's Sept. 12 Update and I would assume F-Secure if it indeed uses the Adaware engine. They were found to be Restricted Site entries placed there possibly by programs such as Spybot's Immunization, Spywareblaster....etc. Those can be added back by using what ever program you use that places Restricted Site entries into Internet Explorer if that's the case.

Related thread on another Forum---> Ad-Aware Sept. 12 Update - FP?? (http://www.dslreports.com/forum/remark,16887509)

That's re-assuring to know.

I use Spyware Blaster, Spybot and SpywareGuard, so I've updated definitions for all of them.

Thanks for your help!

-{ Quote: "That's re-assuring to know....Thanks for your help!" }-Glad you got it sorted out and you are very Welcome.