Spy Sweeper found 'ie helper' adware

[dcdc]

I rarely find any malware on my computer, so I was surprised when a Spy Sweeper scan allegedly found the adware program 'ie helper' today.

The registry key is as follows: HKLM\software\microsoft\internet explorer\active x compatibility\{a2b7a0f0-...}.

The SS description is: 'IE Helper is an adware program that may display advertisements on your system.'

I used regedit to find the key in question, and it said 'compatibility flags', type: REG_DWORD, data: 0x00000400 (1024).

I am reluctant to quarantine this item without further information because it involves messing with the registry. I am inclined to think it's a false positive because scans with Windows Defender Beta and Spybot among others found nothing. I run quite a few other AS applications as well.

I could set a System Restore point, but once again that MS application is not working properly. I try to go back to a restore point, and I wind up with a message that the system could not be restored. Thank you so much, Microsoft.

Does anyone have a suggestion as how best to proceed? Thanks.

[Bubba]

Quote:

Originally Posted by dcdc

I used regedit to find the key in question, and it said 'compatibility flags', type: REG_DWORD, data: 0x00000400 (1024)

The 400 signifies an ActiveX kill bit has been set against that partial CLSID # you are showing which would stop that particular ActiveX control from running in Internet Explorer. That is usually accomplished by programs such as Spybot's Immunization or Spywareblasters IE ActiveX protection. However....a search of their respective databases for that partial CLSID comes up empty so perhaps you are using another program that installs IE ActiveX control blocking ?

In any case....if SS is reporting that entry and suggesting one remove that entry I would suspect a False positive even without knowing the whole CLSID #.

Bubba

Edit
Would the below happen to match the CLSID # found and are you by chance using Spyware Doctor ?

Quote:

12:33 PM: Registry Sweep Complete, Elapsed Time:00:00:22
12:32 PM: HKLM\software\microsoft\internet explorer\activex compatibility\{a2b7a0f0-b697-4a71-8d91-43443f57d7bb}\ (ID = 1578866)
12:32 PM: Found Adware: iehelper

[dcdc]

Hi Bubba,

Kudos to you, I must say.

Yes, I do run the free version of Spyware Doctor, which offers live protection but not the ability to remove any malware its scans reveal.

You are also correct about the CLSID found on my computer; it's the same you note in your post.

For those who don't know SD, it has an Immunizer function that blocks malicious Active X, well over 2000 at the moment, with usually one or more added in the daily updates.

This situation does raise the question of why SS should now find this particular FP. I have run both SD and SS for a couple of years now without a problem. I have had the current SS build for a few weeks now, and it has not picked up on any of the other SD blocked Active X. Perhaps the latest SS malware definitions are to blame.

At any rate, I will consider the detected item a false positive and leave it alone. I run so much AS that whenever a scan picks up anything, I usually suspect a FP anyway. I hate like hell to spend time trying to figure it out though. That's one reason I stay away from Pest Patrol, one of the few apps that the Spyware Warrior site recommends that I do not use. They have had a reputation for FPs for a long time.

Thanks for your help, Bubba.

[Bubba]

Quote:

Originally Posted by dcdc

Thanks for your help, Bubba.

You are very Welcome and glad you got it all sorted out

[Consoleman]

IE_Helpder is false positive guys, this should be fix by SS

[dcdc]

Apparently the fix has been made, as I have done a couple of SS sweeps after updates in the last few days, and IEHelper was not detected.

All of which goes to show - don't automatically quarantine or delete something just because your AS says it's malware.