Ad-aware 6.0 & false positive?

Discussion in 'other anti-malware software' started by ronny, May 6, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    First i have to say that i use XP dutch and have my homepage set to blanco= about: blank

    I updated Lavasoft Adaware to reference file 01R302 03.05.2004 and the scanned my PC.
    After the scan i got 2 warnings. I didn't think (yes , stupid stupid, i know) and deleted those entries.But immediately SpywareGuard (good program, thank you Javacool ;) ) warned me that my homepage was changed from "about:blank" to "microsoft...".So i changed it again to "about :blank"

    I scanned again with adaware and it came with the following:

    " vendor: Possible Browser Hijack attempt
    type :RegData
    category:data Miner
    object: HKEY_CURRENT_USER:software\Microsoft\Internet Explorer\Main "StartPage"("about:blank")
    comment: Possible Browser hijack attempt

    The other warning didn't come anymore.I hope i didn't do something harmful by deleting it.(i even deleted the quarantaine) It had also something to do with that "about :blank ,i remember.

    PS: i registerd with the lavasoft forum, but i have to wait before i can post there....that's why i already posted it here
     
    Last edited: May 6, 2004
  2. Helpless

    Helpless Registered Member

    Joined:
    May 6, 2004
    Posts:
    6
    Location:
    at computercops.biz ; at wilderssecurity.com ; at
    ad-aware says "possible"....

    I had the same thing, but when looking close into it , it was caused by a soft i installed...

    I use FreeSurfer (popup-blocker) and there the option to set the start page to about:blank was cheked, there is a simular option in SpybotS&D if i'm not mistaking, .....so first chek there before starting to panic.

    so first check if you have no softs who block your page agianst changing the settings, and if they do and you want to keep them then dont use about:blank as startpage.

    cu
     
  3. Nick

    Nick Registered Member

    Joined:
    May 14, 2002
    Posts:
    187
    Location:
    California
    If you set your IE hompage to About:Blank or it's equivilent in Dutch, then you have done nothing wrong. Because Coolwebsearch uses the About:Blank page as a hijack, Ad-Aware is now detecting and fixing it. However, it will detect any about:blank it finds and it found 2 on my system. I have chosen to have about:blank as my Internet Explorer home page, so I didn't have Ad Aware fix it. I also have SpywareGuard, and anytime the home page is changed, it will give the warning box you described. Since Ad-Aware was changing the home page, that is why SpywareGuard gave you the warning.

    You can go to Tools>Internet Options> in IE and click the "Use Blank" in the Hompage section to restore it if you want it as your homepage. Next time you scan with Ad-Aware, it will detect it again, so I suggest that you put it in the ignore list to avoid it being detected in the future.
     
  4. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Thank you Nick and Helpless.You confirm what i was thinking ;)

    And i found the log in Adaware, here it is:

    "....started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "about:blank"
    Category : Data Miner
    Comment : Possible browser hijack attempt
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Main
    Value : Start Page
    Data : "about:blank"


    Possible Browser Hijack attempt Object recognized!
    Type : RegKey
    Data : OldStartPage="about:blank"
    Category : Data Miner
    Comment : Possible browser hijack attempt
    Rootkey : HKEY_CURRENT_USER
    Object : Software\XCleaner "
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Ok got answers on the Lavasoft forum:


    "Just to clear this up, it is not a false positive and Aaron knew what the reactions would be. We were all notified of possible user reactions to this entry
    It clearly states: Possible Browser Hijack attempt Object recognized!

    In this case it is the only way to clear up the issue if it is indeed being caused by CWS.
    If AboutBlank is your designated Home\Start Page then add it to your Ignore List.
    If not, then remove it with the rest.

    To add objects to your Ignore List:
    Scan with Ad-aware,
    Click "Next",
    A list of detected items will be in the view window
    (always do the 'Ignore' list items 1st)
    Select any items from the list that you want to "Ignore",
    Right click in the scan results window,
    Select "Add selection to ignore-list",
    Click "OK". "


    I have to admit , they are right.They DID said "POSSIBLE" browser hijacks. :D
     
  6. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I may be missing the boat, or even the ocean...but i thought I understood the message, and yet my browser is set to google (out of habit) as it's home page. I never have understood why i see "about blank" listed in spybot S&D and HijackThis Logs but i decided, you know, i'm just going to let ad-aware remove it if good old CWS is exploiting the name. if i use google as my homepage do i need "about blank" for any reason, or am i just opening the door for CWS? i know i am missing something about the why i have that page in the first place. is what i did ok?

    - HandsOff
     
Loading...
Thread Status:
Not open for further replies.