Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible false positives scanning with AdWr cleaner?


  • Please log in to reply
6 replies to this topic

#1 loboloco51290

loboloco51290

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 PM

Posted 30 August 2016 - 11:29 PM

Hello

 

I've run 3 scans today (no cleanups) with adwcleaner and it came up with 3 different things everytime:

 

 

# AdwCleaner v6.010 - Logfile created 30/08/2016 at 19:26:47

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - ask.com
 
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 22:44:39
***** [ Files ] *****
File Found:  C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\3rbe7qh1.default\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi

 

# AdwCleaner v6.010 - Logfile created 31/08/2016 at 00:10:56

***** [ Folders ] *****
Folder Found:  C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\3rbe7qh1.default\extensions\staged\jid1-93CWPmRbVPjRQA@jetpack
 
 
Also, I cleaned something related to ask.com a few days ago:
 
 
# AdwCleaner v6.000 - Logfile created 24/08/2016 at 12:39:39
***** [ Web browsers ] *****
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [chrome-app-launcher.en.softonic.com] [Search Provider] Deleted: chrome-app-launcher.en.softonic.com
 
 
I ran full scans with Panda, MB Antimalware, Panda cloud cleaner and Eset, nothing was found.
 
Should I be worried?
 
*I use Windows 10 Home x64

Edited by loboloco51290, 30 August 2016 - 11:31 PM.


BC AdBot (Login to Remove)

 


#2 Kuszotke

Kuszotke

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 31 August 2016 - 02:51 AM

http://www.systemlookup.com/FF_Extensions/3662-jid1_93CWPmRbVPjRQA_jetpack_xpi.html

 

That seems to be unnecessary. Just run a couple AdwCleaner scans and delete those files - however i recommend waiting for a more experienced member to help.



#3 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 31 August 2016 - 07:03 AM

QUOTE from.....Malware scan of jid1-93cwpmrbvpjrqa@jetpack.xpi 09e79e8d9a89317810f6bff7d809550377276a08 - Reason Core Security Labs

“Automatically find and apply coupon codes when you shop online!”
 
Not false positives....
 
Scan using Junkware Removal Tool and clean the computer using CCleaner.
 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 loboloco51290

loboloco51290
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 PM

Posted 31 August 2016 - 11:42 PM

Hello buddy215, thank you for your answer.

 

Here are the results from MB's JRT:

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Oscar (Administrator) on 08/31/16 at 23:01:25.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 4 
 
Successfully deleted: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\Users\Oscar\AppData\Local\{B166CB04-0765-4E1B-97C0-3CEBF2CABF9C} (Empty Folder)
Successfully deleted: C:\Users\Oscar\AppData\Roaming\new version available (Folder) 
Successfully deleted: C:\Users\Oscar\AppData\Roaming\system (Folder) 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5A33C31F-DB0C-480E-9CC0-4C090E78A659} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{5A33C31F-DB0C-480E-9CC0-4C090E78A659} (Registry Key)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/31/16 at 23:03:37.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
I've been using the Honey extension on Chrome for over a year, with no issues and no triggers from any of my security app scans. I only installed it on Firefox a week or so ago; apparently that triggered Adware Cleaner, but I don't see why, since it comes from the same official developper (Honey)... Anyway, I've since remove it from Firefox.
 
I also did a scan with Adware, but this time found nothing.
 
Let me know if there's anything else I should do.
 
Thank you!


#5 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 01 September 2016 - 04:48 AM

If you are using Panda Free you may have this installed: Panda Safe Web Panda Security

That is their adware....Uninstall it.

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 loboloco51290

loboloco51290
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 PM

Posted 04 September 2016 - 06:13 AM

I use the paid version of Panda Global Protection, and alternately Panda Cloud Cleaner. I don't have any trace of Panda Safe Web Security. SecurityCheck.exe has 3 hits out of 56 on Virus Total... I'm deciding not to trust it. Thanks for your help anyway, have a good one!



#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:13 PM

Posted 04 September 2016 - 08:03 AM

I just had Virus Total to scan SecurityCheck.exe. Now reporting two hits from 2 unknown to me security programs. I would definitely not rely on those two hits.

Antivirus scan for 3afa794382c8719063c879e971cefbe562d751b014bf769680ced0ebe23aabb9 at UTC - VirusTotal

 

Of course, it's your comp...your decision...you're welcome


Edited by buddy215, 04 September 2016 - 08:04 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users