I'm running Windows 7 with IE11 and Spybot updates from 4/24. I got the following entry in a recent scan:

PornoAssist: [SBI $6749D087] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-830593641-2385924060-362116996-1001\Software\Microsoft\Internet Explorer\DOMStorage\addthis.com

Aside from tracking cookies, no other items were detected. I chose "fix selected problems," which deleted the registry key. After re-scanning, no issues were detected.

The referenced registry key appeared valid. It contained two values, NumberOfSubdomains and Total. If I visit addthis.com (which is a valid commercial website), it's recreated and subsequently picked up by in a Spybot scan, which seems to confirm it's a false positive.

I'm running Windows 7 with IE11 and Spybot updates from 4/24. I got the following entry in a recent scan:

PornoAssist: [SBI $6749D087] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-830593641-2385924060-362116996-1001\Software\Microsoft\Internet Explorer\DOMStorage\addthis.com



I got the same "PornoAssist" flag. It's hard to believe that it's supposed to be there. It must be some bad thing, expecially since its in the registry. I wonder why nothing shows up on a Google search about this PornoAssist, other than this thread. It must be new and maybe something to worry about. I don't think that just because the Registry URL (addthis.com) seems ok, I wouldn't jump to conclusions. I don't want it in my registry and I never visited the site or anything porno.

Hello,

i have same problem with this ****. Format system disc,reinstalation Win 7 and update system do not resolve this detection.

Hello,

Thank you for reporting, I will bring this topic to the attention of a detective. :)

Kind regards.

I have trace on my pc of this entry "Addthis" on the registry togheter with other two entries (tracks).
Spybot Search and destroy has pointed out the first entry as Trojan and the other two as tracks.
I have cleaned all and now the entries seem cancelled on the registry.
Thanks to S.S.D.!
The browser interested was only I.E. while Chrome is free.
I have investigate on "Addthis" and his activity is normal ($12 per month for our best widgets, content recommendations and other tools that drive traffic on your site) or seems normal, but some site may use it in improper way...

Hi. addthis.com appears to be a legit site. Whenever I go to that site, or any other site that utilizes their widgets, addthis.com is added to the DOMStorage section of my registry. This is normal. however, spybot with the latest defs is classifying this as a pornoassist Trojan. I emailed addthis, and they said this should not be happeneing.

Any ideas here?

11443

Thanks in advance.

What happened here?

Thank you for reporting this, please ignore this result, it will be removed from our detection database effective with the next detection update scheduled for Wednesday 2014-05-07.

I just finished running Spybot on my wife's computer and mine. Both came up with the PornoAssist Trojan. Don't have a clue where that came from.

Hello habs7,


I just finished running Spybot on my wife's computer and mine. Both came up with the PornoAssist Trojan. Don't have a clue where that came from.

This was reported as a possible false positive and confirmed. :)


Thank you for reporting this, please ignore this result, it will be removed from our detection database effective with the next detection update scheduled for Wednesday 2014-05-07.

Best regards.

I found the same thing today in the Quarantine folder. I was both shocked as I do not ever go to any porn site. I have read all the posts but I didn't see where the pornoassist comes from. short of FB and government websites being the sites visited most often where does it come from? It is not something I want to find during a scan and placed in quarantine folder. If its a false positive and a legitimate site you would assume that you had to visit some website to pick it up. Yet why then is it called pornoassist if its legitimate website? porno is not named to encourage one to visit. Bottom line where does it come from, how does it classify as a false positive?





I'm running Windows 7 with IE11 and Spybot updates from 4/24. I got the following entry in a recent scan:

PornoAssist: [SBI $6749D087] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-830593641-2385924060-362116996-1001\Software\Microsoft\Internet Explorer\DOMStorage\addthis.com

Aside from tracking cookies, no other items were detected. I chose "fix selected problems," which deleted the registry key. After re-scanning, no issues were detected.

The referenced registry key appeared valid. It contained two values, NumberOfSubdomains and Total. If I visit addthis.com (which is a valid commercial website), it's recreated and subsequently picked up by in a Spybot scan, which seems to confirm it's a false positive.

Hello paralegal54,

Please see my response to your other post in the thread here: http://forums.spybot.info/showthread.php?70317-Delta-Toolbar-one-remaining-reg-entry-DataMngr&p=453162#post453162

Best regards.