PDA

View Full Version : why does immunization lead to getting dospop and incredibar registry keys?



softforce
2019-06-06, 16:50
I start spybot, do update and check immunization (do not apply it yet). Then I check the system with adwcleaner, and I see it is clean. Then I apply immunization. Immediately after that I check the system with adwcleaner again, and I see dospop and incredibar registry keys.

Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com

What are those incredibar and dospop? Why does immunization create the registry keys? Are they dangerous? Why does adwcleaner consider them as a threat?

Zenobia
2019-06-07, 10:40
Immunization is creating those registry keys to protect you from those domains. Actually Spybot creates many registry keys, not just for those two sites when it immunizes. As I recall, the reason those registry keys are made is to place the sites into security zones:
https://www.yourdictionary.com/security-zones

Spybot would be placing them into the restricted security zone for your protection. As long as Spybot is placing them into the proper security zone, these registry keys are not dangerous.

adwcleaner might consider these registry keys dangerous because it may be a false positive. There's an article that explains roughly what a false positive is here, near the top of the article:
https://www.howtogeek.com/180162/how-to-tell-if-a-virus-is-actually-a-false-positive/
I don't know my way around their forum, but you might be able to find a place to report a false positive somewhere here:
https://forums.malwarebytes.com/forum/187-malwarebytes-adwcleaner/

softforce
2019-06-07, 11:11
Immunization is creating those registry keys to protect you from those domains. Actually Spybot creates many registry keys, not just for those two sites when it immunizes. As I recall, the reason those registry keys are made is to place the sites into security zones:
https://www.yourdictionary.com/security-zones

Spybot would be placing them into the restricted security zone for your protection. As long as Spybot is placing them into the proper security zone, these registry keys are not dangerous.

adwcleaner might consider these registry keys dangerous because it may be a false positive. There's an article that explains roughly what a false positive is here, near the top of the article:
https://www.howtogeek.com/180162/how-to-tell-if-a-virus-is-actually-a-false-positive/
I don't know my way around their forum, but you might be able to find a place to report a false positive somewhere here:
https://forums.malwarebytes.com/forum/187-malwarebytes-adwcleaner/
Thank you. They state here https://forums.malwarebytes.com/topic/246071-incredibar/?tab=comments#comment-1308108 that the issue is going to fixed in the next release of adwcleaner

Zenobia
2019-06-07, 14:00
You're welcome.

Oh, that's good then. Nice find. :)