Results 1 to 4 of 4

Thread: why does immunization lead to getting dospop and incredibar registry keys?

  1. #1
    Junior Member
    Join Date
    Jun 2019
    Posts
    2

    Default why does immunization lead to getting dospop and incredibar registry keys?

    I start spybot, do update and check immunization (do not apply it yet). Then I check the system with adwcleaner, and I see it is clean. Then I apply immunization. Immediately after that I check the system with adwcleaner again, and I see dospop and incredibar registry keys.

    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com

    What are those incredibar and dospop? Why does immunization create the registry keys? Are they dangerous? Why does adwcleaner consider them as a threat?

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,168

    Default

    Immunization is creating those registry keys to protect you from those domains. Actually Spybot creates many registry keys, not just for those two sites when it immunizes. As I recall, the reason those registry keys are made is to place the sites into security zones:
    https://www.yourdictionary.com/security-zones

    Spybot would be placing them into the restricted security zone for your protection. As long as Spybot is placing them into the proper security zone, these registry keys are not dangerous.

    adwcleaner might consider these registry keys dangerous because it may be a false positive. There's an article that explains roughly what a false positive is here, near the top of the article:
    https://www.howtogeek.com/180162/how...alse-positive/
    I don't know my way around their forum, but you might be able to find a place to report a false positive somewhere here:
    https://forums.malwarebytes.com/foru...es-adwcleaner/

  3. #3
    Junior Member
    Join Date
    Jun 2019
    Posts
    2

    Default

    Quote Originally Posted by Zenobia View Post
    Immunization is creating those registry keys to protect you from those domains. Actually Spybot creates many registry keys, not just for those two sites when it immunizes. As I recall, the reason those registry keys are made is to place the sites into security zones:
    https://www.yourdictionary.com/security-zones

    Spybot would be placing them into the restricted security zone for your protection. As long as Spybot is placing them into the proper security zone, these registry keys are not dangerous.

    adwcleaner might consider these registry keys dangerous because it may be a false positive. There's an article that explains roughly what a false positive is here, near the top of the article:
    https://www.howtogeek.com/180162/how...alse-positive/
    I don't know my way around their forum, but you might be able to find a place to report a false positive somewhere here:
    https://forums.malwarebytes.com/foru...es-adwcleaner/
    Thank you. They state here https://forums.malwarebytes.com/topi...omment-1308108 that the issue is going to fixed in the next release of adwcleaner

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,168

    Default

    You're welcome.

    Oh, that's good then. Nice find.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •