AdwCleaner is now flagging several registry entries created by WinPatrol. These appear to be False Positives, and should NOT be removed.
http://www.wilderssecurity.com/threads/win-patrol.365331/
Shoot.. why add WinPatrol entries to AdwCleaner...sigh...
I've reported the f/p to Xplode and let Bill know.
Thanks Corrine! Hopefully he will get in touch with the developers of AdwCleaner so they know those are WinPatrol's stuff. :hug:
:mitch:
Quote from: LilBambi on June 26, 2014, 07:25:41 PM
Hopefully he will get in touch with the developers of AdwCleaner so they know those are WinPatrol's stuff.
Xplode is the author of AdwCleaner :cool:
For others reading this, there is a reason why it is suggested that you click "Report" at the end of a scan and not "Clean". A review of the logfile that opens in Notepad will help spot any false positives (or certain items that you wish to allow). AdwCleaner does not create a backup but does contain a quarantine file from which files can be de-quarantined.
Also, keep in mind that f/p's can be restored from the AdwCleaner quarantine. To restore a file:
- Launch AdwCleaner and click Tools > Click Quarantine manager.
- Place a check in the box next to the file(s) to be restored.
- Click Restore (a logfile will open).
Of course, it would be better to review the findings prior to removal. When the AdwCleaner scan completes, all elements will be listed in each tab. Findings in the tabs Folders, Files, Shortcuts, Registry, Products and Internet Explorer can be unchecked if unsure or further review is needed.
Note: Elements in the Firefox and Chrome folders are viewable but can NOT be unchecked.
That's great news Corrine!
AdwCleaner 3.214 has been released, fixing (i.e., removing) the F/P of WinPatrol.
Excellent, downloading now!
AdwCleaner is flagging WinPatrol, see:
http://www.wilderssecurity.com/threads/win-patrol.365331/
Quote from: siljaline on July 01, 2014, 02:16:22 AM
AdwCleaner is flagging WinPatrol, see:
http://www.wilderssecurity.com/threads/win-patrol.365331/
Similar to what is posted in Siljaline's link above, I've noticed the following WinPatrol FPs (?) with Adwcleaner:
adwcleaner_3.213.exe
# Option : Scan
Key Found : HKCU\Software\BillP Studios
Key Found : [x64] HKCU\Software\BillP Studios
Key Found : [x64] HKLM\SOFTWARE\BillP Studios
I guess I'll try updating to AdwCleaner 3.214 and see if that solves the issue.
Best wishes to Bill P. and the new owner.
Just an update regarding AdwCleaner / WinPatrol issue. I trashed AdwCleaner 3.213 and downloaded 3.214, and now it does not seem to have the WinPatrol registry key FPs. However, it does flag a new key (which I deleted ... gulp!...), and something related to Firefox (which I also deleted. Also a "gulp!").
I realize that this is a WinPatrol thread, yet if someone would kindly tell me what AdwCleaner found and cleaned it would be greatly appreciated.
AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Administrator Bush\AppData\Roaming\Mozilla\Firefox\Profiles\ywmg8h0l.default\prefs.js ]
Per notes from Corrine:
Quote
-- Launch AdwCleaner and click Tools > Click Quarantine manager.
-- Place a check in the box next to the file(s) to be restored.
-- Click Restore (a logfile will open).
You can also uncheck elements you don't want to remove:
When the scan completes, all elements will be listed in each tab. Findings in the tabs Folders, Files, Shortcuts, Registry, Products and Internet Explorer can be unchecked if you want to keep them. Note: Elements in the Firefox and Chrome folders are viewable but can NOT be unchecked.
Quote from: siljaline on July 01, 2014, 04:00:43 AM
Per notes from Corrine:
Quote
-- Launch AdwCleaner and click Tools > Click Quarantine manager.
-- Place a check in the box next to the file(s) to be restored.
-- Click Restore (a logfile will open).
You can also uncheck elements you don't want to remove:
When the scan completes, all elements will be listed in each tab. Findings in the tabs Folders, Files, Shortcuts, Registry, Products and Internet Explorer can be unchecked if you want to keep them. Note: Elements in the Firefox and Chrome folders are viewable but can NOT be unchecked.
Thanks Siljaline, but I'm still at square one. I followed Corrine's instructions (i.e., Tools > Quarantine manager), and AdwCleaner stated "Quarantine empty".
So back to my original question:
Any idea what AdwCleaner cleaned / did (shown below), and why?
AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\Administrator Bush\AppData\Roaming\Mozilla\Firefox\Profiles\ywmg8h0l.default\prefs.js ]
The CLSID - best as I could determine is Skype.
http://www.systemlookup.com/CLSID/66064-skypeieplugin_dll_skypeieplugin4_dll.html
(read full citation before deciding if you want to recover the item)
The Firefox script has been falsely flagged forever but it covers regardless if it's removed.
Please note that I'm not an expert in what the tool can and can't do as I've stopped using it.
Thanks a bunch for the prompt and detailed reply, siljaline. Most appreciated.
John
Note: Posts regarding WinPatrol and AdwCleaner split from WinPatrol: Changing of the Guard (http://www.landzdown.com/winpatrol-help-information/winpatrol-changing-of-the-guard/).
Hi, John.
Anything "detected" by AdwCleaner can be reviewed after scanning in the various tabs. Items detected that you wish to research further or know to be safe can be unchecked prior to removal except anything shown in the the Firefox and Chrome folders. They are viewable but can NOT be unchecked.
You are most welcome, John - glad to help. System Lookup (http://www.systemlookup.com/) is an excellent tool for toolbar searches and the like. For someone that does malware (http://en.wikipedia.org/wiki/Malware) removal.
For those that are socially inclined, you may reach out to the AdwCleaner Team via Twitter (https://twitter.com/gchangelog)