Many Rotkit.HiddenKey and Rootkit.HiddenValue FPs?

iskonskozlo · July 30, 2011, 10:58am

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.ru\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\www\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\b\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\okulta.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchalot.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.ru\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\b\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\b

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\okulta.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchalot.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\*

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www

Rootkit.HiddenValue@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\*

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.ru

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchalot.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\okulta.com

Rootkit.HiddenKey@0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu

Database number is 9563.
None of the entries can be deleted, disinfected, ignored or submited.

tlpjohn40 · September 13, 2011, 4:51pm

iskonskozlo I have the same problem. I have about 3000 Rootkit hidden keys and value infections that were detected. The CAV scanner will not remove or quarantine them. I have tried using Comodo AV in safe mode and Comodo Cleaning Essentials and the 3000 infections are not detected using this. I have tried other scanners like MBAM, Avira Antir AV, Emsisoft Anti-Malware, ESET online scanner, Pctools spyware Dr + Av with CAV disabled and I still didn’t find anything. I can only assume that my 3000 are most likely FP. I hope this can be resolved.

BWood · September 24, 2011, 7:00am

I have a similar problem, thousands of these hidden entries. I think they were from Spybot passive immunisation. I have uninstalled the Spybot program but these entries remain and can’t be removed by the Comodo Cleaner.
I had a looked with regedit but I can’t find them because they are hidden. I can only see the IE8 restricted zone entries. I think these entries affect IE8 performance. Is there a way to unhide these or remove with Comodo Cleaner?

iskonskozlo post:1:

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.ru\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\www\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\b\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\okulta.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchalot.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.ru\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\b\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\www

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\b

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\okulta.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchalot.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com\*

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\www

Rootkit.HiddenValue[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com\*

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\casalemedia.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\enigmasoftware.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\econocorp.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.ru

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\websearch.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mp3musicdirect.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uzupa.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchalot.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agava.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xp-vista.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andromedical.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\myfasterpc.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\okulta.com

Rootkit.HiddenKey[at]0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bit-world.eu

Database number is 9563.
None of the entries can be deleted, disinfected, ignored or submited.

clockwork · September 24, 2011, 11:13am

For testing if its spybots host file immunization, you can easily “move back this changes” in the immunization window of spybot.

If the false postives messages of comodo WERE caused by the spybot protection, isnt it nice that not another program can remove this protection?

But i find it strange that a false positive of this amount would be able to stay for months. I hope for your machines though, its a false postive.

BWood · September 25, 2011, 3:04am

I have just tested spybot passive immunization and moved back changes. I re-scannned with Comodo and this time the hidden entries increased from 3000 to 30,000. Spybot did not remove all the 200,000 immunization entries. I tried a couple of registry cleaners but no luck. I even tried a manual delete, create a “delete.reg” and merge file but they are still there. These entries are slowing down Comodo scans and clean process and cannot be included in the Comodo exclusion list.

languy99 · September 25, 2011, 3:20am

try this guy and see if you can see them and remove them then http://regmagik.com/default.htm

clockwork · September 25, 2011, 7:12am

First time that i hear about this kind of problems with an antivirus and spybot.

Must be new, because i use spybot for a long time, with comodo antivirus sometimes, and others.
And strange when the detections rise up in numbers after you cleaned the immunization.

If its really spybots changes which are “detected”, it would be a false positive of comodo because:
This isnt a rootkit, isnt a virus.

And only comodo “finds it”, but can not remove it.
I would run a registry cleaner like ccleaner, and otherwise i would not care.
How often do you scan with comodo? I would not do it more than causal necessary anyway.

Keep an eye on that with another on demand antivirus (example: emsisoft antimalware free version, malwarebytes free version), as a second opinion. In the case that it wasnt spybots changes.

And spybot has a forum. You could give us a feedback here, if there are news.

BWood · September 25, 2011, 12:23pm

I have scanned with Avira, Emisisoft Anti Malware, Malware bytes, Super Antispyware and AVG, none of these picked up these registry entries, so I think they are just false positives.
I have just finished a Comodo scan after doing some aggressive registry editing , and I think I have got rid of all the 30,000 entries. The scan has comed up clean and ran much faster.

clockwork post:7:

First time that i hear about this kind of problems with an antivirus and spybot.

Must be new, because i use spybot for a long time, with comodo antivirus sometimes, and others.
And strange when the detections rise up in numbers after you cleaned the immunization.

If its really spybots changes which are “detected”, it would be a false positive of comodo because:
This isnt a rootkit, isnt a virus.

And only comodo “finds it”, but can not remove it.
I would run a registry cleaner like ccleaner, and otherwise i would not care.
How often do you scan with comodo? I would not do it more than causal necessary anyway.

Keep an eye on that with another on demand antivirus (example: emsisoft antimalware free version, malwarebytes free version), as a second opinion. In the case that it wasnt spybots changes.

And spybot has a forum. You could give us a feedback here, if there are news.

siketa · September 27, 2011, 12:43pm

Maybe this answer from Ionel will satisfy you…