SUPERAntiSpyware detected Search Protection

Malwarebytes for Home | Anti-Malware Premium | Free Trial 
I ran a scan for malware on a Microsoft Windows 10 system using SUPERAntiSpyware, an anti-spyware program that is available as a free version, today. I ran a scan of another Windows 10 system at the same location using SUPERAntiSpyware a few days ago after the user of that system reported performance problems on her system. The other user told me that the user of the system I scanned today was also experiencing problems with her system. SUPERAntiSpyware reported "1 Item Found" on the system I scanned today. It reported that it found an application Search Protection:

Search Protection is a program that may display advertisements and is bundled with other potentially unwanted programs.

It identified the following Windows registry key as suspicious:


SUPERAntiSpyware found Search

When I examined the registry key it flagged with the Windows Registry Editor program regedit.exe, I saw the following:

Registry Editor - Search 

For the ImagePath value, I saw "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe".

LavaSoft is a software company that produces spyware and malware detection software. One of its products is Ad-Aware. I had installed the free version of Ad-aware on the system on November 24, 2014 when the malware on the system was causing performance issues. When I install software on the systems at this location, I monitor the installation with Total Uninstall , a program that tracks changes made to a system, such as file and registry additions and modifications, and export a report for each installation, When I checked the report for the Ad-Aware installation, I saw it created the registry entry that SUPERAntiSpyware flagged, so in this case I believe SUPERAntiSpyware is reporting a false positive. I chose the Skip These option in SUPERAntiSpyware.

The herdProtect Anti-Malware site gives Lavasoft.SearchProtect.WinService.exe a rating of "Clean" with an analysis date of December 17, 2016. The herdProtect page for the software also includes a publisher's description for Web Companion by Lavasoft as “Web Companion secures your browser’settings against unauthorized changes and acts as a buffer between your browser and malicious sites.”

I also uploaded Lavasoft.SearchProtect.WinService.exe to the VirusTotal website, a Google site that scans uploaded files with multiple antivirus programs. None of the 56 antivirus programs with which it scanned the file reported anything amiss with it; all that evaulated it judged it as safe (Report).

Checksums for the file are listed below:

MD5: 866a0e42cddffd71b5cdf0c08f1b07e4
SHA1: a82381f40c98d0e05215087b625de6a33c4680ec
SHA256: 2c10c049a809256b60084e4e4b39b2d91d98ee06ea14a7c146df5e991582367b

Prior to running SUPERAntiSpyware on the system, I checked the McAfee Total Protection logs to see if it had detected anything problematic on the system when it last scanned the system. McAfee Total Protection is the antivirus software on the system performaing real-time scanning of the system. A scheduled scan of the system ran last night. It did not find anything to report when it scanned the system then.


TechRabbit ad 300x250

Justdeals Daily Electronics Deals1x1 px