Jump to content

Detected object: Application.Win32.WSearch (A)


Recommended Posts

Hi guys,

On first run, on a Windows Server 2012R2 server, Emsisoft detected Win32.WSearch (A) - HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}

This looks to me like part of the Windows system. What do you think?

If it is not malicous, how could I exclude a registry entry like this? (I can only see how to exclude files and folders).

Thanks in advance.

Daniel

Link to post
Share on other sites

It's just a registry key for what we call a Potentially Unwanted Program (PUP). It's a subkey of WOW6432NODE, which is a system key that's used to store registry data for 32-bit applications as part of WoW64 (Windows on Windows 64). It's not a false positive, and it's safe to delete it.

Link to post
Share on other sites
7 hours ago, GT500 said:

It's just a registry key for what we call a Potentially Unwanted Program (PUP). It's a subkey of WOW6432NODE, which is a system key that's used to store registry data for 32-bit applications as part of WoW64 (Windows on Windows 64). It's not a false positive, and it's safe to delete it.

Doesn't the decision to delete the key depend on whether or not @Daniel Pipe has the software concerned installed (intentionally) or not?  

Link to post
Share on other sites
16 hours ago, JeremyNicoll said:

Doesn't the decision to delete the key depend on whether or not @Daniel Pipe has the software concerned installed (intentionally) or not?  

Presumably it would be detected if it was installed, but from what I'm seeing it's probably something called "Optimizer Pro", so if that is something they have installed and want to keep them you're correct that they wouldn't want to delete the registry key.

Link to post
Share on other sites

Thanks guys,

I've inherited this server. It is a domain controller with a number of roles but very limited third party software (AV, Backup, etc)

It shows "Optimiser Pro" in some other alerts (I didn't realise they are related). I'm not aware of this software so i think I will cross my fingers and tell it to go ahead and remove.

Thanks for responding and hope it helps others.

Daniel

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...