Maximus1337

OK. Thank you very much. I have a suggestion: I understand, why you can't just delete this false positive and why MBAM has to keep detecting this type of registry-modifications. But would'nt it be better to have this exceptional case diagnosed as something like "possible security threat" or "possible security hijack" or whatever? Under the conditions, of course, that it's that specific key with those specific "Debugger"-values. So people would go look it up instead of getting scared and having MBAM "fix" it, which would probably result in the deactivator not working properly for itunes. I don't think that there is any malware out there which would actually redirect to "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe". "Security.Hijack" for something that, in a considerable number of cases, is actually completely normal, sounds a bit terrifying to me. ;-)

Thanks for the fast response. Since you did'nt give a reason for answer 1, I suppose it's the same as in the mentioned thread: In short: It's just normal "tuneup"-behavior in this case. Although this kind of behavior could be dangerous, if it was malware which modified/created that "Debugger"-key to run a malicious executable instead of that reactivator. Correct? In that case, "TUAutoReactivator64.exe" would very likely have been detected as being malware as well, either by MBAM or Antivirus. Correct? If both yes: I guess, Tuneup modifies/creates keys like that one for every application (executables, services etc.) which I choose to deactivate. But I've been using TU's program deactivator for quite some time now, like at least 2 years. I'm using it, for example, to deactivate Acronis TrueImage Home and some other stuff which uses up RAM or CPU, even if I don't use it and don't need it to run in the backround. That "Debugger"-Key must be just as dangerous, if it redirects from, let's say "TrueImageLauncher.exe" instead of itunes. So here is my question: Why does MBAM only detect the registry-modification made for itunes and not the others?

Hey guys. I've found a "security.hijack". I'm guessing, it's a false positive, like this one: http://forums.malwarebytes.org/index.php?showtopic=113609 Just to be safe, I would like to hear your opinion on it. Here is my log: In that registry folder, there are two keys: "(Standart)", which seems to be empty, and "Debugger", which contains "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe". - I'm using Tuneup 2012's program deactivator to completely deactivate itunes, as long as I don't need it. - I use Avira Antivirus 2012 premium and it never found anything. - I downloaded itunes (as far as I remember, since I am very careful about what I download and install) directly from apple. So, I have two questions now: 1. Am I right, that this "Security.Highjack" can be ignored? 2. If yes: What if I put it on the ignore-list and after that some malware actually compromises that registry key? Would MBAM ignore that as well? Regards Max