Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Spiff

  • Rank
    New Member
  1. And many thanks to you and to the Malwarebytes team for fixing this so speedily.
  2. Ah, and thank you very much, shadowwar/ Rich Matteo, for your reply.
  3. I confirm what ky331 reported, no detections with database v2013.06.19.06. And I support what ky331 said regarding those detections.
  4. Thanks. It helped for 6 out of 7. One detection is still there: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) When you're working on that one, perhaps you can anticipate on the wmplayer key, which isn't in my registry for some reason, but is in others. Thanks again and best regards
  5. I hadn't checked what was in the exported keys, but I see you're right, there's no further data. And I see the same when I view those keys in the registry. I think it's not that odd for those software items that aren't on my system (like iTunes, for instance), but even that wordpad key has no value. I don't know what to think of it.
  6. Attached is the archive Registry export.zip containing the seven exported keys: chrome, firefox, iTunes, opera, Safari, winamp and wordpad. By the way, someone else also reported MBAM detecting a wmplayer key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe See: https://www.security.nl/artikel/46690/ But that wmplayer key is not in my registry (although wmplayer is in the EMET Application Configuration list) so I can't include it in the zip file. Thanks very much and best regards Registry export.zip
  7. Um, yes, but what do you mean? Do you mean the saved log in developer mode, including the registry keys (which are in my initial post also, by the way), or do you mean some other registry export, I guess? If so, could you please specify which keys to export. Thanks very much.
  8. Thank you very much for your reply. I noticed I forgot to save and post a log in developer mode. I made it some minutes ago. But now I guess there's no need to post and attach that log? If you want me to, I can post it. Regarding the MBAM "Security.Hijack" detections, this phenomenon is new to EMET 4.0 final. It didn't occur using EMET 4.0 Beta, of with previous versions like EMET 3.5 Tech Preview and EMET 3.0. It's fine with me to add the concerning MBAM detections to MBAM Ignore List. But perhaps it's a good idea for Malwarebytes to find out why MBAM detects those items when EMET 4.0 f
  9. Recently I installed and configured EMET 4.0 final. http://blogs.technet.com/b/srd/archive/2013/06/17/emet-4-0-now-available-for-download.aspx http://www.microsoft.com/en-us/download/details.aspx?id=39273 EMET 4.0 configuration: Imported EMET protection profile "Popular Software.xml" and checked "Deep Hooks" in Application Configuration (as that was not checked by default, for some reason). Today I noticed MBAM scan results that seem to indicate probably EMET 4.0 related MBAM false positives. I checked using G Data 2014 and HitmanPro, both found no infections or other issues, so I assume
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.