Cartel
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Cartel
-
-
Hello I'd like to help mbam remove this false positive for
Registry Keys: 1
PUP.Optional.Hicosmea, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}, , HKEY_USERS\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
This key is created everytime I use Windows Media Encoder x64 Edition
https://go.microsoft.com/fwlink/?LinkId=67406 -
I have the CEF folder but I never have had steam...
-
I installed 2.2.0.1024 because is said "Enhanced safeguards to prevent false positives on legitimate files".
I had some false positives before so I removed them from quarantine and exceptions to see if they were no longer detected.
It detected them all again so I re-applied my exceptions and decided to "fix" the other 2 items.
I chose not to reboot and while running another program I was greeted with a UAC prompt accompanied by the "secure desktop" which I have disabled.
I ran autoruns and noticed the windows defender service and iphelper service were both running also.
I have no reason to have these so I disable them.
After I disabled these items again, after a reboot they were "fixed" back to automatic start-up again, so was the UAC setting.
I used the "recommended" threat scan and I don't see anything that mentions these actions so it's kinda annoying that these settings were altered against my wishes.
I only use mbam once in a while and then delete it, as I did earlier, I'm sorry I cant give you the logs but I'm 100% sure that these changes are made by the software.
-
MBAM does things without asking, like re-enabling UAC settings and re-enabling the Windows Defender and the IP Helper service.
Is that really necessary?
-
I never had any detections but those, I run mbam and have run your antirootkit before also.
This only happens every 6 months I do a double check with mbam and then use Avira 24/7.
Avira 9 actually, shhhh
I backed up the keys and deleted them.
CD burning still seems to function and thumbnails still work so the only way to be sure is to nuke the entire site from....oops I mean safer to delete the keys.
If it was something critical I'd be more concerned
thanks
-
-
Thanks for the reply.
Here you go:
(Creation dates are today because I restored the keys.)
-
-
FBEB8A05-BEEE-4442-804E-409D6C4515E9 keys
-
These keys are for CD burning. Installed with the OS (Windows 7 64bit)
**********************************************************************************
***
Trojan.Poweliks.B, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}, , [72383eeed9b2280e8efa6b97b14fc63a],
**Hijack.Trojan.Siredef.C, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4],
**Hijack.Trojan.Siredef.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4],
************************************************************************************
***
These keys are my group policy software restriction rules to stop Avira nagging. Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [7238af7ded9ea29489d6c7a4b94b55ab],
**Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [4466fd2fb5d6c4726df25e0d9a6a728e],
**Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [7238af7ded9ea29489d6c7a4b94b55ab]
**Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [4466fd2fb5d6c4726df25e0d9a6a728e]
-
-
These keys are for CD burning.
Installed with the OS (Windows 7 64bit)
Trojan.Poweliks.B, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}, , [72383eeed9b2280e8efa6b97b14fc63a],
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-3891387264-3673818761-2909559850-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4],
Hijack.Trojan.Siredef.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, , [6842aa820d7e8fa72d07a061d9270cf4],
These keys are my group policy software restriction rules to stop Avira nagging.
Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [7238af7ded9ea29489d6c7a4b94b55ab],
Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48D87BF0-9ACC-4133-9827-8A1BD16C4C01}, , [4466fd2fb5d6c4726df25e0d9a6a728e],
Hijack.SecurityRun, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [7238af7ded9ea29489d6c7a4b94b55ab]
Hijack.SecurityRun, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS\0\PATHS\{48d87bf0-9acc-4133-9827-8a1bd16c4c01}|ItemData, C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe, , [4466fd2fb5d6c4726df25e0d9a6a728e]
Hijack.SecurityRun,Trojan.Poweliks.B,Hijack.Trojan.Siredef.C
in File Detections
Posted
still not fixed, maybe by 2020?