Jump to content

Search the Community

Showing results for tags 'debug'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. Hello, one of my Visual Studio vb.net projects is being flagged as MachineLearning/Anomalous.94% when it is being debugged. I have attached a copy of the file and the scan log. Could you please confirm that this is a false positive? scanlog.txt false positive.zip
  2. I'm finding that any debug entry in the Image File Execution registry section triggers a malware alert. The, I imagine, reason is that some malware uses these keys to resurrect itself on the launching of Explorer or other legit software if its own autorun entry is removed. However, the issue here is that these registry keys are also used by legitimate software. Some legitimate security software uses this IFE mechanism to run browsers, etc with reduced rights such that downloaded malware cannot execute. In such cases, stripping the keys out will leave the computer in a condition of reduced security. Perhaps the detection mechanism needs to be a little more specific about what executable the IFE call points to. In particular if it's a verified copy of StripMyRights.exe then it is probably legit, and removing it will knock out a security product rather than removing malware. StripMyRights.exe: 65536 bytes SHA-256: EAE41B6776B2090616DC9A0B85A3515FDB4EAB36F54B66407E81D087E3AB40ED (Not sure if there are other versions around) Scan Log: Registry Keys Detected: 4 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Security.Hijack) -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE (Security.Hijack) -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OPERA.EXE (Security.Hijack) -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFARI.EXE (Security.Hijack) -> No action taken. Registry Values Detected: 4 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe|Debugger (Security.Hijack) -> Data: StripMyRights.exe /D /L N -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe|Debugger (Security.Hijack) -> Data: StripMyRights.exe /D /L N -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe|Debugger (Security.Hijack) -> Data: StripMyRights.exe /D /L N -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe|Debugger (Security.Hijack) -> Data: StripMyRights.exe /D /L N -> No action taken.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.