Jump to content

Search the Community

Showing results for tags 'falsepositive'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I'm the owner of www.ayurvedaseed.com Please do not block my website. It runs iThemes security plugin and free of trojens and malwares. Thank you!
  2. Hi. My sites: https://abettermemagazine.com https://Brainspeakstore.com are being blocked for spyware. Both sites have been scanned by HostGator and are clean of any malware/spyware. Please unblock.
  3. Hi Team. We design and build applications for many industries. These applications include Estimation and Project Management software. Currently, one of our application EXE's are triggering alerts on VirusTotal.com, and we need to have this cleared as the files are safe. What I am looking for is not only getting this whitelisted, but an explanation as to WHY this is flagged. EPSnapShot.exe https://www.virustotal.com/gui/file/a7b2638f795a44ecb3e1fbbc9ac4546ac5061a0e097df4fb9218ba7518cc0651/detection For the last 2 weeks, MalwareBytes has picked this up as a 1003 error, but as of this morning, we have a new definition. Same file, no changes or recompile our end. Pre 16.Set.22: Malwarebytes Malware.Heuristic.1003 Post 18.Sep.22: Malwarebytes Malware.AI.3464644714 While we are certainly looking into signing our source code moving forward, we need to understand what the cause of this trigger is. Signing will just authenticate us as being a legitimate business, which we are, established in 1997, but not eradicate the engine triggers. We deliberately obfuscated source code data in order to protect our Intellectual Property. Standard practice for any code written IP. If AV engines such as yours are flagging us for this practice, what can be done our end to minimise the footprint or flagging triggers? Thanking you kindly, have a great day.
  4. Upgraded LibreOffice on Windows 7 to version 7.3.3 but it is now unable to start. Malwarebytes does not like something it does: Malware.Exploit.Agent.Generic, C:\Windows\system32\cmd.exe \c ver, Estetty, 0, 392684, 0.0.0, , ("Estetty" means "prevented, this machine is localized to Finnish). Exported report attached. This is bad, because LibreOffice is what I use for most of my documents. Until this is resolved, I have to use other machines where I have not done the upgrade. (But note many users may not have this option). Is there workaround? Like telling Malwarebytes to not check this thing for LibreOffice. libreoffice-false-positive.txt
  5. Hey guys, the website https://digital-finance-controlling.de was infected with a script months ago but is clean now. Please check it again and remove it from the block list. Thanks in advance, Felix
  6. MygamesCenter_detection.zipHello! Every time i open My.Games Center it gives a lot of those "Website Blocked Due to Malware" notifications. I dont think this is malware because it can be downloaded form the Epic Games store. The file is inside the .zip file. If you could analyze this file and see if there is actually malware inside it it would be awesome. I suspect the detection is because they use torrents to download game files. Thanks!
  7. MISP False Positive? Sadly I can't comply with all of your posting requests since you do not offer a Linux client outside of Nebula. That aside misp-project.org seems to be a legitimate project, and I can't find any evidence for the riskware you mention. Netcraft Google Transparency WhoIs Github HAR Log { "log": { "version": "1.2", "creator": { "name": "WebInspector", "version": "537.36" }, "pages": [ { "startedDateTime": "2022-01-28T22:20:27.133Z", "id": "page_1", "title": "http://www.misp-project.org/index.html", "pageTimings": { "onContentLoad": 543.0859999978566, "onLoad": 567.4220000000787 } } ], "entries": [ { "_initiator": { "type": "other" }, "_priority": "VeryHigh", "_resourceType": "document", "cache": {}, "pageref": "page_1", "request": { "method": "GET", "url": "http://www.misp-project.org/index.html", "httpVersion": "http/1.1", "headers": [ { "name": "DNT", "value": "1" }, { "name": "Upgrade-Insecure-Requests", "value": "1" }, { "name": "User-Agent", "value": "Mozilla/5.0 (X11; CrOS x86_64 14455.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4827.0 Safari/537.36" } ], "queryString": [], "cookies": [], "headersSize": -1, "bodySize": 0 }, "response": { "status": 307, "statusText": "Temporary Redirect", "httpVersion": "http/1.1", "headers": [ { "name": "Location", "value": "https://www.misp-project.org/index.html" } ], "cookies": [], "content": { "size": 0, "mimeType": "x-unknown" }, "redirectURL": "https://www.misp-project.org/index.html", "headersSize": -1, "bodySize": -1, "_transferSize": 0, "_error": null }, "serverIPAddress": "", "startedDateTime": "2022-01-28T22:20:27.133Z", "time": 3.917999998520827, "timings": { "blocked": -1, "dns": -1, "ssl": -1, "connect": -1, "send": 0, "wait": 3.917999998520827, "receive": 0, "_blocked_queueing": -1 } }, { "_initiator": { "type": "other" }, "_priority": "VeryHigh", "_resourceType": "document", "cache": {}, "pageref": "page_1", "request": { "method": "GET", "url": "https://www.misp-project.org/index.html", "httpVersion": "http/1.1", "headers": [ { "name": "DNT", "value": "1" }, { "name": "Upgrade-Insecure-Requests", "value": "1" }, { "name": "User-Agent", "value": "Mozilla/5.0 (X11; CrOS x86_64 14455.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4827.0 Safari/537.36" } ], "queryString": [], "cookies": [], "headersSize": -1, "bodySize": 0 }, "response": { "status": 307, "statusText": "Internal Redirect", "httpVersion": "http/1.1", "headers": [ { "name": "Location", "value": "chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/app/eventpages/block.html referrer=null&url=https%3A%2F%2Fwww.misp-project.org%2Findex.html&host=www.misp-project.org&type=malware&subtype=riskware&tabId=2603&filename=undefined" }, { "name": "Non-Authoritative-Reason", "value": "WebRequest API" } ], "cookies": [], "content": { "size": 0, "mimeType": "x-unknown" }, "redirectURL": "chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/app/eventpages/block.html?referrer=null&url=https%3A%2F%2Fwww.misp-project.org%2Findex.html&host=www.misp-project.org&type=malware&subtype=riskware&tabId=2603&filename=undefined", "headersSize": -1, "bodySize": -1, "_transferSize": 0, "_error": null }, "serverIPAddress": "", "startedDateTime": "2022-01-28T22:20:27.137Z", "time": 16.877000001841225, "timings": { "blocked": -1, "dns": -1, "ssl": -1, "connect": -1, "send": 0, "wait": 16.877000001841225, "receive": 0, "_blocked_queueing": -1 } }, { "_fromCache": "memory", "_initiator": { "type": "parser", "url": "about:client" }, "_priority": "VeryHigh", "_resourceType": "stylesheet", "cache": {}, "pageref": "page_1", "request": { "method": "GET", "url": "https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin", "httpVersion": "h3", "headers": [ { "name": "sec-ch-ua", "value": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"99\", \"Google Chrome\";v=\"99\"" }, { "name": "Referer", "value": "" }, { "name": "DNT", "value": "1" }, { "name": "sec-ch-ua-mobile", "value": "?0" }, { "name": "User-Agent", "value": "Mozilla/5.0 (X11; CrOS x86_64 14455.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4827.0 Safari/537.36" }, { "name": "sec-ch-ua-platform", "value": "\"Chrome OS\"" } ], "queryString": [ { "name": "family", "value": "Lato:400,700,400italic,700italic" }, { "name": "subset", "value": "latin" } ], "cookies": [], "headersSize": -1, "bodySize": 0 }, "response": { "status": 200, "statusText": "", "httpVersion": "h3", "headers": [ { "name": "date", "value": "Fri, 28 Jan 2022 21:58:52 GMT" }, { "name": "content-encoding", "value": "gzip" }, { "name": "x-content-type-options", "value": "nosniff" }, { "name": "cross-origin-resource-policy", "value": "cross-origin" }, { "name": "alt-svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"" }, { "name": "x-xss-protection", "value": "0" }, { "name": "last-modified", "value": "Fri, 28 Jan 2022 21:51:23 GMT" }, { "name": "server", "value": "ESF" }, { "name": "cross-origin-opener-policy", "value": "same-origin-allow-popups" }, { "name": "x-frame-options", "value": "SAMEORIGIN" }, { "name": "content-type", "value": "text/css; charset=utf-8" }, { "name": "access-control-allow-origin", "value": "*" }, { "name": "cache-control", "value": "private, max-age=86400, stale-while-revalidate=604800" }, { "name": "timing-allow-origin", "value": "*" }, { "name": "link", "value": "<https://fonts.gstatic.com>; rel=preconnect; crossorigin" }, { "name": "expires", "value": "Fri, 28 Jan 2022 21:58:52 GMT" } ], "cookies": [], "content": { "size": 2682, "mimeType": "text/css" }, "redirectURL": "", "headersSize": -1, "bodySize": 0, "_transferSize": 0, "_error": null }, "serverIPAddress": "142.250.179.234", "startedDateTime": "2022-01-28T22:20:27.436Z", "time": 0.2119999990100041, "timings": { "blocked": -1, "dns": -1, "ssl": -1, "connect": -1, "send": 0, "wait": 0.1919999995152466, "receive": 0.019999999494757503, "_blocked_queueing": -1 } } ] } }
  8. Older Win box (8.1 home)... yeah.. I know I know.. ;-) Exported log attached. 4 instances in the last 4 days. No approved, not deleted. ====== Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/13/21 Protection Event Time: 5:56 AM Log File: cce5886a-4478-11ec-912d-40a8f067a112.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.47160 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Blocked Malware Details- File: 1 Malware.Heuristic.1003, C:\Users\UserName\AppData\Local\Packages\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\WinTileUpdateService\41023e5f7ae53723686b272a9da74f65\WinTileUpdateService.ni.dll, Quarantined, 1000001, 0, 1.0.47160, 0000000000000000000003EB, dds, 01507804, 722E678A5D4560C5439C3DA020C10EAC, 750C81956D50CBDBA3DA60A2F213B4F1ADD75FECA2E8A96E00FB710C3C6BEBF2 (end) malware_bytes_scan_results_copies_to_clipboard2.txt
  9. Had a few calls this morning from customers who had this happen. Just want to make sure our main executable from the software is not being flagged for our Customers moving forward. I have added the file in a zipped folder. no PW. Thank you! frazer.zip
  10. Hello, There is a false positive associated with Malwarebytes and we require that you let our users download the game without intervention. The download website can be found here: https://shinobistory.com/forums/files/file/3-shinobi-story-alpha-launcher/ Thank you in advance! ShinobiLauncher.7z
  11. I have two DLL's that keep showing up as Malware.AI.1042087896. They appear to be for color scanner software. PIXN1320.zip PIXN1120.zip
  12. Hey, attached is an exported detection by MalwareBytes of the ncrypt.exe, an executable from Norton. Is this a false positive? Thanks PossibleFalsePositive.txt
  13. Two Putty nuget packages from Chocolatey that have been on the device for a long time started to be flagged by the AI as malware. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/2/21 Scan Time: 2:53 AM Log File: 842afa8e-0bba-11ec-a2be-985fd3db6065.json -Software Information- Version: 4.4.4.126 Components Version: 1.0.1413 Update Package Version: 1.0.44517 License: Premium -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 346259 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 7 min, 6 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Malware.AI.4275619838, C:\PROGRAMDATA\CHOCOLATEY\LIB\PUTTY.PORTABLE\PUTTY.PORTABLE.NUPKG, No Action By User, 1000000, 0, 1.0.44517, FA94F80E1F946A69FED8C7FE, dds, 01404234, E98A3C5DB1612AD75C4545A1EA5F44C4, 1BCC35D19DF5000E0258B790964990D43024E379A165ED7EF79B0204FCB637C7 Malware.AI.4275619838, C:\USERS\[USER DIRECTORY]\APPDATA\LOCAL\NUGET\CACHE\PUTTY.PORTABLE.0.72.NUPKG, No Action By User, 1000000, 0, 1.0.44517, FA94F80E1F946A69FED8C7FE, dds, 01404234, E98A3C5DB1612AD75C4545A1EA5F44C4, 1BCC35D19DF5000E0258B790964990D43024E379A165ED7EF79B0204FCB637C7 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) FalsePositive.zip
  14. Hello Malwarebytes Support, This is Kent from Laipic, an user-oriented designer and manufacturer of online video presentation software Soom. Now we’ve been dedicated in offering the world’s most engaging and vivid online video presentation for webinar, online courses and telecommuting etc with sound daily feedback from global clients. Here is our official website for your kind reference: https://soom.us/ However, reports of company data surveillance & analysis recently indicate anti-virus software from a small amount of certain brands unfortunately classifies us risky level with harsh warning subsequently issued to our oversea users every time when people are ready to download and install Soom. This is honestly very disappointing and indeed caused bad impact to both our reputation and sales in a pretty negative way and with no doubt relevant influence will last for quite a long term in the coming days. We’d strongly believe Malwarebytes as such a giant in anti-virus industry must’ve been aiming to a brighter and more secure cyber environment creation for all world’s inhabitants which frankly is more than just noble and we highly appreciate all your marvelous attitude and passion in the field. Now it’s a tragic as we all see that COVID-19 tortures the world all around and that’s the exact reason why Soom’s been also working so hard to help those in need via offering the most revolutionary and convenient online video presentation for telecommuting, webinar and online courses etc and people now make a living without risking their lives to step out because social responsibility is what Malwarebytes and Soom both bear and share during this hard time, is what floats in our blood. With all privilege and honor, we respectfully acquire whitelist access under Malwarebytes brand anti-virus software for our common concept and purpose, that is establishment of more harmonious and joyful life and living atmosphere of tomorrow. Seriously crime and such other illegal conducts are what Soom never touched before and will definitely never touch in the future due to a simple reality that Soom sticks to human future improvement so we only behave right and legal with meanwhile great reputation to defend that our software is 100% secure to our daily work and life. Many thanks for your time and kind understanding to all above. If any further basic info needed for the whitelist access authorization please don’t hesitate to let us know. Hope to hear from you soon. Regards Kent
  15. Hi there, Our game files are warned by your antivirus as malware. Please check the attachment for fix it. Thank you. detection history.txt launcher.rar
  16. Greetings! I am the developer of WFE (Warcraft Feature Extender) and my .exe/.dll sometimes both get detected as MachineLearning/Anomalous.100%, I do not have malicious code, and VirusTotal and other scanners report it to be comepletely fine. Could you please take a look and hopefully remove my software from being detected as virus? Archive with files attached below. Thanks in advance! WFE v2.23.zip
  17. usman

    False positive

    Hello, Malware Bytes Browser Guard is blocking our website https://royalbathrooms.co.uk/ Here is the latest VirusTotal scan showing clean from all the engines https://www.virustotal.com/gui/url/96ade4d1c8d46613c5c47b864bb494b6a9e79eb5c3b29fd60066a610d67eb8c9/detection Please remove the site from your blacklist as soon as possible as it is affecting our business. Kind regards
  18. Hi Malwarebytes support team, We hope you are doing great. Kindly know, we belong to the tech department of Shufti Pro. It came to our attention that Malwarebytes extension for browser (Malwarebytes Browser Guard) and Desktop Antivirus software is marking our Web Application Shufti Pro as: "Website blocked due to trojan". Also, it is showing a danger message for its clients, which is a false positive. Shufti Pro has a dedicated Security Department, and we understand that security is the main priority of every user. Shufti Pro doesn't steal or harm its visitor/client's data in any possible way. Also Shufti Pro does not have any type of virus, malware or trojan in its Web Application or any other service platforms. It is humbly requested that your team remove Shufti Pro's site from Malwarebytes' blacklist so that our clients can have a better and smoother experience. We hope you understand the situation. Feel free to ask any questions that deem necessary, and we'll be glad to help. Awaiting your kind response. Best regards, Tech Department, Shufti Pro Ltd.
  19. Hello. My name is Ane Mari Tache from the Innovative Solutions Grup. We are the developers of the Orange Defender PRO program. It seems that your AV program Malwarebytes is flagging our program as PUP.Optional.OrangeDefender on VirusTotal. As a software developer I can strongly and sincerely vouch that the files bellow don't contain any malware or PUP files. I have worked on these products, and know with 100% certainty that they don't contain malware. Please either whitelist our products or tell us, in detail, why they are considered malware. We would gladly cooperate with you in order to fix this problem which is damaging to us and to our users (and, by extension, to your users, also). Here is the download link: https://www.orange-defender.com/ Kind regards, Ane Mari Tache
  20. Hi, Recently I sent an installer of some software I made to my boss, and he reported seeing a MachineLearning/Anomalous.100% warning upon installation. As far as I know, my software should be safe, as I made it. Could you please flag this as a false positive so it doesn't show up as an anomaly? I attached both executables generated by the Squirrel installer, because I'm not sure which one is triggering the warning. Thanks. DirectPrintExecutables.zip
  21. We often recommend Malwarebytes to our customers and I don't recall there being a false positive with GlassWire/Malwarebytes in the past. Unfortunately now we are receiving complaints about a false positive and we need your assistance please. You can download our installer from here https://www.glasswire.com/download/. The false positive screenshot is attached. Thank you for your assistance. -Log Details- Scan Date: 6/11/20 Scan Time: 8:52 AM Log File: 65a7c437-abe2-11ea-a534-201a06b471c5.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.931 Update Package Version: 1.0.25366 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 320950 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 22 min, 38 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Warn -Scan Details- Process: 1 Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , , Module: 1 Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, , , , Registry Key: 1 Trojan.MalPack, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlassWire, No Action By User, 555, 830500, , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.MalPack, C:\PROGRAM FILES (X86)\GLASSWIRE\GWCTLSRV.EXE, No Action By User, 555, 830500, 1.0.25366, , ame, Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected)
  22. Hello, this is my website where I test various CMS systems. I bought malwarebytes premium and I see varning about my webpage. Is there something wrong on my side I can fix? I didnt install any suspiscious extension or script. Thanks for cooperation. Have a nice day. JurajBe
  23. Hello. We respectfully request the removal of the flag on our software DriverFinder. Flag: PUP.Optional.DriverFinder Kindly note that this is a new version release certified clean and secure by Appesteem: https://customer.appesteem.com/certified?vendor=DESKT Kind regards, Melanie Tan DeskToolsSoft BV DriverFinderInstall.zip
  24. Hello, This is to inform you that I'm in receipt of an FSA abuse report initiated by hphosts against my blog site hosted by WordPress (www.antivirus[.]ink -> https://antivirusink.wordpress[.]com) the hphosts DOES NOT provide the specifics of the abuse except the FSA tag. (pls. see below) Since hphosts claims to use malwarebytes engine to flag hosts for abuse and malicious activity I kindly urge malwarebytes to provide me with the specific details of the abuse as per FSA classification which should fall into one of the following categories: 1. Using misleading means to peddle their products (e.g. claiming the product is free when in actuality, it's just a free scan) 2. Not keeping their affiliates under control (i.e. those affiliates spamming, using BlackHat SEO, or otherwise misleading users) 3. The site is residing on a known malicious IP block Please be reminded that the site does not sell any products (1), does not have and is not signed with any affiliates (2) and is hosted on wordpress.com (3) The site is a security information blog content ONLY and is aimed to raise public's awareness of emerging security threats, phishing attacks and in the wild malware activity. I'm eagerly awaiting your response so I can proceed with the appropriate legal actions further. Kindly, AC
  25. I recently ran Malwarebytes for the first time in a while and the following was detected: Registry Key: 10 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6454], [249843],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SUPERANTISPYWARE.EXE, No Action By User, [6454], [249843],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6454], [249279],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6454], [249733],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6454], [249279],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNSAS.EXE, No Action By User, [6454], [249733],1.0.8051 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|DEBUGGER, No Action By User, [6451], [249279],1.0.8057 RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|DEBUGGER, No Action By User, [6451], [249279],1.0.8057 Are these detections false positives? I have recently installed AVG Tune Up and suspect that some of them maybe false positives. AVG and Antispyware did not detect anything. Scans.docx
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.