Jump to content

False Positive Browser Hijack


Recommended Posts

This is my first time in the forum.

This Morning MBAM detect a browser hijack after I did a quick scan, but I think it maybe a false positive. The file it mentions in the log belongs to Tune-up Utilities. TU stops processes running that belong to a particular program after that program is closed, this is to conserve system resources.

In this case Tune-up asked me if I wanted to disable Firefox, I said yes, soon after I did a scan and a browser hijack was reported.

Can you please confirm this is a false positive, and put my mind at rest.

I have included the log which I ran using mbam.exe /developer.

Link to post
Share on other sites

Hi MCFatTongue and welcome to the Malwarebytes support forums.

 

In your particular instance this is a false positive detection as its a legitimate program setting itself as the default debugger for FireFox.

However this is a trick commonly used by malware.so we will not be removing the hijack detection.

 

You can safely add this detection to the ignore list inorder not to see this again when you scan.

Link to post
Share on other sites

Thank you so much Malware BBQ'er.

 

This is my first experiance of using this forum and I'm very impresed, your responce was really quick. I wish all forum moderators were so diligent.

 

From what little experiance of MBAM I've had (I've been a user for a little under a year), I can't sing it's praises high enough, and have recommended it to anyone that will listen.

 

Once again thank you, you have certainly put my mind at rest.

Link to post
Share on other sites

Hi FatDcuk,

 

Just a thought, I have now put these two items in my ignore list and it now scans clean. Does the fact that I have these exeptions mean that now no browser exploits will be found even if it's from a malicious source and not just from Tune-up utilities, or will it just ignore the Tune-up utilities browser exploit and legitimately catch all others.

 

Your help will be appreciated.

Link to post
Share on other sites

Hi,

 

Yes some malware has been seen to set itself either as IFEO(Image File Execution Object) or set itself as as debugger so it is called when the parent file is executed.

 

The ignore detection would ignore the whole registry key where the hijack is being detected so would be unable to monitor for future changes should they occur.

 

Looking into this deeper currently for a possible solution.

 

Will PM you back if we can get a fix available.

Link to post
Share on other sites

Fatdcuk thakyou for the time you have put into this.

 

If a solution could be found that would be brilliant. In the mean time I'm going to delete the exeptions from the ignore list becasue, I dont want there to be a situation were malware could exploit my system and it not be detected because of my exeptions.

 

For the time beeing I'm going to ignore the tuneup detection after every scan then imediatly delete the exeptions from the list, that way MBAM would be able to detect any other exploit pataining to that particular registery key.

 

If you can think of a better work around please let me know.

 

Thank you for all your help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.