Jump to content

Security.Hijack, AUpdate.exe False Positive?


mike555
 Share

Recommended Posts

I ran Malwarebytes Anti-Malware on my system and received 2 errors.  See attached.

 

AUpdate.exe is part of the program Driver Booster (also Driver Booster Beta) from IObit.  I do not believe this to be any type of malware.  A search of my hard drive shows this as the only occurrences of a file with the name "AUpdate.exe".  Please let me know if this is a false positive and if it is, that it has be fixed in the database.

 

Thank you

Malwarbytes_20141006_143712.txt

AUpdate (Driver Booster Beta).zip

AUpdate (Driver Booster).zip

Link to post
Share on other sites

  • Staff

Hi Mike,

It does not look like the file itself is being targeted but a registry key that often are fiddled with to prevent security tools or other useful tools from running or to cause malicious software to run instead of the intended program.

I just had a quick look - installed Driver Booster & do not see that registry key on my system so I suspect something else created that key & that registry trace detection has been in our database for years. Files themselves are not detected.

Would you mind exporting a registry key for me & attaching it here so I can see what is there?

Not going to edit anything - just having a peek.

Press the Windows key & R - this opens the run box.

Type "regedit.exe" without the quotes & click OK.

If you get a security prompt, allow this.

Regedit opens.

Go to & expand the following keys(folders) at the left:

HKEY_LOCAL_MACHINE

Software

Microsoft

Windows NT

CurrentVersion

Scroll down & hilight "Image File Execution Options"

Right click that key, choose "Export"

Save the file to your desktop named "IFEO" (without quotes)

Once done, exit regedit.

Zip the IFEO you saved & attach to your next reply.

Once I review it, I'll let you know if anything else needs to be done on your or my end.

For now you can tell Malwarebytes to ignore it if it comes up in the next scan.

Thank you,

Tammy

Link to post
Share on other sites

  • Staff

Thanks Mike,

It looks like Advanced System Care created those registry entries which do look to be legit. (I didn't install the ASC.)

However, because malware can create the same entries that launch either malware or other files to render these programs useless - we can't remove the detections.

Next time MBAM detects these entries, you can choose to make an exception for them & it will not find them again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.