Jump to content

Recommended Posts

Good afternoon MBM Team,

 

I purchased your premium software key today kind of on a whim. It did a scan after I activated it, and to my surprise it detected 4 registry keys with the obvious 4 respective values, and labeled them as RiskWare.IFEOHijack. I exported them, and scanned them seperately in the event the circumvented my anti-virus somehow, and there is no threat present. Now I use TuneUp Utilities 2014, and I think it's detecting a change in my registry that TuneUp implemented itself (something of a not routine nature). I will attach the scan log / Registry Key with Values for your analysis. However, I checked the keys myself (obviously because their attached) & I don't find anything malicious about the Key/Values.. So I am thinking maybe a FP? If not I would definitely like to have these removed. Thank you for your time.

 

Semper Fi

FP list MBM.txt

Registry Keys & Values.zip

Link to post
Share on other sites

Hello & welcome to the forums :)

 

Because you purposely installed the program that created those values, next time MBAM detects them, you can choose to ignore always & you won't see the detection again.

 

However, you may also want to read Miekemoes explanation here about the Image File Execution Options key here & why we target it.

https://forums.malwarebytes.org/index.php?/topic/147426-tuneup-utilities-2014-false-positive/?hl=tuautoreactivator64.exe#entry823631

 

HTH

Link to post
Share on other sites

I've found an extremely useful article on another site explaining this perfectly. I'm not sure what the policy on the forum is for linking other sites.. But here's the link:

https://www.linkedin.com/pulse/20140905010650-35489138-image-file-execution-options-good-evil-fun?redirectFromSplash=true

Please let me know if this is what you were getting at.

Semper Fi

Link to post
Share on other sites

Awesome article link. Thank you for posting it.

Describes it well. :)

 

As for the detections we have for this, they are fairly generic detections which will hit if there are values in those keys that are not standard.

This way we can hit a lot of nasties that run from here or target values designed to stop security programs from running as well.

If you created your own like the article you linked to describes or know it is a legit program that created the entries (like in your case), just have MBAM ignore them.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.