FP Detection?

[AdventMarine]

Good afternoon MBM Team,

 

I purchased your premium software key today kind of on a whim. It did a scan after I activated it, and to my surprise it detected 4 registry keys with the obvious 4 respective values, and labeled them as RiskWare.IFEOHijack. I exported them, and scanned them seperately in the event the circumvented my anti-virus somehow, and there is no threat present. Now I use TuneUp Utilities 2014, and I think it's detecting a change in my registry that TuneUp implemented itself (something of a not routine nature). I will attach the scan log / Registry Key with Values for your analysis. However, I checked the keys myself (obviously because their attached) & I don't find anything malicious about the Key/Values.. So I am thinking maybe a FP? If not I would definitely like to have these removed. Thank you for your time.

 

Semper Fi

FP list MBM.txt

Registry Keys & Values.zip

[blender]

Hello & welcome to the forums

 

Because you purposely installed the program that created those values, next time MBAM detects them, you can choose to ignore always & you won't see the detection again.

 

However, you may also want to read Miekemoes explanation here about the Image File Execution Options key here & why we target it.

https://forums.malwarebytes.org/index.php?/topic/147426-tuneup-utilities-2014-false-positive/?hl=tuautoreactivator64.exe#entry823631

 

HTH

[AdventMarine]

I've found an extremely useful article on another site explaining this perfectly. I'm not sure what the policy on the forum is for linking other sites.. But here's the link:

https://www.linkedin.com/pulse/20140905010650-35489138-image-file-execution-options-good-evil-fun?redirectFromSplash=true

Please let me know if this is what you were getting at.

Semper Fi

[blender]

Awesome article link. Thank you for posting it.

Describes it well.

 

As for the detections we have for this, they are fairly generic detections which will hit if there are values in those keys that are not standard.

This way we can hit a lot of nasties that run from here or target values designed to stop security programs from running as well.

If you created your own like the article you linked to describes or know it is a legit program that created the entries (like in your case), just have MBAM ignore them.