Jump to content

igdail64 reported as "Riskware"

mwidunn

By mwidunn
in File Detections

 Share

Recommended Posts

mwidunn

mwidunn

Posted
Posted

I'm using MBAM 2.2.1.1043 (Free).  It is my "2nd-opinion" scanner.  I'm running Win10.

I recently finished a scan with MBAM which identified 70+ items, almost all of them listed as: "Riskware.ExtensionMismatch."  To take just one example: MBAM is classifying the file, igdail64.jpg (NOT the .dll) in WINDOWS\SYSTEM32 as malware.

I have since scanned my computer with: Norton Power Eraser, Emsisoft Emergency Kit, and HitmanPro.  My installed AV program is Panda (Free).  None of these AV's identifies that file as malware.  It is digitally signed.  HitmanPro did, however, categorize some files as "unrecognized," because they had been installed and/or changed in the past 12 days.

Should I consider these (supposed) "riskware" files as false positives?  MBAM wants me to delete them, which I am loath to do.

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

This is a generic detection - as it says: " Riskware.ExtensionMismatch" because this is a PE file, masked as a jpg file. This is unfortunately a method a lot of malware uses.

Is there any reason why these are named .jpg instead?

In either way, you can add these files to your whitelist/exclusions if you named them like that with a purpose.

Link to post
Share on other sites
mwidunn

mwidunn

Posted
  • Author
Posted

Thanks for the reply.  Two things:

(1) What does "Riskware.ExtensionMismatch" mean exactly?  To a novice like me, it does not sound "generic" or non-specific.

(2) What is a "PE file"?

It seems likely to me that they are false positives, since several other reputable scanners do not detect them as malware.

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

A PE file are executable files, see here: https://en.wikipedia.org/wiki/Portable_Executable

As I explained, in your case, they have the extension .jpg, which is what the extension is for an image file, and not an executable file. This is a tactic a lot of malware uses.

That's why our scanner raises an alert here, to make the user aware. We don't mark this as malware, we just mark this as Riskware, as these files might be a risk - not because they are malware, but because the are "masked" as a jpg file, while they are actually an executable file.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.