Jump to content

Steam registry keys detected as PUP.Optional.IFEO and corrupting install


Recommended Posts

Hi

The last few days Malwarebytes has started detecting some Steam registry keys as PUPs. When I quarantine the keys and their values Steam says its install has become corrupt and needs to be rebuilt. Each time I rebuild it MB again detects them as PUPs on the next scan. Are these false positives or is there really something wrong with my Steam installation?

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/18
Scan Time: 6:00 PM
Log File: dd6df98c-f239-11e7-a223-f079596a29fe.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3628
License: Premium

-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319673
Threats Detected: 4
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, No Action By User, [8817], [239347],1.0.3628
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, No Action By User, [8817], [239347],1.0.3628

Registry Value: 2
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|DEBUGGER, No Action By User, [8817], [239347],1.0.3628
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|DEBUGGER, No Action By User, [8817], [239347],1.0.3628

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
  • Staff

Could you please export those keys so i could see the whole value? This is not normal for steam to use those keys.

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE

 

Some quick directions if needed.

in taskbar search type regedit.exe.

navigate in regedit to here:

 

5a4fdf5316bf7_Screenshot2018-01-0515_25_22.png.e777817ccd15b68c9b3582ce87d7361e.png

navigate to steam.exe and right click and hit export.

save the file to your desktop.

zip it and attach here.

 

Edited by shadowwar
Link to post
Share on other sites
  • Staff

You can just add them to the ignore list in mbam. Being you set them to sleep it is fine to do so.

Scan again and when they are detected uncheck the box next to them hit cleanup/remove in mbam and when prompted set to ignore always.

 

Edited by shadowwar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.