Jump to content
broccolibytes

False Positive of Windows Update Toggle

Recommended Posts

Ran this twice as of late and 4 items show up as being Malware when they are not. It's a Windows Update Toggle, that I want to keep on my PC. Not something that can cause damage.

Registry Key: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WUAUCLT.EXE, No Action By User, [6446], [250049],1.0.8119
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WUAUCLT.EXE, No Action By User, [6446], [250049],1.0.8119

Registry Value: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WUAUCLT.EXE|DEBUGGER, No Action By User, [6446], [250049],1.0.8119
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WUAUCLT.EXE|DEBUGGER, No Action By User, [6446], [250049],1.0.8119

Tried getting the log via the instructions with no luck, so this is the best I can do for now. Let me know if there's any other way I can be able to access it.

Share this post


Link to post
Share on other sites

Hello,

Can you zip up & attach that bat file please?

Because there are multiple malwares that use that particular registry key to block Windows Update from working, fixing it on our end is not probable. However, you can whitelist it on your end next time you scan so you don't see the detection any more.

Next time the scan runs & detects the above entries, uncheck them, then hit "next". You should get the option to ignore once, ignore always or cancel. Hit "ignore always", then next.
You should be told scan/clean is complete.
Next scan should run clean.

Share this post


Link to post
Share on other sites

Hello,

Go to C:\Windows
Locate WUTRefresh.bat, right click it >> send to >> compressed (zipped) folder. It should indicate this happened.
Come back here..& in your reply, click the "choose files" and an explorer window opens.
Navigate to c:\windows >> locate WUTRefresh.zip, click "open" which should attach it here.

Thanks!

 

Share this post


Link to post
Share on other sites

Thanks!

Let's try shutting down & restarting MBAM & give it another try?
Right click MBAM by the clock>> Shut down Malwarebytes >> give it a few seconds to exit. Restart it again by clicking the desktop icon or start menu icon.
Try scan again.
You might have exclude the bat file as well (because it writes the reg keys we detect)
Settings>> exclusions>> exclude file or folder>> navigate to the file in c:\windows, choose it & click "open". Follow the MBAM prompts to finish setting up the exclusion.

Share this post


Link to post
Share on other sites

Ok this is awkward.

I already have them set as exclusions.

The program still read them as a threat even then.

Having the program scan again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.