Jump to content

Used Malwarebytes for the first time and surprised by results.


Recommended Posts

Never used MB previously and I decided to install it a few days ago due to an incident with a false positive exe downloaded recently. For some reason other users AV's detected it as virus while my Norton 360 didn't. And I just wanted to make sure the file is ok since I had already run the game exe. So I installed MB to check it. The file was fine, it turns out the exe actually is a false positive. However.

After running a MB system scan it came out with some odd results and I don't know what to make of them since I have very little experience with the registry editor. I attached the results text file.

Now I know what the two files are:

C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.3\STANDALONEPHASE1.DAT

C:\USERS\ROBERT FIERCE\APPDATA\ROAMING\UTORRENT\UPDATES\3.4.2_32549.EXE

Cheat engine is obvious and I haven't used Torrent since 2019. I think it's safe to delete both of them with no issues what so ever. My problem comes from reading the other results.

I also know the following results are related to Internet Explorer which I haven't used in forever and can also be deleted / quarantined without issues.

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}

HKU\S-1-5-21-948191940-3340623517-481653584-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}

But I have no idea what these registries and keys are for:

HKLM\SOFTWARE\CLASSES\Iminent

HKLM\SOFTWARE\WOW6432NODE\Iminent

HKLM\SOFTWARE\Iminent

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE|DEBUGGER

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DATAMNGRCOORDINATOR.EXE|DEBUGGER

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS

HKU\S-1-5-21-948191940-3340623517-481653584-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}

 

I looked online but the info is inconsistent and scattered. I know "Imminent" was a virus and a nasty one at that, and all info I could gather is related to "Imminent" spelled with 2 m's. The Iminent in my results have a single "m" and again, there is nothing actually wrong with my PC. That is to say I am not experiencing any of the "Imminent" virus symptoms. I only used Malawarebytes for a whole different reason, which is to scan that game exe which turned out to be a false positive. 

Can anyone help me figure out what MB is trying to tell me that is wrong with my PC? Thanks in advance.

 

results.txt

Link to post
Share on other sites

Forgot to mention that I can't find DATAMNGRCOORDINATOR.EXE in task manager running at all. So that's probably not running.

Also Appinit_ddls are probably part of my Nvidia software but in the registry they don't actually point to Nvidia folder, instead pointing me to 

WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS

 

Please help me decide if any of the registry keys detected by MB is actually harmful to my PC or just "potentially harmful". As at the moment there doesn't seem to be anything wrong with my PC.

Link to post
Share on other sites

Good morning, I appreciate the replies.

Ok, the files are in quarantine for two days now. So far, no change in my computer's behaviour. But what exactly are these entries? Aka what was MB trying to tell me that is wrong with my PC?

Can anyone with in depth knowledge about registry entries and registry keys share what those results actually are? Thanks in advance.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.