Jump to content

Windows 10 2021-05-20 Registry False Positive (RiskWare.Injector.Generic)


Recommended Posts

I'm not sure which Windows 10 app updated and triggered these appx reg entries, but if I find it I'll post back... could be a Wireless Service pack or something to break my PC....

Quote

RiskWare.Injector.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupAppTask, No Action By User, 11812, 941491, , , , , ,

...

RiskWare.Injector.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup, No Action By User, 11812, 941491, , , , , ,

 

 

 

 

 

MBAM-21-05-20.txt

Link to post
Share on other sites

Just now, Porthos said:

This was a False Positive detection. You can restore all entries from quarantine titled as Riskware.Injector.Generic, it only detected Scheduled Tasks.

Ok, happy to know i'm stillprotected. :) The files don't have the .generic though. Is that eny different?

 

Link to post
Share on other sites

3 minutes ago, Porthos said:

This was a False Positive detection. You can restore all entries from quarantine titled as Riskware.Injector.Generic, it only detected Scheduled Tasks.

I just set to Ignore always - I'm willing to bet something in Windows 10 servicing will break if it gets quarantined and doesn't start properly on next boot...

Link to post
Share on other sites

2 minutes ago, Nicolas6 said:

Ok, happy to know i'm stillprotected. :) The files don't have the .generic though. Is that eny different?

 

These aren't really files, but entries in Windows Registry

Link to post
Share on other sites

Just now, Porthos said:

Restore them, and run a new scan. Then if there are still detection's post the log here.

Ok, i'll do it once i get home. It can take a while though. The scans usually take 45 -90 mins.

Link to post
Share on other sites

1 minute ago, Nicolas6 said:

Ok, i'll do it this evening. It isn't the rootkit scanning that takes so long though, it's the last step.

It is recommend rootkit be turned on only where there is an issue for removing something with the normal scan. Rootkit is slightly more dangerous as it has to disable some whitelisting to remediate some rootkits.

Maybe once a week if really want to use rootkit. But honestly we rarely see rootkit files anymore and the newer engine can remove most of them anyways even without rootkit on.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.