Jump to content

questionable positives - /developer log attached


Cruznbee
 Share

Recommended Posts

This system has shown no signs of infection, I was just setting up Malwarebytes and some other utilities and a quick scan in Malwarebytes listed 781 problems, some of which appear to be legitimate OS or valid programs. I've installed and used Malwarebytes on many systems and never doubted the results but I need some review of this one and so have attached the log of a quick scan run from command line with /developer as outlined in the "Before Posting False Positives" sticky at the head of the forum.

I'll appreciate any assistance clarifying this situation.

Jim.

mbam_log_2010_04_09__20_51_17_.zip

Link to post
Share on other sites

  • Staff

Hi,

Those are no false positives. What mbam detected here are registry keys set by malware under the Image File Execution Options key, with a debugger in order to block these applications and run it under a debugger instead.

Mainly Rogue scanners do this. For example, here is a list of malware that creates these keys.

Link to post
Share on other sites

Hi,

Those are no false positives. What mbam detected here are registry keys set by malware under the Image File Execution Options key, with a debugger in order to block these applications and run it under a debugger instead.

Mainly Rogue scanners do this. For example, here is a list of malware that creates these keys.

I admit not understanding the Image File Execution Options key..... but the gist I'm getting of what you say is that removal of these will not negatively effect the system. I ran SAS on the system as well as a Norton scan (not that Norton could be expected to find anything ....) - SAS found the Starware and Gamevance items but none of the registry entrys.

Thanks for the quick reply miekiemoes,

Jim.

Link to post
Share on other sites

Hi,

Those keys are created by malware and not by Windows, so it won't effect the system negatively at all, on the contrary, applications which were created under that key will be able to run again now. :D

Thanks. Just to repeat though, the system has absolutely zero "typical" infected system problems - No browser redirects, program failure/crashes, security download blockages, etc. So the large number of entrys was a large surprise.

Anyway, I will proceed to run full scan mbam and the "standard battery" of malicious removal tools to certify the system operation. Good to know mbam is still the premiere bulwark between users and the blackhats out there.

Jim.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.