Jump to content

Malwarebytes is detecting Spybot IE tweaks


wildman424

Recommended Posts

hello again,

:) Ive had this on my ignore list for some time I use Spybot Search and Destroy & its advanced options as most of you know in advanced mode Spybot has tools one of those tools is IE tweaks the lock IE start page option is being detected by Malwarebytes as

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)

Iv'e just ran a Malwarerbytes full scan in developer mode and have attched the log to this post

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4002

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/17/2010 1:47:32 PM

mbam-log-2010-04-17 (13-47-32).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 218606

Time elapsed: 54 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken. [42E51292444A0DB1F8CD3F5AE1316142]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Those detections are not actually false\positives or actual infections but rather settings which you have made and in some cases, malware also makes. So we scan those sections of the drive for changes which differ from default settings

Please see the link below for an explanation:

http://www.malwarebytes.org/forums/index.p...c=12624&hl=

You can add them to ignore your next scan.

Link to post
Share on other sites

Ive had this on my ignore list for some time I use Spybot Search and Destroy & its advanced options as most of you know in advanced mode Spybot has tools one of those tools is IE tweaks the lock IE start page option is being detected by Malwarebytes as

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)

Those detections are not actually false\positives or actual infections but rather settings which you have made and in some cases, malware also makes. So we scan those sections of the drive for changes which differ from default settings

hello again sorry I haven't been able to reply I've been busy,OK I understand what your telling me about this being a setting that Malwarebytes monitors for changes and with malware also making this change I understand why you detect it, but in this specific case I consider this a false positive as this change was made by me using a legitimate anti-spyware app so is there a way we can determine how this setting is changed could we develop a way to determine the difference between a legit setting changes and a setting changes made by malware I'm very interested to hear your responses you have a great product and I'd like to see continued improvements to it

Thanks again,

Wildman424

Link to post
Share on other sites

  • Staff
hello again sorry I haven't been able to reply I've been busy,OK I understand what your telling me about this being a setting that Malwarebytes monitors for changes and with malware also making this change I understand why you detect it, but in this specific case I consider this a false positive as this change was made by me using a legitimate anti-spyware app so is there a way we can determine how this setting is changed could we develop a way to determine the difference between a legit setting changes and a setting changes made by malware I'm very interested to hear your responses you have a great product and I'd like to see continued improvements to it

Thanks again,

Wildman424

Correct, there is no way to determine what made the change. Many people make the change and forget they did. It's just simple display options and not really a 'threat' as a file would be. Better we detect the changes than not.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.