Perhaps a false positive ?

[Genain]

Hello everybody

Just for an advice (I suppose)

Trying 1.50 Beta, I got an alert about an infected registry key which I suppose could be a false positive about "no Autorun win32" v.1.1.2.25 portable.

Hereunder the LOG and the registry key.

LOG:

Malwarebytes' Anti-Malware 1.50 Public Beta

www.malwarebytes.org

Version de la base de donn

[nosirrah]

This is used to restrict start menu logoff and is not the default XP setting. Some trojans and many restrictions to the start menu and this is a known one.

From the outside looking in there is no way to determine if this was done by malware or intentionally by the user so we opt to help the less knowledgeable users while assuming that advanced users will understand the issue and add the detection to their ignore list.

[Genain]

Thanks a lot nosirrah for the answer.

In fact, I saved the Key before deleting it as it may have resulted from changes I made a fearly long time ago. In fact the alert came from my first scan with v.1.50 public beta meaning after the 11th of this month. My former scans did not show anything so, is there a possibility to know if this detection rule came before this date?

Anyway as you confirm me this key is not issued from the default setting, I keep it deleted. (Depending still from what could be your answer)

Regards.