Jump to content

Security.Hijack FP?


samahita
 Share

Recommended Posts

Keep getting 1 infected registry key only with MBAM and nothing with Avira or Hitman-Pro

MBAM Log says:

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Notepad.exe (Security.Hijack) -> Quarantined and deleted successfully.

It recurred 1 time after reboot. However now it seem to be gone.

Is it a false positive or real Security.Hijack infection?

Thanx in advance.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7165

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

17-Jul-11 11:50:03 AM

mbam-log-2011-07-17 (11-50-03).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)

Objects scanned: 499527

Time elapsed: 3 hour(s), 47 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Notepad.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Do you have a different application opening .txt files installed?

That is one of the potential causes of this (this application would bypass notepad.exe and open .txt docs with a different app).

The other potential cause is that malware is exploiting this same process to reinfect your system any time you open any .txt doc. They do this because almost all security apps produce a .txt log when finished.

Link to post
Share on other sites

Do you have a different application opening .txt files installed?

That is one of the potential causes of this (this application would bypass notepad.exe and open .txt docs with a different app).

The other potential cause is that malware is exploiting this same process to reinfect your system any time you open any .txt doc. They do this because almost all security apps produce a .txt log when finished.

Yes I have Textpad 5.4.2. And this is set to replace notepad.exe

Link to post
Share on other sites

  • Staff

The other way of doing this involves setting 'open with' on .txt to this other application as this allows both the original notepad or its replacement to be used at the same time with the replacement being the default.

You can set this detection to ignore as we now know it is a legitimate hijacking of this process name.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.