Malwarebytes flagged Windows SteadyState behaviour as HIJACK

Discussion in 'other anti-malware software' started by Konata Izumi, Jul 9, 2010.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Look :D
     

    Attached Files:

  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    LMAO - wow :argh:

    Anyways,send those guys a FP report and let'em know that Steadystate is a harmless program.
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Reported how? all I see is a bunch of registry entries that can be ignored (Mbam can't determine if the user changed it or malware)
     
  4. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I didnt pay much attention to the screenshot as Steadystate is harmless period,so anything that came up on scan as you say,should def. be ignored :thumb:
     
  5. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    How do you know those registery keys are related to SteadyState? does SteadyState disable task manager? o_O
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    yes. haha :thumb:
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    let's put microsoft to quarentine lol:D :argh:
     
  8. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    I am with Cudni on this one. There are no signs of SteadyState in that detection screen, just modified Windows base settings which can also be modified by malware. It is up to the user himself to add these settings he himself has changed in Windows (by using SS) to MBAM ignore list.
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Does SteadyState still have system wide configuration of settings such as disabling TM, Control Panel, My Computer that sort of thing. Considering the primary role for SS these sort of features make sense and of course as Cudni has already said MBAM is going to flag them as it cannot distinguish between malware or SS that is disabling them.
    Add to ignore list will quiet things down.
     
    Last edited: Jul 10, 2010
  10. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    :-* I know, I know I just find it funny :D
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well,

    That was the reason why I did not use MBAM, until a friend told me that the ignores can be remembered. MBAM also flags a lot of GPEdit (Policy Management) security settings as suspicious. Some of them are really stupid (the value of the setting means increased security). On the other hand a value filter would only deal with half of these FP's. There are a lot of combo's (one regsitry setting fixing something to be unchangeable by the user, another containing the fixed value). Deep inspecting all those fixed values would be quite complex.

    Now I use MBAm and Hitman Pro as second opinion before backing up images
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes it is true what kees said cause every time i tweak my registry mbam detects some thing:thumbd:
     
  13. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Our official policy has always been to make the detection clear and both the key and value appear right in the scan and log so that advanced users can evaluate the results and use ignore if intentional.

    Novice users that have had these same values modified through malware will be rescued.

    There is no perfect answer here but the alternative (forcing novice users to figure out disabled functions themselves) is not the right option for the vast majority of our users.
     
Loading...
Thread Status:
Not open for further replies.