MBAM reported something which i am Doubt infected

Discussion in 'malware problems & news' started by Nevis, Feb 21, 2011.

Thread Status:
Not open for further replies.
  1. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    I installed MBAM first time on my PC

    i did a quick Scan and it found 1 infection which i dont think is a infection but still to be sure here is what it reported :


    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken.


    Any advice on this ?
     
  2. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Navigate to that key in Regedit. If it is a security hijack you'll see a REG_SZ named Debugger and Data will show the path to some malware file. Otherwise it's just a fp.
     
  3. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    thx for your reply ... i do see a debugger but path is of tune up utilities which is secure i guess .

    here is screenshot :

    mbam.JPG
     
  4. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    If you are sure the item is perfectly OK, then copy it and put in the MBAM Ignore List. I had the same problem with a SpywareBlaster registry key, where MBAM said it was a threat - it was not. Once I put it in the MBAM Ignore List all future scans were OK.

    John
     
  5. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    I assume that you have Tuneup Utilities installed and that you've had it deactivate iTunes. The debugger entry would be required to reactivate iTunes (all its related services etc). So just add that detection to MBAM's exclusions.
     
  6. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    correct, thats what i have done
     
Loading...
Thread Status:
Not open for further replies.