Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are these serious or false positives?


  • Please log in to reply
2 replies to this topic

#1 ninjabot553

ninjabot553

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 06 January 2015 - 12:42 PM

Malwarebytes Detected these on my annual scan so I was wondering if they are false positives or real.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/5/2015
Scan Time: 11:39:13 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.06.01
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: monko_000
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 837642
Time Elapsed: 1 hr, 28 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [778a462316663303cac238f5f410a858], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [df22f376afcd3402eca072bb8d778779], 
 
Registry Values: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", Quarantined, [778a462316663303cac238f5f410a858]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", Quarantined, [df22f376afcd3402eca072bb8d778779]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OpenCandy, C:\Users\monko_000\AppData\Local\Temp\utt8038.tmp, Quarantined, [857cf5744a321c1ac72f06a983821fe1], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:46 AM

Posted 06 January 2015 - 03:10 PM

Uninstall AVG PC TuneUp. If you have a problem uninstalling use the Free Revo Uninstaller. Run it in Advanced mode.

Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:46 AM

Posted 06 January 2015 - 04:04 PM

Malwarebytes Detected these on my annual scan so I was wondering if they are false positives or real.


An IEFO (PUP.Optional.IFEO) detection is not necessarily malicious in all cases. The Image File Execution Options (IFEO) key can be used to block any legitimate .exe with a static file name and execute a malicious executable instead. To do this, the malware will create a value with the name "debugger" so the valuedata ponts to the malicious .exe instead of the legitimate file. Malware uses these keys to keep security tools from running and to trigger reinfection whenever certain executables are run.

Some security scanners might classify and detect some powerful advanced system administration tools (i.e. GiveMePower) as a Risk Tool or PUP.Optional.IFEO because the program has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. Since these detections do not necessarily mean the file is malicious or a bad program, in some cases the detection may be a "false positive". Many programs will add an Image File Execution Options (IFEO) registry key so it's presence is not unusual or uncommon. The concern is when there is a debugger value set when there should not be one as that is something malware does for a frequently-run program.
 

Image File Execution options provides you with a mechanism to always launch an executable directly under the debugger. This is extremely useful if you ever need to investigate issues in the executable's startup code (services especially). You can set the IFEO options directly via the registry or indirectly using the Gflags tools (available with the Window debugging toolkit).

Image File Execution Options (IFEO)


IFEO lets you set some registry goo such that when you launch a target app (specified by a registry key name), a debugger (specified by a string named "debugger" under that registry key) is executed instead. The debugger then launches the target app under its control.

IFEO and Managed-debugging


Evil can be done with the Image File Execution Options key. Malware can install themselves as the "debugger" for a frequently-run program (such as Explorer) and thereby inject themselves into the execution sequence.

Beware the Image File Execution Options key (IFEO)


....you should be concerned....very concerned....about IFEO on your Windows based PC. IFEO is an area of the registry that was created to set various options that tells Windows what to do when an given application is run on your system. It is something that can used by developers to run a program in a debugger to troubleshoot an application that they are creating instead of running the program directly. While this is all fine and good if you are a application developer, the problem is that Windows does not verify that the application that you tell it to run instead of the program is actually a legitimate debugger or not....

Image File Execution Options - How to Hijack a Program.

Malwarebytes and SUPERAntiSpyware both detect and remove these type of registry entries.

In your specific case, the detections are related to AVG PC TuneUp, a stand-alone program which claims to be an optimizing tool with registry cleaning capability that purports to improve performance, make repairs and enhance the speed of a computer. The optimization and performance improvement claims made by such software vendors are borderline scams. There is no statistical evidence to back such claims. Advertisements to do so are a marketing ploy intended to goad users into using an unnecessary and potential dangerous product.


AVG PC TuneUp is a computer maintenance and optimization tool that you can install together with AVG. This standalone application analyzes and fixes different issues that might occur on your computer, speeding up the system and making it more secure.

What is AVG PC TuneUp
AVG PC TuneUp FAQs


Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.

Why you should not use Registry Cleaners and Optimization Tools


That is why buddy215 asked you to remove it.

As for OpenCandy, see my explanation in this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users