5 replies to this topic

[K1234]

I have reason to believe that Tune Up 2012 (which optimizes and fiddles with registry) is causing false positives.

The only active Virus Protection I run is Microsoft Security Essentials. Everything has been running at full speed.

Last night I decided to run other Virus Scanners just to be safe and I found a ton of Security.Hijack viruses in "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\".

This user had the same problem as well: http://forums.supera...ositive-or-not/

Is this a false positive and if not did I take the right steps to remove this virus?

All the scans below are the most recent versions.

MSE:
No threats found.

TDSS Killer:
No threats found.

Malwarebytes:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe

ESET Online Scanner:
No threats found.

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2012 at 03:11 PM

Application Version : 5.5.1012

Core Rules Database Version : 8876
Trace Rules Database Version: 6688

Scan type       : Complete Scan
Total Scan Time : 00:56:40

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 690
Memory threats detected   : 0
Registry items scanned    : 36790
Registry threats detected : 61
File items scanned        : 51601
File threats detected     : 179

Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#DisableExceptionChainValidation
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMD OVERDRIVE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMD OVERDRIVE.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASC.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASC.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPLAUNCH.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPLAUNCH.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZGAMESDIAGANDSUPPORT.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZGAMESDIAGANDSUPPORT.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZLAUNCHERUI.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZLAUNCHERUI.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSEMINI.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSEMINI.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSENOW.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSENOW.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LU5.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LU5.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTLINK.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTLINK.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTVIEW.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTVIEW.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PICTUREVIEWER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PICTUREVIEWER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QS.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKSTART.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKSTART.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKTIMEPLAYER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKTIMEPLAYER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SBASE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SBASE.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCALC.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCALC.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDRAW.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDRAW.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIMPRESS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIMPRESS.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLIMDRIVERS.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLIMDRIVERS.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMATH.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMATH.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOFFICE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOFFICE.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SUC12_UNINSTAL.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SUC12_UNINSTAL.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWRITER.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWRITER.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOOLBOX.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOOLBOX.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TURBOBOOST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TURBOBOOST.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINST.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINST.EXE#Debugger
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZUNE.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZUNE.EXE#Debugger

Combofix:
Said something about C\Install.exe - didn't say infected.

[SAS Customer Service]

Yes the file execution option detections are related to TuneUp Utilities, you an select them and click the Allow/Trust button.

[K1234]

So my computer is clean?

[SAS Customer Service]

The file execution option detections related to TuneUp Utilities are not malicious.

[K1234]

Are all of these detections related?

Thanks

[SAS Customer Service]

Yes all of those are related.