Jump to content
Sign in to follow this  
K1234

Security.Hijack Virus Removal/False Positive?

Recommended Posts

I have reason to believe that Tune Up 2012 (which optimizes and fiddles with registry) is causing false positives.

The only active Virus Protection I run is Microsoft Security Essentials. Everything has been running at full speed.

Last night I decided to run other Virus Scanners just to be safe and I found a ton of Security.Hijack viruses in "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\".

This user had the same problem as well: http://forums.supera...ositive-or-not/

Is this a false positive and if not did I take the right steps to remove this virus?

All the scans below are the most recent versions.

MSE:

No threats found.

TDSS Killer:

No threats found.

Malwarebytes:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe

ESET Online Scanner:

No threats found.

SuperAntiSpyware:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 07/10/2012 at 03:11 PM

Application Version : 5.5.1012

Core Rules Database Version : 8876

Trace Rules Database Version: 6688

Scan type : Complete Scan

Total Scan Time : 00:56:40

Operating System Information

Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator

Memory items scanned : 690

Memory threats detected : 0

Registry items scanned : 36790

Registry threats detected : 61

File items scanned : 51601

File threats detected : 179

Security.HiJack[imageFileExecutionOptions]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#DisableExceptionChainValidation

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMD OVERDRIVE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMD OVERDRIVE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASC.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASC.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPLAUNCH.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPLAUNCH.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZGAMESDIAGANDSUPPORT.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZGAMESDIAGANDSUPPORT.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZLAUNCHERUI.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HIREZLAUNCHERUI.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPWUCLI.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSEMINI.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSEMINI.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSENOW.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMPULSENOW.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LU5.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LU5.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTLINK.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTLINK.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTVIEW.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSTVIEW.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PICTUREVIEWER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PICTUREVIEWER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKSTART.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKSTART.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKTIMEPLAYER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUICKTIMEPLAYER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SBASE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SBASE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCALC.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCALC.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDRAW.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDRAW.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIMPRESS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIMPRESS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLIMDRIVERS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SLIMDRIVERS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMATH.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMATH.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOFFICE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOFFICE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SUC12_UNINSTAL.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SUC12_UNINSTAL.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWRITER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWRITER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOOLBOX.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOOLBOX.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TURBOBOOST.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TURBOBOOST.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINST.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINST.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZUNE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZUNE.EXE#Debugger

Combofix:

Said something about C\Install.exe - didn't say infected.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×