Sign in to follow this  
Followers 0
Porthos

Not really fase but...

4 posts in this topic

I use this as an installer for Antivir. Of course it auto disables the update/upgrade screen. The side effect is this from MBAM.

http://www.ryanvm.net/forum/viewtopic.php?t=6324 (installer Page)

Malwarebytes' Anti-Malware 1.41

Database version: 2818

Windows 5.1.2600 Service Pack 3

9/17/2009 9:34:56 PM

mbam-log-2009-09-17 (21-34-52).txt

Scan type: Quick Scan

Objects scanned: 103040

Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> No action taken. [3857535134305270688683748590154174756668761301414438586445483634456446343641424

73861524839535634513861467468838084807185615674796980888401475361368683837079855

5

70838474807961427866727001397477700138897068868574807901488185748079846166877980

8

574719015708970]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Yes, it's normal. These detections are there to reset such security related settings back to their default since they are often altered by malware. Of course it can safely be ignored in this case as with cases where a user's antivirus or internet security suite has disabled these settings as McAfee, Norton and others do.

Share this post


Link to post
Share on other sites

I added this as part of the reversal we do when malware uses this windows function to disable antimalware applications .

We have a LOT of avira users and no one has ever reported this so my assumption is that this is a custom addition ?

Share this post


Link to post
Share on other sites
so my assumption is that this is a custom addition ?

Yes it is.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.