This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IFEOHijack Trojan or False Positive (Debugger)

Hello Sophos Malware Community,

 

Doing a scan today I came across this.

 


Registry Key: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\cmd.exe, No Action By User, [6465], [250074],1.0.7587
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\cmd.exe, No Action By User, [6465], [250074],1.0.7587

 

Trying to determine if its a real risk or not and asking for some advice?

 

Thanks



This thread was automatically locked due to age.
Parents
  • Hello Eric Bancroft,

    RiskWare.IFEOHijack is a name Malwarebytes uses, isn't it?

    Normally I'd expect the key to be under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ though this is where the name comes from). Do you have more details, e.g. contents of this key?

    Christian

  • Hi Christian

    Ah guilty as charged it is Malwarebytes that found this. I ran Sophos Anti-Virus and it did not find this and wanted to determine if its a threat that Sophos AV missed and also if there was any data on this or is it a false alarm. I wanted to be sure. No other data on the reg keys except that it is indeed in a strange place of the windows reg. Windows 8.1 Pro to be exact and in a production environment.

     

    Thanks

Reply
  • Hi Christian

    Ah guilty as charged it is Malwarebytes that found this. I ran Sophos Anti-Virus and it did not find this and wanted to determine if its a threat that Sophos AV missed and also if there was any data on this or is it a false alarm. I wanted to be sure. No other data on the reg keys except that it is indeed in a strange place of the windows reg. Windows 8.1 Pro to be exact and in a production environment.

     

    Thanks

Children
No Data