Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

AutoReactivator.exe detected as trojan?


JMSolo

Recommended Posts

Posted

I have scanned my computer now with Eset and SuperAntiSpyware and both have found the following registry item to be "malicious":: Marked as 'Trojan.SVCHost/Fake'

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger [ C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe ]

 

 

Furthermore, I browsed the wilds of the web and several sources suggest this should be removed asap.

 

 

Should I whitelist this within Eset and SAS as well as submit it to them as a -/+?

 

Or does this not look familiar to you guys and some how got picked up due to me using ASC?

Posted

Hi JMSolo,

 

I have uploaded AutoReactivator.exe to VirusTotal and neither ESET nor SuperAntiSpyware found it as a threat.

 

See the VirusTotal Report of AutoReactivator.exe

 

DrWeb and GData found it as unwanted program and Adware respectively, so it is most probably a false positive.

 

FYI, I have the AutoReactivator.exe file in the installation folder of ASC9, but the registry that you mention does not contain it.

 

There are 2 topics concerning the file in IObit Forum, please see them if anything related to yours is found there.

1 - Issue with " Autoreactivator "...? - IObit.Com Forums

 

2 - ASC 8 free rtl120.bpl. error and AutoReactivator.exe error on ...

 

 

 

Cheers.

Posted

Hello enoskype,

You are correct... it is not the .exe itself that is triggered a response from these two applications, rather, it is the registry entry which reads as

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe ]

 

 

Note the pound sign (#) and not a forward slash.

 

I am using IMF4 beta and have allowed all my used programs along with remembering these actions - thus this rules out the first thread linked

Second, I am using Advanced SystemCare 9 so I am not too sure how relevant a link to anything 8 will be. In fact, that second link has no relevance whatsoever to my query.

 

Again, I should had been more concise with my wording. The registry entry is what I am concerned about and not the .exe. I am being shown however that the registry entry was 'supposedly' created by the installation and/or running of the .exe.

 

Is it possible this entry is created to help the program bypass any admin rights that may be on a guest system (w/o admin privs)?

 

I notice it has #Deugger at the close, so I wonder if that may be it, however, there are several places informing that Image File Execution Options\explorer.exe should require care and contacting the vendor of said software adding the entry should be a follow up before blocking/removing the entry.

 

Thank you for your attention on this matter.

 

 

 

 

Posted

Here is the detection in action from SAS

 

Apologies, I posted the wrong image. This one shows the detection. I am not too certain why SAS and ESET System Inspector would link this entry to the AutoActivator.exe... maybe some confusion? If you do not see this entry relating to the program then I will certainly quarantine it immediately.

Posted

Hi JMSolo,

 

Please see how the registry entry is seen in Registry (Using regedit).

 

Definitely there is no such an entry in my Registry even after trying to run the exe file by double clicking on it.

 

You can export it in Registry to a folder of your choice such as Documents to re-enter it in case something goes south. You can then quarantine it and see if anything is wrong or if it is created again in time.

 

 

Cheers.

 

 

Posted

Done & Done!

 

Thank you for your confirmation on this. I have made a quick backup of the registry and quarantined this entry. Not sure where it came from and why it is attempting to link to your application. I trust your products as I have every paid-for product by IObit... hence, this was a bit disconcerting.

Posted

JMSolo, great to know that the problem is solved and you are a loyal user of IObit products. Thumbs up

 

Please note that I am a user like yourself. Well, trying to help to the users of IObit products and IObit.

So the products are IObit's products. :-)

You can get info about the Forum Leaders from Information about Forum leaders topic.

 

Cheers.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...