Potential False Positive (Registry) {293364AE-43F8-11D3-BC2D-4000000A2806} - Need Help fron IObit Support Staff [SOLVED by db 1533]

[Albert Heisenberg]

Here is a copy of the Iobit Malware Fighter (v4) Log:

IObit Malware Fighter

 

OS: Windows 7

Version: 4.0.3.20

Database Version: 1529

Scan Mode:Manual

Time Elapsed: 11:41:38

Objects Scanned: 504260

Threats Found: 2

Save Time: 3/16/2016 1:11:05 AM

 

|Name|Type|Description|ID|

Malware GUID, GUID, HKEY_CLASSES_ROOT\CLSID\{293364AE-43F8-11D3-BC2D-4000000A2806}, 401917

Malware GUID, GUID, HKEY_CLASSES_ROOT\CLSID\{293364BA-43F8-11D3-BC2D-4000000A2806}, 401918

 

It looks like a registry key but I do not want to "remove" it if it's a false positive. I can't verify whether it is indeed a false positive by uploading the file to VirusTotal because I don't know where/how to find the registry file/entry in question. I've copied " HKEY_CLASSES_ROOT\CLSID\{293364AE-43F8-11D3-BC2D-4000000A2806}" into the search box of my C: Drive to no avail. I'm a tech neophyte and it would be nice to know what to do.

 

My Laptop is a 2010/11 SONY VAIO, with 6GB of RAM, Windows 7 Home Premium (Service Pack 1), running on a 64-bit OS.

 

Please kindly inform me as to the next steps I should take. My computer has been behaving erratically lately and it would be nice to know if removing these allegedly malicious files would solve the issues. Registry entries are tricky though so I don't want to "remove" an otherwise benign system file. I love IObit and I have almost all of the IObit security and maintenance panel downloaded (Advanced SystemCare, Driver Booster, Smart Defrag, etc).

 

 

Many Thanks in Advance IObit,

A. Heisenberg

[Cicely]

Hi there,

 

Thanks for your feedback.

 

To check whether it is a false positive, pelase take the steps as follows:

 

Please open registry editor and find the registries mentioned in your report and send us the screenshots to show the two registry items you mentioned.

 

How To Open Registry Editor guide: http://pcsupport.about.com/od/registry/ht/open-registry-editor.htm

 

Guide for taking screenshot.

 

http://graphicssoft.about.com /cs/general/ht/winscreenshot.htm

 

Looking forward to hearing from you.

[Albert Heisenberg]

Hi IObit Support Team,

 

Forgive me for the delay. For whatever reason the Iobit forum didn't inform me via email that the Iobit support staff had replied to my post (I'll have to look into the settings). You will find the registry editor screenshots attached to this post. I wasn't able to find the exact registry entry for the malicious files and I followed the instructions exactly as told. Neither HKEY_CLASSES_ROOT\CLSID\{293364AE-43F8-11D3-BC2D-4000000A2806}, 401917 nor HKEY_CLASSES_ROOT\CLSID\{293364BA-43F8-11D3-BC2D-4000000A2806}, 401918 seem to exist. Kindly check out the screenshots attached and let me know whether I'm searching in the wrong registry folders (or whether the registry's been deleted somehow - I haven't touched it so I'm not sure how that could have happened). Many thanks again.

 

Best Regards,

A. Heisenberg

[Cicely]

Hi Albert Heisenberg,

 

Thanks for your detailed reply.

 

After further analysis, it is a false positive and it will be removed in database 1533 on 2016-03-29.

 

Thanks for helping improve our products

[Albert Heisenberg]

Hi Cicely,

 

Sorry to bother you again, I'm sure you have more important things to do. However I think my brother, in an attempt to "help" me, may have changed the Malware Bytes settings to "auto remove." As a result the reason I could not find those registry entries is because they've been removed. Should I be concerned since you stated they were false positives? Or did you think they were false positives because they couldn't be found in the registry index (because Malware Bytes had, unbeknowst to me, deleted them already)? From everything I've read, interfering with the registry can have a very harmful effect on the computer. I've attached the Malware Bytes screenshot of the removal notice as well as an error notice from a recent NVIDIA graphics/video driver update. Could the registry deletion be related to the sudden inability to update my graphics driver?

 

Kindly let me know what to do. Many thanks again.

 

Albert

[Cicely]

Hi Albert Heisenberg,

 

Thanks for your reply.

 

We judge it as false positive is according to our analysis. If Malware Bytes removed it, please do a restore or see whether there is any other way can restore it from Malware Bytes.

[Albert Heisenberg]

Hi Cicely,

 

I've read through the Malware Bytes manual and don't quite see anywhere in it that tells me how to restore the deleted registry entry. Do you know how I would go about restoring it? Many thanks again.

 

Best Regards.

Albert

[Cicely]

Hi Albert,

 

Sorry to tell you that I am not familiar with MB. Did you searched for solution online? You can have a try.