RiskWare.IFEOHijack

Short bio

This is a generic detection for programs that set a debugger for other executables by using the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\
{name of the intercepted executable}

Some legitimate programs that use this method have been white-listed.

Impact

Remediation

Malwarebytes can remove the registry key without problems. If you get this detection without any accompanying file, there is a chance that you are dealing with a false positive. If you suspect this is the case, feel free to reach out to us and report them on our dedicated forum for possible false positives.