itman 1,743 Posted September 16, 2017 Share Posted September 16, 2017 I have had this keyfinder.exe on my PC since last Nov.. I manually installed it then. Today, Eset all of a sudden detects it as a PUA. Hash scan at VT shows no one detecting including Eset. What is a bit odd is the detection and alert occurred today when started IE11 shortly after PC startup today. Keyfinder has to be manually stated from the desktop and I haven't used it for sometime. Have no clue why it would be started by IE11 unless it is possibly hacked and Eset mis-indentified keyfinder.exe as the source? 9/16/2017 8:47:41 AM;Startup scanner;file;C:\Program Files (x86)\Magical Jelly Bean\keyfinder.exe;a variant of Win32/MagicalJellyBean.B potentially unsafe application;cleaned by deleting;;;0D4D7B798BD931030CADAE9AC96CF50B890DEC02;11/27/2016 3:18:51 PM Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted September 16, 2017 Administrators Share Posted September 16, 2017 The detection is correct. Potentially unsafe applications cover legitimate tools that can be misused in the wrong hands. They also include key finders. Detection of potentially unsafe applications is disabled by default. If you want to intentionally use a particular pot. unsafe app., you can exclude it from detection. Link to comment Share on other sites More sharing options...
itman 1,743 Posted September 16, 2017 Author Share Posted September 16, 2017 26 minutes ago, Marcos said: The detection is correct. Potentially unsafe applications cover legitimate tools that can be misused in the wrong hands. They also include key finders. Detection of potentially unsafe applications is disabled by default. If you want to intentionally use a particular pot. unsafe app., you can exclude it from detection. Ok. I will go along will the PUA classification but appears this was just added to sig. database. My question is the "startup" detection. Does it just do a cursory scan of program directories at startup time since the program in question was not active. Link to comment Share on other sites More sharing options...
Recommended Posts