Why does Windows Defender (formerly Microsoft Antispyware) detect malware after installing the Pharos Popup Client?

Blog Post created by toleary on Aug 2, 2013

Windows Defender (formerly Microsoft AntiSpyware) reports a file used by the Pharos Popup Client as the Rivarts.A trojan.


The registry key:




Has been detected as malware by Defender.


Microsoft is aware of this problem. Other third party applications use the same hook. So far, however, Microsoft has not whitelisted the application, madCodeHook by Madshi.


Madshi, the developers of madCodeHook (the file in question) is also aware of this issue.


For more information on Madshi, and madCodeHook see:


This is a required file needed for the Pharos Popup Client to function and does not pose a threat to the system.