Boost_interprocess ja F-Secure SAFE
I write the question in English, since that might increase the chances of someone being able to tell the answer. You may also respond in Finnish if you want.
My problem in short is, that I noticed that on several of my computers with F-Secure SAFE installed, there is this folder called "boost_interprocess" in the hidden system folder "ProgramData". It had a lock icon attached to the folder icon in Windows 7, and when I look into the folders properties and protection tab there (ominaisuudet, suojaus-välilehti) in both Windows 7 and 10, they display a message that says, in Finnish something like "Tälle objektille ei ole määritetty oikeuksia [-] Tämä on mahdollinen suojausriski, koska objektin luoja voi määrittää sille oikeudet. Määritä oikeudet mahdollisimman pian." Translated it means "This object has no defined rights. This in a potential security threat as the creator of the object can give it rights. Assign rights to it as soon as possible."
I'm not sure what the "official" English version of the message would be, maybe someone here knows?
The folder boost_interprocess contains another folder with a long number for a name, which also shows the same message in properties > protection-tab. Both folders are otherwise empty.
Anyway, worried about this I googled the folder name and found a lot of information relating to a trojan named backdoor:Win32 kelihos.A (it has many variants). The name of the subfolder does not quite match the name of the description given in Microsofts Threat encyclopedia, but "boost_interprocess"-folder is mentioned. I also could not find the registry paths (if that is the correct term) mentioned in Microsofts Threat encyclopedia. F-Secure also has an article about kelihos in their own threat encyclopedia.
However, SAFE does not see anything wrong with these folders. In fact it refuses to actually scan them, as can be seen by looking into the "Tarkistusraportti" (scan report) after the virus scan. I have also sent the folder as a zip-file to F-Secures Submit a Sample page, but they seem happy to just say that since the folders are empty they cannot be checked. But is not the presence of an unknown folder, with the same name that is created by a known malware with unusual security settings that Windows categorizes as a potential threat in itself a sign that something is wrong?
Finally, I should add that even after a complete reinstallation of Windows 10 with only a few programs (Firefox, winrar, Foxit reader) installed, the boost_interprocess -folder reappeared. I noticed that in this case as well as all the others, the date and time at which the folder and subfolder were created/modified, it corresponded with the installation of F-Secure SAFE, the exact same minute. Official F-Secure support however says that this is a mere coincidence and that the folder has no relation to their product. So How can it install itself always at the same time as SAFE?
So I would like to ask, if anyone here knows anything about "boost_interprocess"-folder? Is it always a sign of kelihos-trojan? Why does it appear with the installation of SAFE?
Is it just me, or do you also have this folder with the same strange protection settings in your C:\ProgramData - note that the folder is a hidden system folder, so you must either copy the exact path to find it or alternatively you can enable hidden folders from Organize > Settings of search and folders > second tab and in the bottom of the list. Variants of kelihos can apparently also create folder by the same name in other locations such as AppData.
Any help would be much appepriciated, even if you just drop by to note that such a folder does not install for you with SAFE.