Jump to content

dancingwoman

Members
  • Posts

    12
  • Joined

  • Last visited

Posts posted by dancingwoman

  1. Exile...you said...

    "but further documentation for the user should be implemented so they understand why it's detected so the user can make up their own mind, and if indeed the user was the one making these changes, then they should have no trouble doing so, as long as MBAM provides proper documentation of what exactly the detection means (listing a reg key and saying "hijack" and "bad" or "good" isn't quite adequate in my opinion."

    I agree..if it was explained more thoroughly I might not have had a problem...but ...

    Then I wouldn't have learned something new...like I did with this discussion with you and reading your discussion with Digerati..

    thanks guys...DW

  2. You're welcome dancingwoman, and remember, as I said normal malware (not entries where it says 0 bad 1 good or vice versa) MBAM will actually quarantine it so it can later be restored.

    One more question if you don't mind..

    When I ran the scan and deleted what I thought was a problem...I had just installed MBAM..Could I have uninstalled MBAM ...then gone back to the day before's restore point and restored things to the way they were the day before the installation?..Would that have brougt back the registry to the way it was before MBAM found the fp and I deleted it?...DW

  3. Just to clear this up, I believe the reason it doesn't quarantine these particular issues is because it isn't actually deleting anything, it's simply changing the number 1 to a 0 in that reg key, not removing it, so there's nothing to quarantine. Perhaps the developers could implement something to back up the 1 key so that it could be restored (sort of like quarantine, but not quite). With normal malware where a key or file is deleted off of the system, it is actually quarantined by MBAM.

    Thanks for the explanation Exile...you've been very helpful...I won't delete anything from now on till I check it out..DW

  4. You could not "ignore"? If nothing else, you could just cancel out of MBAM without taking any action. I would not do that - it is still a trustworthy program. Google.

    Hi..sorry yes I could ignore..and with the help of Exile thats what I ended up doing...after I put the entry back into the registry...ran the scan again and put it on ignore...I guess because it was the first time I used mbam it was a little confusing to me and for the lack of better judgement I deleted it...all the other programs I use have a place to put things in quarantine..thanks..dw

  5. I think these false positives need to be readdressed, and justifying them simply because malware has been known to make these type changes is not good enough - barely (if that) circumstantial. When I, as the user of this XPPSP3 machine, can very easily right click on the Start Menu > Properties > Customize > Advanced and select "Don't Display this item" for a whole set of display options, MBAM should not report them as infected objects. These are not infections, nor are they vulnerabilities. It does not present a security risk if I decide I don't need to see my Control Panel in my Start menu.
    I received the following 4 false positives today.
    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

    Interestingly, I also do not have Favorites, My Music, My Network Places, My Pictures, Network Connections, or Printers and Faxes displayed and they were not reported. I did, however, set System Administrative Tools set to "Display on the All Programs menu", but that was not reported as infected either.

    False positives are inevitable, but should be used to tweak the code and not allowed to live on. For me, since I never auto-delete anything, and have a few years under my belt, FPs are a minor inconvenience, unless frequent or repeating, then they become annoying, and can eventually become show-stoppers as faith in the product wanes, rendering the product untrustworthy. That would not be good here.

    For less experienced users, FPs can be frightening and as we have seen already, often result in users removing totally valid registry keys, BREAKING, in effect, options. How can that be good? Or faith building?

    Hi..the reason I deleted the FP that showed up for me was because I wasn't given the option to quarantine like other programs give you , (till you can find out more about the infection)...I could delete it or delete all...or restore it..no other choices..In the link to the post I cited others had this same problem..you have to read the whole post in the link..at the end of it Rubber Ducky says.."Something is going wrong with registry quarantining on your systems. I will take a look at the code. " but then I never saw a resolution to the problem....I haven't used mbam since..I was thinking of uninstalling it...because of fps how do I know what is or isn't a real threat?...DW

  6. Hmm, that's odd, I use the free version myself and it quarantined on my machine. Could've just been a "hiccup" in the program. Oh well, at least you've got it all fixed up. Good luck and safe surfing to you.

    I found a post from back in August and September with the same problem (no way to quarantine)..I'll see if I can post it for you to read..I didn't see if there was a fix to the problem..thanks...here's the link http://www.malwarebytes.org/forums/index.php?showtopic=6025

  7. Did as you instructed..scanned again and put it on the ignore list..Thanks for your time and help..Dancing

    As a side note...why didn't anything ever show up in Quarantine..the second time I ran the scan I checked to see if I could quarantine the problem instead of deleting it like I did the first time..no place to do that..I thought maybe the first time I just missed it..but there was no where to quarantine...is it because I have the free version of malwarebytes..thanks...

  8. OK, I can understand not being comfortable. I'll give you a reg file to automate it for you (I already tested it on my own system to make sure it works properly). Just open notepad and copy the following text into it and save it as Type "All Files" and save the file as fix.reg :
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]

    "NoActiveDesktopChanges"=dword:00000001

    Once it's saved to your desktop, just double click it and click Continue at the UAC prompt and click Yes when it asks if you want it added to the registry.

    Did as you instructed..scanned again and put it on the ignore list..Thanks for your time and help..Dancing

  9. Actually, if you're somewhat comfortable with the registry then you can navigate to here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

    and change it back to 1 instead of 0 (this is assuming you're running Vista, if XP then Malwarebytes' simply set it to it's normal default).

    I'm not really comfortable going into the registry..I know how to get into it by going to start and then type in Regedit but thats about it...thanks anyway...the computer seems to be working ok the way it is..can I just leave it this way..thanks...

  10. You can restore it safely (assuming you're running Vista x64). Just go to the Quarantine tab and select that entry then click on Restore.

    There is nothing in quarantine to select...because I deleted it ...so I can't restore it that way..Is it ok just to leave it the way it is..thanks...

  11. If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

    I had the same thing happen and deleted it also..now of course I can't restore it..its not in quarantine..do I just not worry about it..thanks..

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.