Broken.OpenCommand infected?

[Beetse]

After an quick scan i get this message:

Broken.OpenCommand. Also there is this message: HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action done.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: (NOTEPAD.EXE %1) Goed: (regedit.exe "%1") -> No action done.

My virusprogram didn't find anything. So my question is: am I infected?

I am using System Mechanic and Eset Smart Security.

Thanks

[daledoc1]

Hi, Beetse:

Welcome.

The detections you're seeing can be a "false positive" that is seen when running Iolo System Mechanic.

The FAQ - Section A - Item #18 explains what it is and how to deal with it:

ISSUE: I keep getting the following detections, even after allowing Malwarebytes' Anti-Malware to fix them:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S)

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1")

SOLUTION: Most often when these two items return repeatedly it is due to the presence of an IOLO product such as System Mechanic. System Mechanic and other IOLO security products alter these settings from their Windows defaults. If you do have an IOLO product installed, it is best to simply change the security setting in your IOLO product so that it does not change the settings for .reg files and .scr files or that you simply have Malwarebytes' Anti-Malware ignore these particular detections. These entries are not actual infections, just system settings changes that are not set to their defaults, which is something that some infections will do to prevent .reg files and .scr files from executing, which is why Malwarebytes' Anti-Malware detects these items, since it has no way of knowing if the change was made by the user, an infection, or a legitimate software such as IOLO.

For the record, though, you might want to be careful about using SM.

There have been many reports about it causing serious system damage.

For example, see this post by forum mod and MS MVP, Maurice Naggar: http://forums.malwar...ndpost&p=554892

HTH,

daledoc1

[Maurice Naggar]

Hello Beetse.

To add a bit more to Daledoc1's notes:

Rerun MBAM and have it "remove" those entries. Technically it will fix them to what they need to be.

Copy and Paste the MBAM log after you finish the run.

Follow-up and do this:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

As to Iolo System Mechanic:

How have you used it ?

There's a long running history of System Mechanic grunging up systems whereby the windows installer service is "glitched" and associations for windows are likewise messed up.

I strongly urge you to not use it for any registry "cleaning", "tweaking", "optimizing", etc

IF you did not buy it, I urge you to uninstall it.

[daledoc1]

Thanks, Maurice!

[Beetse]

Thanks for your help. I think it is better to uninstall System Mechanics.

Thanks, problems solved.

[Maurice Naggar]

Beetse,

I would suggest you run this tool and post the log for my review.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.