Jump to content

Broken.OpenCommand infected?

Recommended Posts

After an quick scan i get this message:

Broken.OpenCommand. Also there is this message: HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action done.

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: (NOTEPAD.EXE %1) Goed: (regedit.exe "%1") -> No action done.

My virusprogram didn't find anything. So my question is: am I infected?

I am using System Mechanic and Eset Smart Security.


Link to post
Share on other sites

Hi, Beetse: :)


The detections you're seeing can be a "false positive" that is seen when running Iolo System Mechanic.

The FAQ - Section A - Item #18 explains what it is and how to deal with it:

ISSUE: I keep getting the following detections, even after allowing Malwarebytes' Anti-Malware to fix them:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S)

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1")

SOLUTION: Most often when these two items return repeatedly it is due to the presence of an IOLO product such as System Mechanic. System Mechanic and other IOLO security products alter these settings from their Windows defaults. If you do have an IOLO product installed, it is best to simply change the security setting in your IOLO product so that it does not change the settings for .reg files and .scr files or that you simply have Malwarebytes' Anti-Malware ignore these particular detections. These entries are not actual infections, just system settings changes that are not set to their defaults, which is something that some infections will do to prevent .reg files and .scr files from executing, which is why Malwarebytes' Anti-Malware detects these items, since it has no way of knowing if the change was made by the user, an infection, or a legitimate software such as IOLO.

For the record, though, you might want to be careful about using SM.

There have been many reports about it causing serious system damage.

For example, see this post by forum mod and MS MVP, Maurice Naggar: http://forums.malwar...ndpost&p=554892



Link to post
Share on other sites

Hello Beetse.

To add a bit more to Daledoc1's notes:

Rerun MBAM and have it "remove" those entries. Technically it will fix them to what they need to be.

Copy and Paste the MBAM log after you finish the run.

Follow-up and do this:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

As to Iolo System Mechanic:

How have you used it ?

There's a long running history of System Mechanic grunging up systems whereby the windows installer service is "glitched" and associations for windows are likewise messed up.

I strongly urge you to not use it for any registry "cleaning", "tweaking", "optimizing", etc

IF you did not buy it, I urge you to uninstall it.

Link to post
Share on other sites


I would suggest you run this tool and post the log for my review.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.