Jump to content

Recommended Posts

Hi

 

I recently did a scan using Malwarebytes and it came back with a positive result for something called Broken.command. I did a full scan using Kaspersky and it couldn't find anything. I have done various searching online and most often it is a false positive however I do not use System Mechanic by iolo but I don't know whether any other program can cause a false positive. Most of the time my laptop seems fine but every now and then it completely freezes and my little widget shows the RAM at 100%. The problem always resolves itself though.

I've included my scan results in this post.

 

Many thanks,

 

Rachel

post-159684-0-59222700-1396267523_thumb.

post-159684-0-06352200-1396267537_thumb.

post-159684-0-40005300-1396267559_thumb.

Link to post
Share on other sites

Hi:

 

In addition to DHL's expert advice, are you by any chance running any IOLO software on your computer?

 

If you scroll down to Item #18 >>HERE<<, you'll find this explanation:

 

 

ISSUE: I keep getting the following detections, even after allowing Malwarebytes' Anti-Malware to fix them:HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S)
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1")SOLUTION: Most often when these two items return repeatedly it is due to the presence of an IOLO product such as System Mechanic. System Mechanic and other IOLO security products alter these settings from their Windows defaults. If you do have an IOLO product installed, it is best to simply change the security setting in your IOLO product so that it does not change the settings for .reg files and .scr files or that you simply have Malwarebytes' Anti-Malware ignore these particular detections. These entries are not actual infections, just system settings changes that are not set to their defaults, which is something that some infections will do to prevent .reg files and .scr files from executing, which is why Malwarebytes' Anti-Malware detects these items, since it has no way of knowing if the change was made by the user, an infection, or a legitimate software such as IOLO.

 

Just a thought... :)

 

daledoc1

Link to post
Share on other sites

Hi David and Daledoc1,

 

I am not using an iolo product as far as I'm aware. Is there any other programs that might cause the registry to be changed? I have recently installed numerous programs as my hard drive failed and once I got that fixed I had to reinstall everything. I have also been working with Linux using VirtualBox lately as part of my university course so I don't know whether that could have affected anything.

 

Many thanks,

 

Rachel

Link to post
Share on other sites

Rachel:

 

From what  I see the Registry location is...

HKEY_CLASSES_ROOT\regfile\shell\open\command

default = regedit.exe "%1"

 

Yours...

default = "regedit.exe" "%1"

 

Normaly one doesn't need Quotation Marks (") around a string or path unless there is a space ( )

For example

c:\windows\explorer would not need quotation marks but

c:\Program Files\Microsoft Office\Office11\EXCEL.EXE

would need quotation marks due to the spaces in the path, thus it is better expressed as;  "c:\Program Files\Microsoft Office\Office11\EXCEL.EXE"

 

On your PC the word REGEDIT.EXE is in quotations marks and it really should not affect how the Registry is interpreted and thus not affect operation.

 

MBAM is comparing what is the STANDARD value and sees that it is NOT the standard value and thus flags the Registry entry.  So it can't be considered a False Positive.  It can be ignored.

 

MBAM examines this Registry entry because malware has been known to modify the Registry in cases where the malware performs Self Preservation and this entry is something to pay attention to.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.