Jump to content

Could Not Remove Malware

Recommended Posts

Using MAM Premium version  After finishing a scan, MAM alerted me that it had found two pieces of malware (HKCR\piffile\shell\open\command) and (HKCR\scrfile\shell\open command).


I searched Malwarebytes forum and discovered that they were listed back in 2009 as false positives.  However, my experience was that these two pieces of malware caused my computer to spontaneously reboot without warning.


MAM was unable to quarantine or remove these threats.  I finally resorted to using ComboFix to solve the problem and remove this malware.


The next day, I found that another computer on my network (also protected with MAM got infected with the same malware and started to randomly reboot.  Once again MAM was able to detect the malware, but it was unable to remove the malware and I had to use ComboFix.


Both computers are clean and malware free now but I wanted to pass along my experience for others that might encounter the same problem.


I have included the ComboFix log file from my Dell laptop that was infected:

ComboFix Doc.txt

Link to post
Share on other sites

  • Root Admin

Actually can you please do the following.

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

If this is what I think it is then it's not an infection but I want to see the full log please.


Link to post
Share on other sites

Thank you for the help.  I discovered that the problem is a conflict between MBAM and CryptoPrevent v6.  I jumped over to the "Broken.Open Command CryptoPrevent" thread to seek a solution.  I'm still trying to figure out how to add the offending registry entries (HKCR\piffile\shell\open\command) and (HKCR\scrfile\shell\open\command) to the MBAM exclusion list.


Thanks again for helping me with this problem!  :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.