Jump to content

Broken.OpenCommand


Recommended Posts

Hi I am new here. I really like MWB, but I have 2 Registry Data Items Infected which keep coming back:

Broken.OpenCommand

What should I do?

Malwarebytes' Anti-Malware 1.37

Database version: 2285

Windows 5.1.2600 Service Pack 3

16/06/2009 09:05:26

mbam-log-2009-06-16 (09-05-26).txt

Scan type: Quick Scan

Objects scanned: 88691

Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Root Admin

These are the default settings that XP comes with. Some other program has changed them to a different settings which often is a sign that Malware did it.

If you've done it on purpose then you can put those entries on the Ignore list. If you have said to fix it and it keeps coming back then you probably have something like Tea Timer from Spybot or the AdAware watch or similar program blocking the Registry change and you need to tell that program to allow the change.

Link to post
Share on other sites

These are the default settings that XP comes with. Some other program has changed them to a different settings which often is a sign that Malware did it.

If you've done it on purpose then you can put those entries on the Ignore list. If you have said to fix it and it keeps coming back then you probably have something like Tea Timer from Spybot or the AdAware watch or similar program blocking the Registry change and you need to tell that program to allow the change.

Spot on, Tea Timer and Spybot, now sorted, many thanks, great service !

Link to post
Share on other sites

There are now dozens of programs that block changes, SuperAntispyware does too, I'm sure Symantec/Norton has a section for that as well.

You really need to review your logs from these programs and determine which one is reverting the change back.

OK, thanks for that, the Norton log seems to show it is blocking the change.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.