Jump to content
cgh

Broken.OpenCommand detected

Recommended Posts

Hi,

One of our computers has a threat detected named Broken.OpenCommand from yesterday evening. Does anyone have any information about this?

 

image.thumb.png.89fdf397922a0443cdb42f726a754dd2.png

Share this post


Link to post
Share on other sites

Greetings,

Those detections are generic PUM (Potentially Unwanted Modification) signatures that will generally target things like policy restrictions and default system settings alterations which are frequently made by malware as a part of their attacks such as restricting access to certain system tools (i.e. regedit, Task Manager etc.) or to attempt to prevent security applications (like Malwarebytes) from running.  In this particular case, those detections represent changes to the default file associations for the file extensions/file types listed, which, at least according to the image are for .exe, .bat, .com, .pif, .scr and .reg files, all of which are executable file types and/or scripts.  I suspect that either your systems administrator has altered these settings, a tool such as System Mechanic or some other system settings 'tweaking' tool was used and these settings were changed for security reasons (breaking file associations for certain file types can prevent users from executing them should they be part of a malicious payload, for example opening a .reg or .bat file with notepad rather than the command prompt or registry editor), or an actual malware infection has modified/broken these file associations.

You can find out more about PUM detections along with further examples in the following Malwarebytes Support articles:

PUP and PUM FAQs for Endpoint Security customers
PUM detection definition and recommended approach
Group Policy registry keys detected as PUMs in Endpoint Security

If you suspect that the system may be infected then please contact Malwarebytes Business Support directly via the form on the bottom of this page and a member of Support will get into contact with you via email as soon as possible to assist you.

I hope this helps, and if there is anything else we might assist you with please don't hesitate to let us know.

Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.