Jump to content

Broken.OpenCommand

Retired Leo

By Retired Leo
in File Detections

 Share

Recommended Posts

Retired Leo

Retired Leo

Posted
Posted

I can run Anti Malware Bytes and receive 2 instances of the above stated malware. I remove them and run again the next day and they are back in the same registry keys. Below is the log file of Anti Malware Bytes that I ran in developer mode.

Malwarebytes' Anti-Malware 1.41

Database version: 2816

Windows 5.1.2600 Service Pack 3

10/4/2009 1:08:05 PM

mbam-log-2009-10-04 (13-07-55).txt

Scan type: Quick Scan

Objects scanned: 98673

Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken. [3974894881707936807878667969840910013986796885748079]

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken. [3974894881707936807878667969840910013986796885748079]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
  • 2 weeks later...
sarsen

sarsen

Posted
Posted

I get a similar problem. Is this a false positive? Any further action required please?

Recently keep getting broken.open command for piffile shell, Is this a false positive? Keeps recurring even when removed

Thanks

Logfile from Quick Scan in developer mode:

Malwarebytes' Anti-Malware 1.41

Database version: 2870

Windows 5.0.2195 Service Pack 4

30/09/2009 11:21:43

mbam-log-2009-09-30 (11-21-32).txt

Scan type: Quick Scan

Objects scanned: 82573

Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("%1"?) Good: ("%1" %*) -> No action taken. [3974894881707936807878667969840910013986796885748079]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
  • Staff
TeMerc

TeMerc

Posted
  • Staff
Posted

Hello and welcome.

This setting is actually something which was changed by another piece of security software and is only detected because of that. You can either add it to your ignore list or allow it to be quarantined. There will be no negative affect on your system either way.

Link to post
Share on other sites
sarsen

sarsen

Posted
Posted
Hello and welcome.

This setting is actually something which was changed by another piece of security software and is only detected because of that. You can either add it to your ignore list or allow it to be quarantined. There will be no negative affect on your system either way.

Thanks for the reply :-)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.