Jump to content

Recommended Posts

We are setting up our grandson's new desktop which has Windows 7 Premium and 64-Bit.

We installed MB 1.43 and after the full scan it came up with a problem:

Vendor = Hijack Properties

Category = Registry Data

Items =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows/CurrentVersion|Policies\Explorer\NoActiveDesktop Changes

Other = Bad (1) Good (0)

Action Taken = No action taken

We didn't do anything because we did not know what it was.

Can you tell us if this brand new computer is infected?

Please advise as soon as possible as our grandson is really scared that his new computer is not working properly.

Thank you.

Alice

Link to post
Share on other sites

Greetings alicez :)

This detection is normal under Windows Vista and Windows 7 because Microsoft changed the default setting in the registry to the opposite of what it was on XP. This particular detection is made so that in cases where an infection has created a nasty Active Desktop using a malicious URL as the desktop background, telling you you're infected and taking you to the bad site each time you click on the desktop, Malwarebytes' can restore the desktop and remove the user's inability to alter the settings for Active Desktop. Microsoft changed it in later Windows versions I believe, for the sake of actually trying to prevent the use of Active Desktop by malicious software.

This being the case, this detection can safely be ignored. Just run a Quick Scan and click on the detected item once to highlight it and then click on the Ignore button at the bottom of the program interface, then click on Remove Selected and you will be notified that there are no more items to remove. Once that's done, click OK to the message and click Finish or Main Menu and this detection will not show up any more as long as it is in your Ignore List.

Link to post
Share on other sites

Greetings alicez :)

This detection is normal under Windows Vista and Windows 7 because Microsoft changed the default setting in the registry to the opposite of what it was on XP. This particular detection is made so that in cases where an infection has created a nasty Active Desktop using a malicious URL as the desktop background, telling you you're infected and taking you to the bad site each time you click on the desktop, Malwarebytes' can restore the desktop and remove the user's inability to alter the settings for Active Desktop. Microsoft changed it in later Windows versions I believe, for the sake of actually trying to prevent the use of Active Desktop by malicious software.

This being the case, this detection can safely be ignored. Just run a Quick Scan and click on the detected item once to highlight it and then click on the Ignore button at the bottom of the program interface, then click on Remove Selected and you will be notified that there are no more items to remove. Once that's done, click OK to the message and click Finish or Main Menu and this detection will not show up any more as long as it is in your Ignore List.

Wouldn't clicking "Remove Selected" remove that file from my computer?

Link to post
Share on other sites

Wouldn't clicking "Remove Selected" remove that file from my computer?

No, not if you've already ignored it as instructed in the previous part of the steps I described. When you click Remove Selected after having MBAM ignore the detection there will be no more detected results and clicking the Remove Selected button will simply complete the scan process.

Link to post
Share on other sites

No, not if you've already ignored it as instructed in the previous part of the steps I described. When you click Remove Selected after having MBAM ignore the detection there will be no more detected results and clicking the Remove Selected button will simply complete the scan process.

Thank you kindly.

I did what you said and now I see in the Ignore section:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows/CurrentVersion|Policies\ExplorerBad (1) Good (1)

#1- Is that what should be there?

#2- I was just thinking that if this was a "False / Positive" it would be removed from the "definitions" for the next download so that it would not be 'picked-up' in the future as an 'exception,' by all those using MB with their new Win7 computers (such as I). I guess that was not done (or couldn't be done) in this instance. Is that so?

Link to post
Share on other sites

Thank you kindly.
You're very welcome :)
I did what you said and now I see in the Ignore section:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows/CurrentVersion|Policies\ExplorerBad (1) Good (1)

#1- Is that what should be there?

Yes :)
#2- I was just thinking that if this was a "False / Positive" it would be removed from the "definitions" for the next download so that it would not be 'picked-up' in the future as an 'exception,' by all those using MB with their new Win7 computers (such as I). I guess that was not done (or couldn't be done) in this instance. Is that so?

Yes, in this instance the detection must remain in the definitions because it is checking the settings of that particular security policy, something that malicious software to this day does alter. At the very least the detection must remain there for XP for as long as it is supported.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.