False Positive - Registry Item

[JohnLogan]

Hi,

I'm using the free MBAM 1.44 on Win7 64bit.

I always get what seems like a false positive, please take a look at it, can it be removed from the database please ?

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [99D040AEE155C12EB025D41F2DD365C3]

Greetings,

J.Logan.

[TeMerc]

This is not a false positive.

It is a setting that malware commonly makes and we need to detect it.

Add it to your ignore list.

[mldavis2]

This is not a false positive.

It is a setting that malware commonly makes and we need to detect it.

Add it to your ignore list.

As a follow-up, I am using 1.44 (3777) and also received a similar registry warning:

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties)

I am using a video card control program that allows enhanced control of video parameters by (I assume) modifying the driver and enabling individual profiles for specific programs. It would stand to reason (my reason ...) that this 'could' be seen my MBAM as malware. Here are the details:

Win7 Home Premium (6.1.7600)

nVidia 9800GTX+ card with 196.21 drivers (WHQL)

nHancer 2.5.7

No other warnings found during a quick scan.

[TeMerc]

These can both be added to ignore.

Please see the link below for an explanation:

http://www.malwarebytes.org/forums/index.p...c=12624&hl=