Jump to content

Start_ShowRun (Hijack.StartMenu)

conte rules

By conte rules
in File Detections

 Share

Recommended Posts

conte rules

conte rules

Posted
Posted

Hi, I get this result on my laptop which runs Vista premium but not on my desktop which runs the same OS. I am not sure if it is a FP but I can avoid getting this "infection" detected if I allow run in the start menu. I am worried however as to why it happens on one pc but not another.

Malwarebytes' Anti-Malware 1.14

Database version: 819

11:23:17 PM 6/3/2008

mbam-log-6-3-2008 (23-23-14).txt

Scan type: Quick Scan

Objects scanned: 31555

Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

There is a common infection that is hijacking this component and this will correct that problrm .

We cant tell if run has been hidden intentionally .

Right click the entry and tell MBAM to ignore it , you wont see it again in scan results .

Link to post
Share on other sites
conte rules

conte rules

Posted
  • Author
Posted
There is a common infection that is hijacking this component and this will correct that problrm .

We cant tell if run has been hidden intentionally .

Right click the entry and tell MBAM to ignore it , you wont see it again in scan results .

Correct me if I'm wrong but I believe the default in Vista is for run to not be on the start menu.

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

The problem is that in XP its not and access is removed by this infection .

We have removed several of the less important ones from defs and this may be another that I consider .

At some point we are adding a tool to correct multiple windows issues both related and unrelated to malware damage and some of these will be moved to that tool .

I am going to ask our coder if I can have the ability to add a , XP flag to this def form to allow filtering by OS , that would also fix this issue .

Link to post
Share on other sites
conte rules

conte rules

Posted
  • Author
Posted
The problem is that in XP its not and access is removed by this infection .

We have removed several of the less important ones from defs and this may be another that I consider .

At some point we are adding a tool to correct multiple windows issues both related and unrelated to malware damage and some of these will be moved to that tool .

I am going to ask our coder if I can have the ability to add a , XP flag to this def form to allow filtering by OS , that would also fix this issue .

Thanks for your speedy replies. I am notoriously careful about what I install on my machine so I was very worried for a while. I am still wondering as to why this "infection" does not appear on my desktop computer which runs the same OS and has the default Vista start menu like my laptop does.

I will take a look at this further tonight when I have access to both computers.

Thanks again.

Link to post
Share on other sites
conte rules

conte rules

Posted
  • Author
Posted

okay I think I figured out the problem. On my laptop I had the "recent items" button removed on the start menu. My desktop had it and after I disabled it I got the same "infection" with MBAM. Strange but I'm sure it's a FP now.

Apparently it only detects it if you have removed the recent items list as well (which I do)

Link to post
Share on other sites
  • 2 years later...
DrummerCT1

DrummerCT1

Posted
Posted

I had the same experience of MBAM showing "Hijack.StartMenu" as an infection, which I then had it remove. Subsequently I came across this forum and thread. Can someone explain the effect of removing this? Does it impact any functions of the XP Pro Start menu? If so, in what way(s)? I thought from the above comments that this might be a False Positive and was likely to be removed from the MBAM definitions (was it removed from the definitions? I'm using current definition).

Link to post
Share on other sites
DrummerCT1

DrummerCT1

Posted
Posted
If there are missing start menu items this will put them back as there is no way to tell the difference between malware and user modifications.

If you have disabled them yourself please use the ignore function.

Thanks for getting back to me so quickly! I've not adjusted the Start menu in ages (as in a couple of years ago or so). Am I correct that having MBAM remove the registry entry, which is what I did, simply resets the Start Menu's general capabilities?

Link to post
Share on other sites
  • 2 months later...
Veret

Veret

Posted
Posted

Sorry to bump this thread again, but after reading the responses here and the various FAQs on the rest of the site I still have some questions (below). I was hit with an unpleasant mess of malware yesterday, and after cleaning most of it up with a system restore I'm in the process of rooting out any junk that may still be lurking on my various hard drives. Malwarebytes was recommended to me as an excellent on-demand scanner, which is how I found myself here.

I've run a full system scan and got results identical to what conte describes here (I can post a log, but it's not in dev mode). If someone could please answer me these questions three, I would be most grateful:

1) The scan says something's up with my registry data, but also that it's "good." Was there ever a problem here?

2) If so, was it fixed? "No action taken" doesn't exactly fill me with confidence. And finally...

3) If Malwarebytes, Spybot, and AVG all give me clean scans, is my computer officially de-borked? I gather this one's a little harder to answer, but I'd be happy with responses to just 1 & 2.

Thanks in advance!

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

1, Bad shows what is there that should not be, good shows what will be there if you allow the fix. Keep in mind that these settings can be changed intentionally and there is no way to tell if the user set these or if malware did. We list the modification and let the user make the call.

2. "No action taken" is exactly what it says, you did not allow the fix and nothing was changed. This will be displayed is someone does a scan and saves the log but does not have MBAM fix anything. Keep in mind that you can save a log and THEN select fix. If you do this "no action taken" will be displayed in the saved log you saved yourself but in the log saved by MBAM automatically will be the actions taken when you select remove.

3. There is not now nor will there ever be a way to answer this without expert inspection although each additional scanner that comes up clean does increase the likelihood that things are fixed. If this is the case AND there are no unusual things taking place with the system then you could at least say that it is likely that things are fixed.

Link to post
Share on other sites
Veret

Veret

Posted
Posted

Thanks for the reply; let me just make sure I'm absolutely clear here:

1) The scan is telling me that something/someone changed the default registry values for something in my start menu. I rarely mess with my start menu options and NEVER touch the registry, so this means that malware was involved.

2) "No action taken" means that Malwarebytes hasn't done anything yet, and selecting "remove" will return this registry data back to its default (thereby fixing the problem).

Did I get all that right?

Link to post
Share on other sites
lladnar

lladnar

Posted
Posted
1, Bad shows what is there that should not be, good shows what will be there if you allow the fix. Keep in mind that these settings can be changed intentionally and there is no way to tell if the user set these or if malware did. We list the modification and let the user make the call.

2. "No action taken" is exactly what it says, you did not allow the fix and nothing was changed. This will be displayed is someone does a scan and saves the log but does not have MBAM fix anything. Keep in mind that you can save a log and THEN select fix. If you do this "no action taken" will be displayed in the saved log you saved yourself but in the log saved by MBAM automatically will be the actions taken when you select remove.

3. There is not now nor will there ever be a way to answer this without expert inspection although each additional scanner that comes up clean does increase the likelihood that things are fixed. If this is the case AND there are no unusual things taking place with the system then you could at least say that it is likely that things are fixed.

Sorry for being thick here, but I'm not sure what you mean, Nosirrah. I have the same thing, with the result showing one infected "malicious software" file, by the "vendor" Hijack.Startmenu in my Registry. Malwarebytes tells me it's "good" and that it has taken no action. Should I leave that then? Nosirrah seems to suggest it's up to me whether to quarantine/delete that software. It is confusing, however: if my computer is deemed infected and this software is malicious, how can it be good? Also, what do you mean by "allow the fix"? Bottom line, what should I do, delete it or leave it? Many thanks.

Link to post
Share on other sites
  • 2 months later...
ccvortex

ccvortex

Posted
Posted

Windows 7 32bit, ran Malwarebytes earlier today and found this "infection" as well. However, I was stupid enough to trust this companies products and chose to "fix" it. After a reboot my OS failed to load. After another reboot my OS failed to load again. Panic gripped me because this is a work computer and my last backup was a week ago so I would have lost A LOT of work.

Fortunately I had just updated AVG which create a restore point so I used the system restore from the boot CD and now my OS is back to normal.

Am now uninstalling Malwarebytes and will be asking sales for my money back.

DO NOT "fix" this falsely reported hijack, and frankly stop using this product until this company can sort out what is an essential part of the OS and a hijack.

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted
Windows 7 32bit, ran Malwarebytes earlier today and found this "infection" as well. However, I was stupid enough to trust this companies products and chose to "fix" it. After a reboot my OS failed to load. After another reboot my OS failed to load again. Panic gripped me because this is a work computer and my last backup was a week ago so I would have lost A LOT of work.

Fortunately I had just updated AVG which create a restore point so I used the system restore from the boot CD and now my OS is back to normal.

Am now uninstalling Malwarebytes and will be asking sales for my money back.

DO NOT "fix" this falsely reported hijack, and frankly stop using this product until this company can sort out what is an essential part of the OS and a hijack.

Hiding or showing the start menu button is not related to booting in any way. There was more going on here and we could look into it if you post a scan log.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.