Registry infected by Broken.OpenCommand

[Rocky]

Hi all,

just updated to release 1.28 (MBAM free version without real time protection) and after a quick scan I've found this infected element (never found before):

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> No action taken.

Since I don't know if it is a real issue or a false positive I've not quarantined this element, which could be necessary to the system (who knows?)

Is it something which will be fixed in the next future, or it is something to pay attention to?

Thanks in advance for any helps

[nosirrah]

This was registry data we modified in the past in a way that while worked just fine , it was not the way windows installs it by default .

All that this is , is a one time fix to make this data 100% correct .

The reason we did not notice this error before was that the error did not cause any problems .

This is more of a correction than a fix as nothing was actually broken .

[Rocky]

This was registry data we modified in the past in a way that while worked just fine , it was not the way windows installs it by default .

All that this is , is a one time fix to make this data 100% correct .

The reason we did not notice this error before was that the error did not cause any problems .

This is more of a correction than a fix as nothing was actually broken .

Thank you for your quick answer.

I've already quarantined/deleted and at the reboot the problem was solved (key registry data corrected at the original value).

Thanks again for your help

Cheers

Rocky

[jd123]

Sorry, I'm sort of a noob when it comes to these sorts of things. I've found this as well as Broken.SecurityProviders, which I've fixed, but should I just delete this one or what?

Thanks

[melboy]

Sorry, I'm sort of a noob when it comes to these sorts of things. I've found this as well as Broken.SecurityProviders, which I've fixed, but should I just delete this one or what?

Clicking remove selected removes (on re-boot) the "bad" and replaces it with the "good" therefore "fixing" it. (i think )

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> No action taken.

[Raid]

Clicking remove selected removes (on re-boot) the "bad" and replaces it with the "good" therefore "fixing" it. (i think )

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> No action taken.

That's the general idea yes.

[baos]

I have this same issue, I did the fix, and after every reboot I do a scan and there it is back again. It looks harmless.. just want to make sure it's not part of something bigger.

[RSN]

I'm sorry to bump an old topic, but I just downloaded malware bytes and ran a quick scan and I got a similar message in the log file

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Is this something I should worry about? I'm not very good with computers so I figured it would be best to ask before i take any action and possibly ruin my computer. Thank you in advance

[exile360]

Greetings RSN and welcome to Malwarebytes

It's nothing to worry about and you can safely have Malwarebytes' Anti-Malware remove the issue to correct it.

If you need anything else please post.

Thanks

[RSN]

Greetings RSN and welcome to Malwarebytes

It's nothing to worry about and you can safely have Malwarebytes' Anti-Malware remove the issue to correct it.

If you need anything else please post.

Thanks

Thank you very much for the quick reply and the warm welcome! I feel much better now that I know it is safe to remove

If I come across any other issues I will make sure to post them (next step will be the full scan), thank you again exile360

[exile360]

You're very welcome

[BretMan]

You're very welcome

I have to ask because I'm still not clear on what to do having read all the posts. I'm getting the "Bad" version when I scan then Removing, then rebooting, then a re-scan shows it's still there. The last post says it's safe to remove - but it won't remove. So what should I do and how do I remove it definitively?

Many thanks,

Bret

[malware destroyer]

i had the same problem i removed it and rebooted and then did another scan and it found it so i just ignored it i did start a post as i was not sure about it but this just confirms that its nothing to worry about

[exile360]

If you have any Iolo security or tune-up products installed they set the policy this way and if Malwarebytes' Anti-Malware sets it back to default, they will set it back after a reboot. In cases such as this the detection should be ignored.

[malware destroyer]

yeah i do have an Iolo product so i thought that was the problem so as you said i did ignore it

[Bytiebytie]

If you have any Iolo security or tune-up products installed they set the policy this way and if Malwarebytes' Anti-Malware sets it back to default, they will set it back after a reboot. In cases such as this the detection should be ignored.

I don't understand, yet. I use Iolo's System Guard - as part of System Mechanic - which detects system registry changes. If I get it right, this "broken.opencommand" line has to go. Malwarebytes does that. Now, will Iolo bring it back? That's not right, is it?

Should I disable Iolo's System Guard now for the next restart in order to keep the registry line 'broken.opencommand' deleted?

By the way, System Guard didn't come with a warning after Malwarebytes fixed the registry for me.

[exile360]

Iolo sets this registry value to a non-default setting, I believe it does so to prevent certain files from being executable, normally .reg files as I recall, which would normally allow you to import registry changes, by altering the default, Iolo makes it so they only open with Notepad as text files instead, thus preventing modification of the Windows registry this way. The reason they do it, I believe, is to prevent malicious tampering with the registry by reg files that can be used by infections in some cases.

Malwarebytes' Anti-Malware wants to set it back to the Windows default because there are also infections that will actually make this same modification to prevent using .reg files to repair malicious changes to the registry.

I believe there is a setting somewhere in System Mechanic itself to leave this registry setting in its default state instead of changing it, but it has been years since I've used System Mechanic.

[nobby]

I believe there is a setting somewhere in System Mechanic itself to leave this registry setting in its default state instead of changing it, but it has been years since I've used System Mechanic.

I'm new here and I like Malwarebytes so much I bought it! I'm having the same problem with system mechanic. My contract expires in two months--what would you suggest I replace it with?

[exile360]

Honestly, I don't personally use much in the way of tuning software. Just the built in Windows Disk Defragmenter on occasion but I do use CCleaner pretty regularly to remove temp files and such, but I don't touch the Registry component of it because I've seen to many things go wrong with registry cleaners and have never seen a measurable benefit from their use.

I don't know what version of System Mechanic you're currently using, but if you have the Pro version, it does include antivirus so you'll need to replace that.

The following are my personal recommendations for antivirus protection along with links to downloads for them (free trials for those that require a purchase so you can try them before deciding):

• Kaspersky (free 30 day trial) The official support forum for this product can be found here
  
• Avira Antivir (free for home use) The official support forum for this product can be found here
  
• Microsoft Security Essentials (free for home use) The official support forum for this product can be found here
  

Note: If you decide to use one of the trial versions of one of the paid antiviruses then you will either need to purchase it or uninstall it completely and install a replacement antivirus before the trial expires so that your PC is not left unprotected.

Also note that if using the PRO version of Malwarebytes' Anti-Malware with your antivirus in realtime that it is generally a good idea to exclude Malwarebytes' files from your antivirus to avoid conflicts. The FAQ contains examples of setting file exclusions for some known AV products.