Jump to content

MBAM vs McAfee or Dell PC Tuneup

TB1RedShoe
 Share

Recommended Posts

TB1RedShoe

TB1RedShoe

Posted
Posted

Good Evening,

Well, for this past week I've been contending with MBAM scan results informing me there are 2 infections in the registry. So, I see the scan results (once they're finished)...click on remove selected...and up pops McAfee Security Center SystemGuards (Windos Shell Open Commands) asking me allow/block MBAM...I choose allow. MBAM says everything was quarantined/removed successfully, yet I now have to restart the computer...which I do. A few hours later the same 2 infections reappear in the registry (via MBAM scan).

I brought this to the attention of JeanInMontana (over at Malware Removal - HighJackThis). She informed me this is NOT actually malware, but rather an issue of MBAM trying to change a registry key back to its original factory settings, however, my computer is blocking the change/changing it back (we're both baffled as to why).

As per her suggestion I reconfigured McAfee Security Center so it does NOT pop up when MBAM tries to make changes (immediately following after the scan), yet it still has NOT done the trick (as I still get the same MBAM infection alert a few hours later...once I rerun a MBAM scan).

Does anyone on these boards know of a sudden conflict between MBAM or McAfee Security Center or Dell PC Tuneup. I've had this computer for about 2 months (no problems untill now), yet as of a week ago I keep getting these same 2 infections showing up in MBAM scans.

Any and all help would be GREATLY appreciated.

Here are, for example, two MBAM log files...

Malwarebytes' Anti-Malware 1.28

Database version: 1147

Windows 6.0.6001 Service Pack 1

9/13/2008 11:08:04 PM

mbam-log-2008-09-13 (23-08-04).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 115961

Time elapsed: 55 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

................................................................................

................................................................................

.

..................

Malwarebytes' Anti-Malware 1.28

Database version: 1151

Windows 6.0.6001 Service Pack 1

9/14/2008 3:01:19 PM

mbam-log-2008-09-14 (15-01-19).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 116125

Time elapsed: 1 hour(s), 0 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The thread I started over at Malware Removal - HijackThis Logs is "Registry Infections, Reoccuring Malware in registry" in case you want more info on this. Alas I can no longer recall the e-mail address under which I registered my Pro/Full version of MBAM, hence I'll check back here often (also people can send me PMs at this website).

I hope you are having more luck then I am,

Blondie

Link to post
Share on other sites
TB1RedShoe

TB1RedShoe

Posted
  • Author
Posted

Good Evening Nosirrah,

Well, to begin with, thank you ever so much for reading my post & reponding! (big hug)

So, if I understand you correctly (just as JeanInMontana had stated) this is NOT malicious (dangerous to my computer...ergo that it could lead to ID theft/electronic foul play), but rather a relatively small and benign matter? I noticed the bright RED 2 infections notice in the scan and immediately assumed the worst (and put ALL my internet transactions on hold).

"This is a one time correction MBAM is making to registry data se set incorrectly in the past." So, no big deal if this remains unresolved (and I keep getting the same 2 infection alerts in MBAM scans/logs)?

You need to understand, as you don't know me, that I'm somewhat naive in matters of computer programs (ergo software problems). I can neither read nor write code/script, hence I need my Obi Wan Kenobi to come through for me as well (why should he only help Princess Leah?).

I am all for MBAM fixing this (once and for all), yet it is not clear to me why this is not the case. I've had this computer (with the same software) for 2 months, but this problem has only started occuring as of this past week. Maybe someone knows of a sudden/new conflict between either MBAM and McAfee Security Center or MBAm and Dell PC Tuneup.

Any and all info and help is greatly appreciated,

Blondie

Link to post
Share on other sites
Vero44

Vero44

Posted
Posted

I think if you could list the installed programs (found in c:\Program Files) someone might spot the one holding off the registry change.

Here's a quick way:

Open notepad

Copy this and paste it into the notepad window:

dir c:\progra~1 > progs.txt

Save the file as listprgs.bat on your desktop

Double click the file to run it (make sure it's not called listprgs.bat.txt !!)

This should put a file called progs.txt on your desktop

Paste the contents of progs.txt back here

To the mods on this forum, please feel free to edit/dump this post if you feel I'm stepping on your toes. I think this may help find the lock on the reg change if there is one though.

Link to post
Share on other sites
TB1RedShoe

TB1RedShoe

Posted
  • Author
Posted

Good Afternoon Nosirrah, Jean, and Vero44,

So, many thanks to all of you for reading and responding to my post!

It was a great relief to me when Jean informed me that the 2 infections weren't actually malware (and Nosirrah confirmed as much). Thereafter I spent more time considering what could be getting in the way of MBAM (conclusion had to be either McAfee Security Center, which I had disabled, or Dell PC Tuneup).

I cannot swear to it, yet I believe Dell PC Tuneup is the program getting in the way of MBAM (a conflict between theses two programs on my computer). When I look in McAfee Security Center (Logs/Recent Events) I find that SystemGuards reports several times "allowed" change C:\Program Files\Dell\PC TuneUp\SMSystemAnalyzer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\commandnotepad.exe

So, armed with this info I tried to disable Dell PC TuneUp myself (turns out all I knew was how to uninstall). I called Dell Tech Support, told them about my problem, and asked them for assistance in disabling Dell PC TuneUp (they were very friendly & helpful). These changes took place last night, yet so far...no more problems/conflicts...no more infection notices (and constant switch backs) which leads me to believe that there is indeed a sudden conflict between MBAM and Dell PC TuneUp (no idea why though).

I am posting this information here so as to inform the developers (if this is happening to my computer then it can also happen to others). If someone can come up with a solution as to how to fix the conflict (either at MBAM's side or at Dell) great, yet, if not, no big deal for the time being.

I want to thank ALL of you for taking this matter seriously, your prompt replies, and any and all help which you have offered me. (Big Hug)

From the blonde German Girl who prefers technology that works flawlessly,

Blondie

Link to post
Share on other sites
TB1RedShoe

TB1RedShoe

Posted
  • Author
Posted

Good Afternoon Jean,

Yes, I'm sure Dell PC TuneUp did what it did "with the best interest in mind," yet the results were frustrating nonetheless. I spoke, at length, with Dell Tech Support America (Texas?) and the representative said the same thing.

It has been 48 hours (ran six MBAM scans) and no infections.

In either case...

I think these boards/forums are great!

Thank you again for all your help,

Blondie

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.