Jump to content
Hardhead

(Hijack.DisplayProperties)

Recommended Posts

Hello Bruce and Dustin,

I know this is place for malware to hide and thought I would post for others to see since its a new location.

This is on new notebook Vista Ultimate 64bit.

I will whitelist the entrie. Correct me if I'm wrong please.

Malwarebytes' Anti-Malware 1.30

Database version: 1414

Windows 6.0.6001 Service Pack 1

11/21/2008 2:39:56 AM

mbam-log-2008-11-21 (02-39-53).txt

Scan type: Quick Scan

Objects scanned: 43184

Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Interesting, I'm on Vista Ultimate x64 and have never seen this detection with an MBAM scan. I'll have to run a quick scan when I get home (currently at work) and see what I come up with. I'll post back and let you know.

edit: Just got home, updated to database 1414 and did a quick scan. Mine came back with the same result.

Malwarebytes' Anti-Malware 1.30

Database version: 1414

Windows 6.0.6001 Service Pack 1

11/21/2008 11:08:10 AM

mbam-log-2008-11-21 (11-08-04).txt

Scan type: Quick Scan

Objects scanned: 36814

Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hey Hardhead, are you using dreamscene? I am and was wondering if maybe that was causing it. I don't see why it would but who knows. I can't scan again now as I'm at work, but I will turn off dreamscene when I get home and give MBAM another go and see what happens.

Share this post


Link to post
Share on other sites
Hey Hardhead, are you using dreamscene? I am and was wondering if maybe that was causing it. I don't see why it would but who knows. I can't scan again now as I'm at work, but I will turn off dreamscene when I get home and give MBAM another go and see what happens.

Hello exile360,

Yes I do have all components of DreamScene installed.

Share this post


Link to post
Share on other sites

It is a new restriction correction , one that seems to be disabled on Vista by default .

For now whitelist it and I will look into whitelisting it for Vista only in defs .

Share this post


Link to post
Share on other sites
It is a new restriction correction , one that seems to be disabled on Vista by default .

For now whitelist it and I will look into whitelisting it for Vista only in defs .

Thanks Bruce :D

I whitelisted after I posted.

This is only in Vista 64bit for me.

Share this post


Link to post
Share on other sites

I also have a new laptop with Vista 64 bit. Today I updated Malwarebytes and ran a scan. Now receiving the same message.

Malwarebytes' Anti-Malware 1.31

Database version: 1607

Windows 6.0.6001 Service Pack 1

1/3/2009 9:05:58 PM

mbam-log-2009-01-03 (21-05-25).txt

Scan type: Quick Scan

Objects scanned: 43466

Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I ran Windows Defender and it did not discover anything. My desktop and computer are running fine. Can I add this to ignore list? Is this still a problem since November for Vista 64 bit?

Thanks.

Share this post


Link to post
Share on other sites

Hi

I didnt realise this was a false positive, when malwarebytes flagged it has an infection, how do i put the registry key back as it should be?

thanks

Share this post


Link to post
Share on other sites

This isn't a false positive. If it was a program that set that and you would like to restore it, in the quarantine click restore.

Share this post


Link to post
Share on other sites
This isn't a false positive. If it was a program that set that and you would like to restore it, in the quarantine click restore.

seems from earlier post in the thread that it is?, I thought it was a little odd getting anything come in mwb, as it was a fresh install, and had not been on the internet, cept to get latest windows updates

I have heard you can get infected while getting these updates so i let mwb sort out the problem

The only problem is, if it is a false positive, I went in to the quarantine folder, but it is not in there, so i can not just restore it

so basically im asking if this is definately a false positive, i just need to know what to put back in my registry, "Im not good when it comes to the registry"

I am on vista 64

heres log from day i installed vista, I ran anti virus progs before i made a disk image

Malwarebytes' Anti-Malware 1.31

Database version: 1571

Windows 6.0.6000

29/12/2008 23:05:31

mbam-log-2008-12-29 (23-05-31).txt

Scan type: Quick Scan

Objects scanned: 38554

Time elapsed: 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

If malware disabled it then its a legit correction .

If its disabled intentionally then its obviously something to whitelist (people without Vista64 can disable this for legit reasons and we will detect it so its not just a V64 thing) .

It comes down to fixing it for the noob that does not know how to on their own after an malware cleanup or an advanced user being happy that they don't have to white list a single entry .

We choose to help the noob and keep in mind that there is no way to tell how it got disabled , only that it is .

We may add a 64 bit detection switch at some point , but there are already major projects in the works that will help millions .

You should also note that malware , adware , trojan , rootkit , spyware or any other malicious term is not used here . I am sure that Hijack.Displayproperties is named well enough to male it clear that display properties is modified , not a rootkit or other actual malware component .

Share this post


Link to post
Share on other sites

I'm the ultimate defintion of a noob. Just set up a new PC with 64 bit today. Ran a scan at the start and zero infections, now the same ones being discussed here are showing up in my last scan of the night.

I am new to MWB too, we got this new computer after the old one got totally infested (before I had heard about MWB).

Do I ignore both of the infections below?

Thanks!

Database version: 1640

Windows 6.0.6001 Service Pack 1

1/11/2009 12:24:32 AM

mbam-log-2009-01-11 (00-24-26).txt

Scan type: Quick Scan

Objects scanned: 47467

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Sorry, it won't let me edit my first post. I also ran a full Norton scan and it showed zero infections.

Share this post


Link to post
Share on other sites

I had the same thing happen but I deleted it

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Should I put it back in?

thanks

Share this post


Link to post
Share on other sites

If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

Share this post


Link to post
Share on other sites
If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

I had the same thing happen and deleted it also..now of course I can't restore it..its not in quarantine..do I just not worry about it..thanks..

Share this post


Link to post
Share on other sites
I had the same thing happen and deleted it also..now of course I can't restore it..its not in quarantine..do I just not worry about it..thanks..

Actually, if you're somewhat comfortable with the registry then you can navigate to here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

and change it back to 1 instead of 0 (this is assuming you're running Vista, if XP then Malwarebytes' simply set it to it's normal default).

Share this post


Link to post
Share on other sites
If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

I did the same "Quarantined and deleted successfully."

Share this post


Link to post
Share on other sites

You can restore it safely (assuming you're running Vista x64). Just go to the Quarantine tab and select that entry then click on Restore.

Share this post


Link to post
Share on other sites
You can restore it safely (assuming you're running Vista x64). Just go to the Quarantine tab and select that entry then click on Restore.

There is nothing in quarantine to select...because I deleted it ...so I can't restore it that way..Is it ok just to leave it the way it is..thanks...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.