Jump to content

(Hijack.DisplayProperties)


Hardhead
 Share

Recommended Posts

Hello Bruce and Dustin,

I know this is place for malware to hide and thought I would post for others to see since its a new location.

This is on new notebook Vista Ultimate 64bit.

I will whitelist the entrie. Correct me if I'm wrong please.

Malwarebytes' Anti-Malware 1.30

Database version: 1414

Windows 6.0.6001 Service Pack 1

11/21/2008 2:39:56 AM

mbam-log-2008-11-21 (02-39-53).txt

Scan type: Quick Scan

Objects scanned: 43184

Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Replies 141
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Interesting, I'm on Vista Ultimate x64 and have never seen this detection with an MBAM scan. I'll have to run a quick scan when I get home (currently at work) and see what I come up with. I'll post back and let you know.

edit: Just got home, updated to database 1414 and did a quick scan. Mine came back with the same result.

Malwarebytes' Anti-Malware 1.30

Database version: 1414

Windows 6.0.6001 Service Pack 1

11/21/2008 11:08:10 AM

mbam-log-2008-11-21 (11-08-04).txt

Scan type: Quick Scan

Objects scanned: 36814

Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hey Hardhead, are you using dreamscene? I am and was wondering if maybe that was causing it. I don't see why it would but who knows. I can't scan again now as I'm at work, but I will turn off dreamscene when I get home and give MBAM another go and see what happens.

Hello exile360,

Yes I do have all components of DreamScene installed.

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...

I also have a new laptop with Vista 64 bit. Today I updated Malwarebytes and ran a scan. Now receiving the same message.

Malwarebytes' Anti-Malware 1.31

Database version: 1607

Windows 6.0.6001 Service Pack 1

1/3/2009 9:05:58 PM

mbam-log-2009-01-03 (21-05-25).txt

Scan type: Quick Scan

Objects scanned: 43466

Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I ran Windows Defender and it did not discover anything. My desktop and computer are running fine. Can I add this to ignore list? Is this still a problem since November for Vista 64 bit?

Thanks.

Link to post
Share on other sites

This isn't a false positive. If it was a program that set that and you would like to restore it, in the quarantine click restore.

seems from earlier post in the thread that it is?, I thought it was a little odd getting anything come in mwb, as it was a fresh install, and had not been on the internet, cept to get latest windows updates

I have heard you can get infected while getting these updates so i let mwb sort out the problem

The only problem is, if it is a false positive, I went in to the quarantine folder, but it is not in there, so i can not just restore it

so basically im asking if this is definately a false positive, i just need to know what to put back in my registry, "Im not good when it comes to the registry"

I am on vista 64

heres log from day i installed vista, I ran anti virus progs before i made a disk image

Malwarebytes' Anti-Malware 1.31

Database version: 1571

Windows 6.0.6000

29/12/2008 23:05:31

mbam-log-2008-12-29 (23-05-31).txt

Scan type: Quick Scan

Objects scanned: 38554

Time elapsed: 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

If malware disabled it then its a legit correction .

If its disabled intentionally then its obviously something to whitelist (people without Vista64 can disable this for legit reasons and we will detect it so its not just a V64 thing) .

It comes down to fixing it for the noob that does not know how to on their own after an malware cleanup or an advanced user being happy that they don't have to white list a single entry .

We choose to help the noob and keep in mind that there is no way to tell how it got disabled , only that it is .

We may add a 64 bit detection switch at some point , but there are already major projects in the works that will help millions .

You should also note that malware , adware , trojan , rootkit , spyware or any other malicious term is not used here . I am sure that Hijack.Displayproperties is named well enough to male it clear that display properties is modified , not a rootkit or other actual malware component .

Link to post
Share on other sites

I'm the ultimate defintion of a noob. Just set up a new PC with 64 bit today. Ran a scan at the start and zero infections, now the same ones being discussed here are showing up in my last scan of the night.

I am new to MWB too, we got this new computer after the old one got totally infested (before I had heard about MWB).

Do I ignore both of the infections below?

Thanks!

Database version: 1640

Windows 6.0.6001 Service Pack 1

1/11/2009 12:24:32 AM

mbam-log-2009-01-11 (00-24-26).txt

Scan type: Quick Scan

Objects scanned: 47467

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I had the same thing happen but I deleted it

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Should I put it back in?

thanks

Link to post
Share on other sites

  • Staff

If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

Link to post
Share on other sites

If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

I had the same thing happen and deleted it also..now of course I can't restore it..its not in quarantine..do I just not worry about it..thanks..

Link to post
Share on other sites

  • Staff
I had the same thing happen and deleted it also..now of course I can't restore it..its not in quarantine..do I just not worry about it..thanks..

Actually, if you're somewhat comfortable with the registry then you can navigate to here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

and change it back to 1 instead of 0 (this is assuming you're running Vista, if XP then Malwarebytes' simply set it to it's normal default).

Link to post
Share on other sites

If you are running Vista then this is a false positive and should be added to the Ignore List. Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings. If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

I did the same "Quarantined and deleted successfully."

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.