Jump to content
Hardhead

(Hijack.DisplayProperties)

Recommended Posts

Well, another "victim" here. Fresh Windows 7 64 Bit install. No "changing desktop pictures" or anything (I only replaced the default picture with a unicolor).

While it might be accepted as a false positive for "malware experts", it did make me google for it to see what it is. I was wondering how in the world could anything have shown up on this box.

So while it probably doesn't need to be flagged as a critical false positive, it would be "newbie friendly" if it were somehow removed. As a free user, however, I'm not going to demand anything :-)

Share this post


Link to post
Share on other sites

Hi,

Can you forgive me for repeat this question, but at 11/29/2009, two days after begin this machine (Windows 7 Premium 64-Bit, IE8) Malwarebytes detect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.. I put it on ignore list. Today I restore it. It is a virus?

Thanks

Share this post


Link to post
Share on other sites

Hello ;)

It is not an actual infection, but instead a non-default setting that is often altered by actual infections, however, in Windows Vista and Windows 7 Microsoft changed the default setting to the opposite of what it was in XP so on Vista and Windows 7 systems (such as your own) this detection should be ignored :lol: .

If you need anything else please post.

Thanks :o

Share this post


Link to post
Share on other sites

I am aware that only staff are the only ones that should reply to these threads but I won't be the first member.

Anyway, I can confirm that this affects Windows 7 Ultimate x64 as well. I personally ignored it.

Share this post


Link to post
Share on other sites

You guys should make MBAM not detect it on 64bit systems because it's not a real detection. my 64 bit Vista system had this and MBAM was the 3rd program I had installed.

Share this post


Link to post
Share on other sites

I have Windows 7 Pro 64-bit and it was upgraded from Windows 7 Home 64-bit.

I found the HIJACK.DISPLAYPROPERTIES in the results of a MBAM scan. I did the scan because my laptop was slow and freezing all the time. It was a full scan, because I was hoping to find an answer to my problem. I considered re-installing (not upgrading, wiping out) but quit with the power button because I realised that Sony had installed software that you couldn't get anywhere else, and I liked it. Is this my answer? (I think not.) Anyway, please do help! :welcome:

Share this post


Link to post
Share on other sites
I have Windows 7 Pro 64-bit and it was upgraded from Windows 7 Home 64-bit.

I found the HIJACK.DISPLAYPROPERTIES in the results of a MBAM scan. I did the scan because my laptop was slow and freezing all the time. It was a full scan, because I was hoping to find an answer to my problem. I considered re-installing (not upgrading, wiping out) but quit with the power button because I realised that Sony had installed software that you couldn't get anywhere else, and I liked it. Is this my answer? (I think not.) Anyway, please do help! :welcome:

Oh, nevermind! Wrong forum.

Share this post


Link to post
Share on other sites

I have Windows 7 Pro 64-bit and it was upgraded from Windows 7 Home 64-bit.

I found the HIJACK.DISPLAYPROPERTIES in the results of a MBAM scan. I did the scan because my laptop was slow and freezing all the time. It was a full scan, because I was hoping to find an answer to my problem. I considered re-installing (not upgrading, wiping out) but quit with the power button because I realised that Sony had installed software that you couldn't get anywhere else, and I liked it. Is this my answer? (I think not.) Anyway, please do help! :welcome:

Share this post


Link to post
Share on other sites

Hullo,

I've just purchased a new laptop with Windows Home Premium 7, and received the Hijack.Display.Properties alert when I ran MBAM on it the first time. Is it safe to ignore the detection on my (evidently) 32-bit version of the OS? Everyone else who has had the problem seems to have the 64-bit version, and I don't know if that makes a difference.

Thanks in advance for your help.

Share this post


Link to post
Share on other sites

Yes, you can safely ignore this detection, it is normal for both 32 bit and 64 bit versions of Windows Vista and Windows 7 :) .

Share this post


Link to post
Share on other sites

Thanks Exile 360 for the fix! Just got new laptop with Win7 Home Premium and downloaded Malwarebytes and ran scan and got the infection notice. In my haste I deleted the file without doing any research on it. You see the name hijack in the name and you want to get rid of this thing in a hurry!! Anyways I ran your batch, did a quick scan and got the infection notice again and hit ignore. Thanks again for your help!!

Share this post


Link to post
Share on other sites

I am also having the same problem on my windows 7, 64 bit PC.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

What do I do with it, should I delete it , ignore it?

To be precise, here the complete scan:

Malwarebytes' Anti-Malware 1.44

Database version: 3681

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/2/2010 7:22:16 PM

mbam-log-2010-02-02 (19-22-13).txt

Scan type: Full Scan (C:\|)

Objects scanned: 196047

Time elapsed: 20 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Greetings Slava12 :)

Since this is the default setting in Windows 7 x64, you should click once on the item when it is detected in your Malwarebytes' scan to highlight it and then click on Ignore.

If you need anything else just post.

Thanks :)

Share this post


Link to post
Share on other sites

Thank you!!!!!! :)

Greetings Slava12 :)

Since this is the default setting in Windows 7 x64, you should click once on the item when it is detected in your Malwarebytes' scan to highlight it and then click on Ignore.

If you need anything else just post.

Thanks :)

Share this post


Link to post
Share on other sites

One more question!

Do I need to make a Restore point? Some of the malware I picked up could have been saved in System Restore. Since this is a protected directory my tools cannot access to delete these files, they sometimes can reinfect a system if I accidentally use an old restore point. Setting a new restore point AFTER cleaning my system will help prevent this and enable my computer to "roll-back" to a clean working state. What do you think?

Share this post


Link to post
Share on other sites

System Restore is useful for many things, but more often than not, using System Restore does not undo much of the damage done by infections nor does it always clean existing infections, even if you use a restore point that was made when the computer was clean. However, to create a restore point which can still be useful for undoing changes you have made to your system or problems with programs you may do the following:

Note: These instructions apply to Windows Vista but they should also work with Windows 7:

  • Click on the Start vista-7-start.png button then right-click on Computer and select Properties
  • Click on System protection on the left pane and click Continue at the User Account Control Prompt
  • Click on the drive that Windows is installed on (this is usually C:)
  • Click on the Create... button on the lower right
  • In the Create a restore point box type a name for your restore point and press Enter
  • Wait for it to finish and once the box pops up saying The restore point was created successfully click the OK button then click on OK on the System Properties window to close it

Share this post


Link to post
Share on other sites

So, then I guess I shouldn't use a restore point for now!

Thank you so much for a direction re: Restore point!!!!!!!!

:)

System Restore is useful for many things, but more often than not, using System Restore does not undo much of the damage done by infections nor does it always clean existing infections, even if you use a restore point that was made when the computer was clean. However, to create a restore point which can still be useful for undoing changes you have made to your system or problems with programs you may do the following:

Note: These instructions apply to Windows Vista but they should also work with Windows 7:

  • Click on the Start vista-7-start.png button then right-click on Computer and select Properties
  • Click on System protection on the left pane and click Continue at the User Account Control Prompt
  • Click on the drive that Windows is installed on (this is usually C:)
  • Click on the Create... button on the lower right
  • In the Create a restore point box type a name for your restore point and press Enter
  • Wait for it to finish and once the box pops up saying The restore point was created successfully click the OK button then click on OK on the System Properties window to close it

Share this post


Link to post
Share on other sites

You're welcome :)

If at some point you do suspect that you are infected then please follow the instructions posted here and post the resulting logs into a new topic here and you will receive free assistance with cleaning up your computer :) .

Should you have any more general computer questions then please post them here and if you have questions directly related to Malwarebytes' Anti-Malware please post them here

A good reference for how to use Malwarebytes' Anti-Malware along with lists of common issues and their solutions can be found here.

Share this post


Link to post
Share on other sites

Thanks!!

still got one little question!!!

Since, I have uninstalled BitSpirit, and it is not shows on any scan, and the second entry I had MBAM as a False positive, do i really need to do Restore point?

Nope, system restore isn't exactly works per direcrtion as for Vista, but I kind of figured out where to do it on my PC.

Thanks

System Restore is useful for many things, but more often than not, using System Restore does not undo much of the damage done by infections nor does it always clean existing infections, even if you use a restore point that was made when the computer was clean. However, to create a restore point which can still be useful for undoing changes you have made to your system or problems with programs you may do the following:

Note: These instructions apply to Windows Vista but they should also work with Windows 7:

  • Click on the Start vista-7-start.png button then right-click on Computer and select Properties
  • Click on System protection on the left pane and click Continue at the User Account Control Prompt
  • Click on the drive that Windows is installed on (this is usually C:)
  • Click on the Create... button on the lower right
  • In the Create a restore point box type a name for your restore point and press Enter
  • Wait for it to finish and once the box pops up saying The restore point was created successfully click the OK button then click on OK on the System Properties window to close it

Share this post


Link to post
Share on other sites

No, since all that is showing now is the Hijack.DisplayProperties there's no need to create a restore point :) . I'm glad to hear you uninstalled BitSpirit as well, peer-to-peer file sharing software such as Bittorrent clients (like BitSpirit) are one of the most common ways users get infected these days.

Share this post


Link to post
Share on other sites

:)

Yes, you can safely ignore this detection, it is normal for both 32 bit and 64 bit versions of Windows Vista and Windows 7 :) .

SOOO, I'm not sure I really understand.

I am running Windows 7 Premium x64 on a new Sony Laptop. I came up with the same message. So do i remove it or just ignore it. Why would you still tag this as something that should be ignored and after all this time would MS not have fixed Vista or 7. It just is strange that you, the best there is, would still flag this as malicious?

Share this post


Link to post
Share on other sites

Greetings LarryM and welcome :)

You should have Malwarebytes' Anti-Malware ignore this detection. The reason it gets detected and should continue to be detected is the same reason that Microsoft changed the default setting.

You see, often times malware will install and change the user's desktop background using what's called Active Desktop, which allows you to use an actual webpage as your desktop background. It's a neat feature but when malware uses it it can have dire consequences. For example, when a rogue/fake antivirus installs and places a message on your desktop that's actually a live webpage saying you're infected and every time you click on your desktop it takes you to their website and tries to download malicious software to your system and/or tries to get you to pay for their fake security software. When malware does this it will often change that very setting in the registry which prevents the user from removing the webpage and changing their background back to normal.

This is the very reason this detection exists, so that when this policy has been altered, Malwarebytes' Anti-Malware can fix it. It is also the reason that this setting was changed in Vista and Windows 7 by Microsoft, to preempt malware from altering the user's desktop by setting up a malicous website as their desktop background.

The only possible solution I can currently see would be for Malwarebytes' Anti-Malware to detect the OS that it's running on and automatically ignore this particular setting if it detects Windows Vista or Windows 7 but I'm not one of the developers so I don't know how difficult that would be or if it is even possible.

Anyway, thank you for the comments and I hope I've adequately answered your query. If you need anything else please post.

Thanks :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.