Jump to content
Hardhead

(Hijack.DisplayProperties)

Recommended Posts

I removed this before looking further into it. Is this going to cause a problem on my Vista 64 machine? Should I restore Hijack.DisplayProperties?

Thanks for your help!

Share this post


Link to post
Share on other sites

Hello ryantexas and welcome to Malwarebytes B)

It does no harm to your system to let Malwarebytes' Anti-Malware change this setting but if you wish to change it back to the default you can do so using the attached reg file, just extract it and double-click it and answer YES and OK to any prompts then perform another scan with Malwarebytes' Anti-Malware, select the entry when it is detected and click on Ignore Selected to add it to the Ignore List.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once that's done you may use the attached reg file:Restore_Hijack.DisplayProperties_x64.zip

If you require anything further please post.

Thanks B)

Share this post


Link to post
Share on other sites

I just read the last seven pages and there seems to be unanimous consensus that the Hijack.DisplayProperties "infection" should be ignored. I'm using Windows 7 Home Premium and Microsoft Security Essentials. I noticed the internet going slow on my laptop, so I checked MSE and it had stopped auto-updating. It would not finish a manual update. The laptop was uploading (on its own) 1.3-2.2Mbps constantly. I downloaded and ran MBAM, removed Hijack.DisplayProperties and restarted. I ran no other cleaning software. Hijack.DisplayProperties was the only infection detected. Internet now completely normal again. Updated MSE finds no infections.

How can this have happened if Hijack.DisplayProperties is a false positive and I had no other infections?

Share this post


Link to post
Share on other sites
I just read the last seven pages and there seems to be unanimous consensus that the Hijack.DisplayProperties "infection" should be ignored. I'm using Windows 7 Home Premium and Microsoft Security Essentials. I noticed the internet going slow on my laptop, so I checked MSE and it had stopped auto-updating. It would not finish a manual update. The laptop was uploading (on its own) 1.3-2.2Mbps constantly. I downloaded and ran MBAM, removed Hijack.DisplayProperties and restarted. I ran no other cleaning software. Hijack.DisplayProperties was the only infection detected. Internet now completely normal again. Updated MSE finds no infections.

How can this have happened if Hijack.DisplayProperties is a false positive and I had no other infections?

I am also wondering about this, as I just had an online game account hacked and the only malware detected by Malwarebytes was Hijack.DisplayProperties. I also ran AdAware and it didn't detect anything after Hijack.DisplayProperties was removed.

I understand that it's possible the software doesn't include the malware that's effecting my computer yet, but is it possible that Hijack.DisplayProperties is how my game account was keylogged?

Here is my log in case you are curious:

Malwarebytes' Anti-Malware 1.44

Database version: 3910

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

3/24/2010 8:53:30 PM

mbam-log-2010-03-24 (20-53-30).txt

Scan type: Full Scan (C:\|)

Objects scanned: 354402

Time elapsed: 52 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hello all. I am new to this forum and just had MBAM identify the same issue. I have read all of the pages and know that it is not a major issue. I will make this brief. Initially, I was running Windows XP 64 and got hit by something viral or malicious. My screen went black with nothing would work. I believe that it is called KSOD. Anyway, I was using PC Security Shield (Shield Deluxe 2009 V2) as my AV program. I updated/scanned religiously. So, I called the tech support and had some guy remote into my PC for about 4 hours. He was unable to do anything and just left the iYogi chat/remote session. No bye, call you back or anything. So I got pissed off and bought Windows 7 and swapped the HD in my pc. I installed 7 on my new HD and left the other HD mounted on my system. Once 7 was installed on my new HD, I installed Trend Micro Internet Security Pro. Updated and ran that. New HD was fine. I had it scan the old HD with XP 64 still on it and got "Blue Screened". It appears to do this when it hits a file with an extension similar to .......filelock.dll. Any suggestions? TIA

Share this post


Link to post
Share on other sites

I am having the same problem in my four months, updated Dell OEM Windows 7 HP system:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3935

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/31/2010 10:16:46 AM

mbam-log-2010-03-31 (10-16-46).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 200237

Time elapsed: 25 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [99D040AEE155C12EB025D41F2DD365C3]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I saw this issue is pretty old in this super long thread. Why hasn't this been resolved?

Share this post


Link to post
Share on other sites

I have Windows 7 64 bit. I have the hijack.display properties and it is hijacking my desktop and replacing it with a white blank desktop. I performed a scan and quantined the spam but I still have it. VIPRE found nothing wrong. Hijack replaced my desktop with a blank page from Magnetic from the Incredimail e-mail program. I wonder if there is a connection?

Share this post


Link to post
Share on other sites

I have been reading this entire thread plus other threads here on NoActiveDesktopChanges (Hijack.DisplayProperties) more information at MS here

Here's what I have got out of all of this, please correct me if I'm wrong :D

  1. General consensus is to select ignore on this found entry.
    If you have already "fixed" it and now want it back again (although unnecessary see Note1) run this registry attachment to restore the entry, allowing any UAC warning prompt. Then ignore any future updated Malwarebytes quick scan entries on this.
  2. Many times in this thread, many members (both support and the User) have asked (or referred to) for Malwarebytes to have some type of program update that either automatically ignores this entry (on Vista and Windows 7) or gives greater definition to the User to decide upon this action for themselves.

I wanted to state 2 very important concerns with both of these findings that have not been fully addressed.

Malwarebytes does not remove any file or change any setting, during or at the end of the updated quick scan.

This option is given to the User (by Malwarebytes) to then decide upon fixing all found entries.

The User should then take it upon themselves to either

  • Decide if all found entries are required to be fixed or ignored (ie some may be User settings that have been purposely placed in the registry (see Note2)
  • Create a new thread, and post the logs for support to help inform the User on what action to take (preferred)
  • Search Google or even here at Malwarebytes Forum to learn what these entries are specifically (see Note3)

Note1

I have found that on some systems this "Default" MS entry can cause issues on User's computers.

This may include:

  • Slow system performance
  • High CPU usage
  • Video or Audio driver issues

Therefore on these specific systems it is best to have Malwarebytes remove this entry.

I note that a number of members in this very thread have reported (some of) these issues, and after having Malwarebytes fix the issue it was resolved.

I note this is not conclusive as I myself do not know why this issue exists on some systems. But at least we know that fixing the entry does not do any harm. Therefore have Malwarebytes fix it.

Note2

There are literally hundreds of user entries that Malwarebytes might flag to be fixed.

As an example would be the 'Disable Security Center enabled warning' that some users have adjusted (either by support or themselves)

I note that users make these adjustments because things like MS warning boxes appear when their Windows starts up, and the alternative fix may be just to disable these default MS services entries.

Where the user would need to take it upon themselves to confirm their system is updated and secure.

Therefore Malwarebytes could not be expected to know all user personal settings, and the scan will display the entry to be fixed although not being required.

Note3

Malwarebytes should not have these entries removed from subsequent future program updates, ie they are useful.

Malwarebytes could not possibly reference every single entry found in the world and give full definition on what to do. This should be done by either an online support forum (ie here) Or by the user themselves searching Google and this forum on what best action to take

Malwarebytes does not act as your Malware removal teacher. This would take years, and not just a reference of definition of every found issue.

Generally we should trust that the years of development of Malwarebytes by very knowledgeable experienced support/staff members is correct And automatically decide to FIX all found issues ie That's what I always say: "Remove all found issues" I do not say: Except for this one and this one and this one... etc etc etc.

If you have made your own personal changes, then you decide to keep them or not.

I hope this helps someone :o

Share this post


Link to post
Share on other sites

Hello Malwarebytes :)

I just register because I just recently notice that my Malwarebytes scan is no longer detecting the Hijack Display Properties in my 64bit windows 7 premium operating system. I am frequently installing and uninstalling my operating system and everytime I installed the Malwarebytes and I had ran the scan, it would detect the Highjack Display Properties. However just recently it no longer detects it.

Did Malwarebytes fix this with a update or something?

Not that I'm complaining here, it's just that I got used to seeing the Malwarebytes detect it. lol

Thanks

Rich

Share this post


Link to post
Share on other sites

I vote to add it again

Plus it may be default policy for Windows 7, but not for earlier versions

Active Desktop 'Web' enabled, is like the No.1 disable this function when computers are generally serviced.

Obviously Malwarebytes has taken on Windows 7 as the default player here. Because if changed (by Malware) in XP, I'd like it removed, not kept!

Oh well. Another reason to force upgrade again. XP SP3 supported to April 8, 2014 by the way.

Since Malwarebytes have removed this entry as not Malware related (although commonly was before Windows 7 made it default!) for reference here's the way to remove it again: (Again I note this is for reference as per this entire thread)

Hijack.DisplayProperties.zip

I'd suggest running 'Default', this at least will bring everything back to Normal (regardless of OS)

But since I spoke about some users having issues with this (above) Then those users specifically could use the 'Remove' reg key.

Share this post


Link to post
Share on other sites

Hello :)

I hope you do realize that this is the default setting in Wow6432Node in 64 bit versions of Vista and 7, not just 7, and that if you actually set this policy (NoActiveDesktopChanges) to 1 when your desktop has not been hijacked by malware, it is acutally more secure than having it set to 0 because it has the potential to block malware from altering your active desktop in a malicious manner as long as the malware doesn't change that policy setting.

The reason that Malwarebytes detects this item (as I've said many times in this topic and others), and I hope I'm finally being clear here as there seems to be tons of confusion regarding this, is just in case it has been changed by malware and your desktop is hijacked in a malicious way using Active Desktop and this policy has been put in place to prevent you, the user, from being able to change it.

This entry is in no way malicious on its own and can actually increase system security if the policy is in place.

I hope I've made it clear now.

Thanks :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.