Jump to content

Recommended Posts

Hello,

Following is log from flash scan with MBAM, where few registry values were detected as infected. Subsequest quaick scan too picked up the same infections. Scans with Norton Internet Security 2011 and another spyware scanner- System Protector (bundled with ASO3)too did not detect any infections in memory/registry/files/folders/cookies.

Can you kindly suggest whether the detection by MBAM is a false positive?

Regards,

Dwight

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6286

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

06-04-2011 21:39:28

mbam-log-2011-04-06 (21-39-24).txt

Scan type: Flash scan

Objects scanned: 129666

Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken.

HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken.

HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken.

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Those keys have all been modified likely though another security application to limit their functionality.

It is impossible to tell from the outside looking in how they were modified so we fix them as a default as malware can modify them in an attempt to prevent certain fix functionality from working on your system.

The way it is set now notepad will be used to open files matching the file extensions mentioned in those keys. If you know this was intentional use the ignore function after a new scan otherwise allow MBAM to fix them.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.