4 replies to this topic

[paranoidsoul]

What I want to know is if this is a false positive or if not how severe is it? I have it in quarantine but is it safe for me to delete it?

Here's my log file on the issue:

Malwarebytes' Anti-Malware 1.40
Database version: 2723
Windows 5.1.2600 Service Pack 3

8/31/2009 4:55:29 PM
mbam-log-2009-08-31 (16-55-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 109457
Time elapsed: 16 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[AdvancedSetup]

That is a policy that determines if you use the newer XP style Control Panel view or the Classic View.

Removing or setting the policy to 0 should be okay. Then you can select yourself what or how you want it to be viewed instead of being forced by a policy.

You can read more about it here: http://www.insidetheregistry.com/regdataba...spx?valueid=228

[nosirrah]

This typically shows up with infections that force the version of the CP that is more difficult to navigate in an attempt to make certain OS functions that could remove the malware harder to access .

This can also be intentionally set to lock that same version of the CP in place if that is what the user desires .

There are no other detections in your log so it is highly unlikely that there is any actual malware in your system .

Aside from being able to change your CP from one style to another you will not notice any changes to your system if you allow MBAM to fix this .

paranoidsoul, on Aug 31 2009, 07:32 PM, said:

What I want to know is if this is a false positive or if not how severe is it? I have it in quarantine but is it safe for me to delete it?

Here's my log file on the issue:

Malwarebytes' Anti-Malware 1.40
Database version: 2723
Windows 5.1.2600 Service Pack 3

8/31/2009 4:55:29 PM
mbam-log-2009-08-31 (16-55-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 109457
Time elapsed: 16 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[paranoidsoul]

thanks for clearing this up

well it makes sense as i recall last week i did have a friend change the windows theme to classic mode

[Bobc8]

My brother has it and I hate it.