18 replies to this topic

[cooper]

I've done a great deal of investigation and it appears that there is only one application that can find and eradicate broken.open.cmd and that is Malwarebytes. The reason is obvious....the program put it there.


Hell of a way to sell a product

[kimsland]

Regarding these keys:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand)
HKEY_CLASSES_ROOT\exefile\shell\open\command\ (Broken.OpenCommand)

The newest Malwarebytes version will correct this issue
Actually even older versions will

Have you been using registry cleaners or tweak tools?
This could have "broken" the key

Do note that Malwarebytes (like all programs, including even Windows itself) try to resolve all bugs and issues.

This one is resolved

[nosirrah]

This was a bug from many versions ago that we fixed in later versions and unlike you are insinuating , we don't ask for $ to fix it

[Ladydi]

nosirrah, on Dec 4 2009, 10:08 PM, said:

This was a bug from many versions ago that we fixed in later versions and unlike you are insinuating , we don't ask for $ to fix it

I just updated to the latest version (1.44) and still get the "broken.open command HKEY_CLASSES_ROOT (etc). Is there something I can do?

[loki1]

nosirrah, on Dec 4 2009, 10:08 PM, said:

This was a bug from many versions ago that we fixed in later versions and unlike you are insinuating , we don't ask for $ to fix it

I'm continually getting this with a newly downloaded version. Is it a real problem or not? Mcafee doesn't turn it up at all.

[harrisdm]

Ladydi, on Jan 10 2010, 12:41 AM, said:

I just updated to the latest version (1.44) and still get the "broken.open command HKEY_CLASSES_ROOT (etc). Is there something I can do?

I purchased Anti-malware three weeks ago and got this same problem on the first scan. I updated today and still have the problem. The software has saved me several times and works great but this glitch is annoying. I was concerned at first but I now am assuming it is innocuous after reading several other complaints.
Anybody know of a workaround?

[catmandodo]

harrisdm, on Feb 4 2010, 03:48 PM, said:

I purchased Anti-malware three weeks ago and got this same problem on the first scan. I updated today and still have the problem. The software has saved me several times and works great but this glitch is annoying. I was concerned at first but I now am assuming it is innocuous after reading several other complaints.
Anybody know of a workaround?

I have been a Malwarebytes Anti-Malware user for 2 years and I recently did an update and ran a complete scan and got a similar error "Broken Open Command - Bad Notepad EXE%1". I clicked on repair, it said the problem was fixed and to restart the system which I did.

I ran Anti-Malware again and got the same message. I called Dell On-Call who I have a contract with, but I could not duplicate the error message again with them on the system (naturally!). They ran some tests and they told me that there was nothing wrong with my system.

I am still getting this message every time I update and run Anti-Malware and it's driving me nuts!!

If this message is Bogus, how do I get rid of it ??? PLEEEASE HELP MEEEE

[exile360]

Greetings

Are you using System Mechanic on your system? If so, I believe it actually sets the entry this way, meaning you should have Malwarebytes' Anti-Malware ignore the detection.

If not, then it may simply be an issue with permissions on that registry key preventing Malwarebytes' Anti-Malware from fixing it in which case you can do the following, but only use this tool if you are running an English version of Windows XP as it has not been tested on other operating systems:

Reset Default Permissions:

• Please download ResetDefaultPerms by AdvancedSetup from here and save it to your desktop
  
• Close any open programs and save anything you were working on
  
• Double click on restoredefaultperms.exe to run it
  
• Once it completes it will restart your computer

Then try another scan with Malwarebytes' Anti-Malware and if it finds the entry, have it fix it and then restart your system and scan once more to see if it is now resolved.

Please post back with your results.

Thanks

[Linda's Peep]

Thanks! It worked! It's been popping up for months, and I finally got tired of it enough to take the time to try to fix it!

[exile360]

You're very welcome

If you require any further assistance please post and we'll do our best to help you out.

Thanks

[Linda's Peep]

I'm afraid I have to take you up on that offer already. Since I ran the program, my boss can no longer send emails! She's furious! She uses Microsoft Outlook. Any suggestions? The program is the only thing I've done out of the ordinary that I can think of.

[noknojon]

Hi Linda's Peep -
Please copy and paste this code into the Run Box - Close all other programs first - It will run a full 5 stage check disk -
It will restart your computer, so do not worry -This usually takes about 30-45 mins depending on your system and you will not be able to use any other programs while it runs -

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

Hope this repairs any minor faults remaining -

Thank You -

[Linda's Peep]

Is this the same thing as doing the error checking from the Tools Tab in the Properties menu that is accessed from the C Drive? If it is, we tried it, and it didn't work. If not, please tell me what this code is. I'm a little gun shy to try anything I'm not familiar with.

We spent all day with our ISP, and could not get the send emails feature working. Strangely enough, all of a sudden, we are receiving emails. We have uninstalled Iolo, System Mechanics, and Malware Bytes in an attempt to resolve this issue. We are now using McAfee, and will reinstall Malware Bytes when we can get everything working right again.

Thanks so much for your help.

[exile360]

Hello again

The code is indeed the same as a Disk Check.

I would recommend resetting your email settings in Outlook (ie the email addresses/accounts, passwords etc) and then recreating them, it's possible that the data got corrupted and recreating it should fix it. You will need the port settings, email addresses and passwords so don't remove the existing accounts until you're certain you have everything written down to properly re-create them.

[Linda's Peep]

We did run the Disk Check, and spent hours on the phone with different tech support people. We think we have the issue resolved, but I will show my boss your post so she will have it for future reference. Thank you for your help!

[exile360]

You're very welcome

I hope it's all sorted out now.

[johnnydolphin]

exile360, on Apr 25 2010, 05:07 PM, said:

[*]Please download ResetDefaultPerms by AdvancedSetup from here

-------------------------------------------------------------------------------------------------------------------------

That app has malware in it, as seen by uploading the file to www.virustotal.com :

McAfee-GW-Edition 6.8.5 2009.12.31 Heuristic.BehavesLike.Win32.Dropper.H

See the result here.

[shadowwar]

This is not malware. That is only 1 hit on Virustotal and its not a hard hit but a Heuristic meaning it behaves like but could be totally fine.. Also you must check the date...

File size : 179264 bytes
First seen: 2009-12-31 14:43:42
Last seen : 2009-12-31 14:43:42
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

If i file has been around more than a few weeks and only has 1 hit on vt than that hit would be a false positive.

Probably the only reason Mcafee detects it as a heuristic dropper is cause its packed with Winrar self extracting.. and unpacks a couple files.

Also i reanalyzed the file..
http://www.virustotal.com/file-scan/report...08f1-1285944169

Now the mcafee detection is gone.. now there are two other detections..
one is gen detection.. Meaning its designed to hit a lot of files.. But also a lot of false positives. The other says the file is damaged.. Not the case..

You have to pay attention to virus total.. Just because 1 or 2 hits doesnt make it malware. You have to check the first seen date.. If a file has been around longer than a few weeks and doesnt have more than 10 hits than you can always bet the hits are false positives/ generic detections, or heurisitics.

[Jeff Payton]

shadowwar, on Oct 1 2010, 09:40 AM, said:

This is not malware. That is only 1 hit on Virustotal and its not a hard hit but a Heuristic meaning it behaves like but could be totally fine.. Also you must check the date...

File size : 179264 bytes
First seen: 2009-12-31 14:43:42
Last seen : 2009-12-31 14:43:42
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

If i file has been around more than a few weeks and only has 1 hit on vt than that hit would be a false positive.

Probably the only reason Mcafee detects it as a heuristic dropper is cause its packed with Winrar self extracting.. and unpacks a couple files.

Also i reanalyzed the file..
http://www.virustotal.com/file-scan/report...08f1-1285944169

Now the mcafee detection is gone.. now there are two other detections..
one is gen detection.. Meaning its designed to hit a lot of files.. But also a lot of false positives. The other says the file is damaged.. Not the case..

You have to pay attention to virus total.. Just because 1 or 2 hits doesnt make it malware. You have to check the first seen date.. If a file has been around longer than a few weeks and doesnt have more than 10 hits than you can always bet the hits are false positives/ generic detections, or heurisitics.

I would like to ask the support staff if it would be safe to delete the scrfile and regfile folders completely out of the registry. I have deleted the regfile>shell>open and scrfile>shell>open folders and there is trace of the command in the registry but malware is still finding it. Is it safe to delete those folders in the registry?