Help - Search - Members - Calendar
Full Version: Broken.OpenCommand
Malwarebytes Forum > Malwarebytes' Anti-Malware Support > General Malwarebytes' Anti-Malware Forum
jonathan1447
Jun 16 2009, 08:40 AM
Hi I am new here. I really like MWB, but I have 2 Registry Data Items Infected which keep coming back:
Broken.OpenCommand
What should I do?

Malwarebytes' Anti-Malware 1.37
Database version: 2285
Windows 5.1.2600 Service Pack 3

16/06/2009 09:05:26
mbam-log-2009-06-16 (09-05-26).txt

Scan type: Quick Scan
Objects scanned: 88691
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
AdvancedSetup
Jun 16 2009, 09:54 AM
These are the default settings that XP comes with. Some other program has changed them to a different settings which often is a sign that Malware did it.
If you've done it on purpose then you can put those entries on the Ignore list. If you have said to fix it and it keeps coming back then you probably have something like Tea Timer from Spybot or the AdAware watch or similar program blocking the Registry change and you need to tell that program to allow the change.
jonathan1447
Jun 17 2009, 10:10 AM
QUOTE (AdvancedSetup @ Jun 16 2009, 10:54 AM) *
These are the default settings that XP comes with. Some other program has changed them to a different settings which often is a sign that Malware did it.
If you've done it on purpose then you can put those entries on the Ignore list. If you have said to fix it and it keeps coming back then you probably have something like Tea Timer from Spybot or the AdAware watch or similar program blocking the Registry change and you need to tell that program to allow the change.


Spot on, Tea Timer and Spybot, now sorted, many thanks, great service !
jonathan1447
Jun 18 2009, 06:53 AM
QUOTE (jonathan1447 @ Jun 17 2009, 11:10 AM) *
Spot on, Tea Timer and Spybot, now sorted, many thanks, great service !

I spoke too soon, it has come back after a day after removal. I have uninstalled Spybot, but I do run NIS 2009. Could it be the Norton that is blocking the change ?
AdvancedSetup
Jun 18 2009, 06:56 AM
There are now dozens of programs that block changes, SuperAntispyware does too, I'm sure Symantec/Norton has a section for that as well.
You really need to review your logs from these programs and determine which one is reverting the change back.
jonathan1447
Jun 18 2009, 07:32 AM
QUOTE (AdvancedSetup @ Jun 18 2009, 07:56 AM) *
There are now dozens of programs that block changes, SuperAntispyware does too, I'm sure Symantec/Norton has a section for that as well.
You really need to review your logs from these programs and determine which one is reverting the change back.

OK, thanks for that, the Norton log seems to show it is blocking the change.
jonathan1447
Jun 18 2009, 10:17 PM
QUOTE (jonathan1447 @ Jun 18 2009, 08:32 AM) *
OK, thanks for that, the Norton log seems to show it is blocking the change.

Think I have fixed it by running MWB in Safe Mode so not blocked by Norton IS.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.