Jump to content


Photo

Disable.MCProperties


  • Please log in to reply
5 replies to this topic

#1 QWERTYWI

QWERTYWI

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 April 2009 - 09:33 AM

I run a scan daily and this just showed up in my system... It appears that it just showed up based on the signature file update and online (first occurrence on Malwarebytes was 4/28)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer (Disable.MCProperties) -> No action taken.

is this a false positive, or do I just IGNORE?

Thanks!

#2 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,673 posts
  • Gender:Female
  • Location:Belgium

Posted 29 April 2009 - 10:33 AM

Hi,

This is no false positive. This policy means that properties of "My computer" are disabled. If you have set it that way, then ignore it. The reason why it's now targetted by mbam is because recent malware sets this policy in order to disable the My computer Properties. :P
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 QWERTYWI

QWERTYWI

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 April 2009 - 11:01 AM

But I can currently right-click on the MY COMPUTER icon and bring up the properties just fine now... So that is how it should be, right?


Hi,

This is no false positive. This policy means that properties of "My computer" are disabled. If you have set it that way, then ignore it. The reason why it's now targetted by mbam is because recent malware sets this policy in order to disable the My computer Properties. :P



#4 QWERTYWI

QWERTYWI

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 April 2009 - 11:12 AM

I looked at my registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoPropertiesMyComputer"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileAssociate"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoSMHelp"=dword:00000000
"HonorAutoRunSetting"=dword:00000001

The NoPropertiesMyComputer is set for 0 so I CAN view the MYComputer Properties... When I change it to 1 I can longer view them.

Shouldn't Malwarebytes detect it if it is set to 1 and not 0? For me it detected it as listed above.

Thanks!

#5 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,673 posts
  • Gender:Female
  • Location:Belgium

Posted 29 April 2009 - 11:33 AM

Hi,

Yes, but NoPropertiesMyComputer is not a default policy, so you can remove it with mbam. Most probably you are using a registry tweaking tool which has created these policies. No need to have these policies anyway if you don't enable it.

Shouldn't Malwarebytes detect it if it is set to 1 and not 0? For me it detected it as listed above.

I already requested to filter that - so this should be "fixed" in next update :P
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 QWERTYWI

QWERTYWI

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 April 2009 - 11:40 AM

Gotcha.... thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users