Hijack.ControlPanelStyle and Hijack.Help

4 posts in this topic

Hijack.ControlPanelStyle and Hijack.Help

please confirm genre of mbam.exe message

hi there

On my first scan of a newly rebuilt machine running XP pro sp 3 slipstreamed i got these

Hijack.ControlPanelStyle and Hijack.Help

From what i read on the forums they are not false positives but seem to be settings that are not set to defaults?

Can someone confirm that?

Spybot S&D showed up the IE 8 - files and settings wizard firewall backdoor

Superantispyware showed nothing

Mbam.exe just the above

Below is the log ~ could someone please clarify the output?



Malwarebytes' Anti-Malware 1.38

Database version: 2400

Windows 5.1.2600 Service Pack 3

09/07/2009 21:56:08

mbam-log-2009-07-09 (21-55-53).txt

Scan type: Quick Scan

Objects scanned: 83854

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848




Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586436545151384753645452385161524839535634513861467468838




Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)



Share this post

Link to post
Share on other sites

Indicates that the ability to change control panel display mode has been locked out .


Indicates that help will be prevented from being displayed in the start menu .

Both malware and legit actions can cause and since there is no way to tell which is the cause we choose to help novice users assuming that expert users will understand what the detection(s) indicate and then use the ignore function to hide their custom modifications .

Share this post

Link to post
Share on other sites

A similar post talked about this, but was closed. In that post the user indicated that they cleaned the machine in question and the next day it would have this 'infection' again. These items can be set by Group Policy in a domain policy. So, that setting may get changed back to '0', but the domain admins intentionally have it set to '1'. I know I have a policy in place that sets the home page for all the users in the company. So, like the gentleman said, if you know what you are seeing, this can definitely be ignored if you know that it was set to '1' for a reason. I doubt most home users would have this set.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.