RonInRI

Infected Registry Key

24 posts in this topic

My computer is sluggish this morning so am doing scans. Malwarebytes Anti-Malware came up with this "infected file""...the log entry reads:

Vendor: Broken.OpenCom Category: Registry Data Items:HKEY_CLASSES_ROOT\scrfile\shell\open\command

Other: Bad: ("%1"%*)G.... Action taken: No action taken

I'm not sure what I have here or whether it's safe to delete the "item" (i.e. Registry Key), so I'll appreciate any and all feedback, suggestions, assitance....

Many thanks.

RonInRI

USA

Share this post


Link to post
Share on other sites

This is a minor data correction MBAM is doing , we set this data incorrectly in the past .

The incorrect data causes no actual problems , this more of a typo fix than anything .

Allow the fix once and it wont come back in future scans .

Share this post


Link to post
Share on other sites
This is a minor data correction MBAM is doing , we set this data incorrectly in the past .

The incorrect data causes no actual problems , this more of a typo fix than anything .

Allow the fix once and it wont come back in future scans .

Share this post


Link to post
Share on other sites

Many thanks! If only all questions were so simple to resolve!

Peace.

RonIn RI

USA

Share this post


Link to post
Share on other sites

I had this one last week as well

"Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully."

I deleted it last week but it reappeared again yesterday.Should I ignore it if it appears again?

Thanks

Dennis

Share this post


Link to post
Share on other sites

Do you have teatimer or other registry guard software that prevents changes to your registry ?

Did you restore to a time before the change ?

Share this post


Link to post
Share on other sites

Scan , remove , reboot .

After reboot please do another scan and post the log here .

BTW , in the cases where you see BAD: and GOOD: in results remove will swap GOOD in for BAD , not delete the actual key .

Share this post


Link to post
Share on other sites

It had returned since last night, but had gone after today's reboot.

Here's the 2 logfiles.

Malwarebytes' Anti-Malware 1.28

Database version: 1205

Windows 5.1.2600 Service Pack 2

25/09/2008 19:44:29

mbam-log-2008-09-25 (19-44-29).txt

Scan type: Quick Scan

Objects scanned: 41968

Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------

Malwarebytes' Anti-Malware 1.28

Database version: 1205

Windows 5.1.2600 Service Pack 2

25/09/2008 19:50:26

mbam-log-2008-09-25 (19-50-26).txt

Scan type: Quick Scan

Objects scanned: 41904

Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

I keep on getting the same problem as well. What is going on.

Malwarebytes' Anti-Malware 1.33

Database version: 1680

Windows 6.0.6001 Service Pack 1

1/22/2009 9:08:08 PM

mbam-log-2009-01-22 (21-08-08).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 3924

Time elapsed: 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Do you have teatimer or other registry guard software that prevents changes to your registry ?

Did you restore to a time before the change ?

I have found this forum and q/a on this topic. I have had the same message, but it recurs.Is the teatimer causing this? What is teatimer and is it necessary?

Share this post


Link to post
Share on other sites

You have a VERY old version of MBAM

YOUR VERSION

Malwarebytes' Anti-Malware 1.33

Database version: 1680

CURRENT VERSION

Malwarebytes' Anti-Malware 1.37

Database version: 2271

Please download the new version 1.37 or try to update it from within the program and then do another Quick Scan and see what you get.

Share this post


Link to post
Share on other sites
You have a VERY old version of MBAM

YOUR VERSION

Malwarebytes' Anti-Malware 1.33

Database version: 1680

CURRENT VERSION

Malwarebytes' Anti-Malware 1.37

Database version: 2271

Please download the new version 1.37 or try to update it from within the program and then do another Quick Scan and see what you get.

not sure how you worked that out, but my version is 1.37

Share this post


Link to post
Share on other sites

The top of the log you posted says

Malwarebytes' Anti-Malware 1.33

Database version: 1680

Perhaps that was an old log from a scan long ago that you posted by accident?

Share this post


Link to post
Share on other sites
The top of the log you posted says

Malwarebytes' Anti-Malware 1.33

Database version: 1680

Perhaps that was an old log from a scan long ago that you posted by accident?

The log wasn't actually my post, I was just asking about somone's reference to teatimer possibly being the cause of receiving the message

Share this post


Link to post
Share on other sites

The posted was directed at darkestangel but there were a couple other posts here.

Share this post


Link to post
Share on other sites

Ah yes, I see. TeaTimer will generally block changes to the startup keys in the registry so if MBAM were trying to alter such a setting, it could potentially be prevented from doing so if using TeaTimer. More info about TeaTimer can be found here. It is a component of Spybot Search & Destroy.

Share this post


Link to post
Share on other sites

For days now I keep getting this. I delete it but it still keeps showing up in later scans. It only shows when I scan with Malware Bytes. Other programs like Spybot and Super Antispyware don't list this.

The problem is mentioned above from as early as 2008 and saying it was going to be fixed but obviously is back.

What is suggested and or when will the problem be fixed as I don't believe I have any spyware.

Share this post


Link to post
Share on other sites

Great tbraybrook -

It should now read 1.42/ Version 3445 - Now run a scan (quick scan is enough for now) - I hope that it comes back clean -

Please let us know your results (no need to post scan results) -

Thank You - ;)

Share this post


Link to post
Share on other sites

I will do that but it won't matter because I have run this scan more than once and it comes back with 2 items each time. This is a Malware Bytes issue. I have googled it and several people have had this problem with most always getting two items related to it in the scan. Nobody has an answer for this.

Everyone says post a log file or reboot. Well yeah I have done that a few times already and deleted it from Quarantine which does nothing.

Share this post


Link to post
Share on other sites

Ran a quick scan and it found nothing. Ran part of a full scan and it found nothing. Rebooted and did a quick scan and nothing BUT today (just now) I did another quick scan and it found two items again. It wanted me to reboot. I didn't because it was pointless and did nothing last time. Therefore there is a glitch and there needs to be a program update not a definitions update for Malware Bytes.

Share this post


Link to post
Share on other sites

@tbraybrook

;)

Please post the full log so that we can see what you're talking about.

Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.