Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Broken.OpenCommand


  • Please log in to reply
5 replies to this topic

#1 Hotfootks

Hotfootks

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 01 February 2010 - 10:17 AM

Hiya,
When I run Malwarebytes I keep getting that it found 2 files of Broken.OpenCommand, it says it deletes it but then the following week when I run it again they are there again. Here is my latest log from Malwarebytes:

Malwarebytes' Anti-Malware 1.44
Database version: 3662
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/30/2010 11:56:23 AM
mbam-log-2010-01-30 (11-56-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 200105
Time elapsed: 2 hour(s), 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{997E5589-946C-4C4D-ADE7-FE87EA0D8859}\RP947\A0435569.com (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks for any help you can give me.
Karen

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:29 AM

Posted 03 February 2010 - 02:35 PM

Do you use iolo System Mechanics, have a program installed that prevents registry changes from taking place or have used a tool to fix associations?

Malwarebytes sees and reports that the association for these files are not the default ones as set by Windows (since malware may alter these associations as well). When you select to remove in mbam, mbam restores it to the default associations again (as set by Windows).
So you have 2 choices here... Or you ignore the detection in mbam, or you don't let System mechanic modify the default associations

explanation by miekiemoes, Administrators at Malwarebytes

It simply means that one of the file associations are no longer using the default Windows setting. This could be on purpose by you or software that you use but it is also a method used by Malware so we flag it. If you're telling MBAM to change it and it comes back then some program you're using is either blocking the change in the Registry or maybe a program you use is reverting it back.

If you chose it and want it to remain that way then you can ignore it. If you did not chose that then have MBAM fix it and if you have software that blocks Registry changes then you need to tell the program to allow MBAM to make the change.

There is at least one tool that disables these as a "security fix" . MBAM cant tell why a modification has happened , only that it has.

explanation by Malwarebytes Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 03 February 2010 - 03:06 PM

Hiya,
I do not use iolo Sytem Mechanics. To my knowledge I do not have anything that prevents registry changes from taking place or used a tool to fix associations. I do have Dell PC tuneup installed, would that change the associations or prevent registry changes?

Thanks,
Karen

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:29 AM

Posted 03 February 2010 - 03:19 PM

Dell PC TuneUp is a registry cleaners/optimizer. Such programs are not recommended by BC for various reasons as they can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable. It sounds similar to Sytem Mechanics.

Usually when malware modifies those registry keys, you will experience other signs of infection and performance issues. Are you having any such issues? If not, then have MBAM ignore the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 03 February 2010 - 03:28 PM

Hiya,
No I am not experiencing any signs of infection or performance issues, I just wondered why each week when I do the mbm scan that they are always there.

Thanks so much,
Karen

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:29 AM

Posted 03 February 2010 - 03:33 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users