Broken.OpenCommand

I would appreciate some help on this issue - specifically do I have a problem or not?

 

I have the free version of Malwarebytes Anti-Malware. On the last few occasions I have run a scan using MBAM it claims to detect an infection of the registry and refers to Broken.OpenCommand. I click the button to remove this infection but the next time I run MBAM it is back again. The log file for the most recent scan is included here below.

 

Against this I have NIS2011 and it does not detect this 'infection' as a problem. I have run a full scan and this issue doesn't come up.

 

I have read various posts both on this forum and on others and the consensus seems to be that this 'infection' isn't a big problem probably caused by a program which changes the default Windows settings. However, I cannot think of a program I have which would do this. MBAM didn't detect this issue until recently and I haven't installed any new programs since then.

 

Could someone advise a) whether I need to do anything about this 'infection' and b) if it isn't a problem how can I find out what program is making this change to the registry.

 

Many thanks

 

MBAM log file contents (relevant section highlighted in bold type):

 

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5460

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/01/2011 23:35:15
mbam-log-2011-01-04 (23-35-15).txt

Scan type: Quick scan
Objects scanned: 189351
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) ->
Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi Ordery,

 

This is not a problem and you are not infected.  Malwarebytes' finds and will correct registry settings that have been altered from the Windows defaults.  Do you use a registry cleaner (especially System Mechanic)?  If you are having Malwarebytes' fix this and it returns, then either another program, such as a registry cleaner, is reapplying the changes, or you have a program, such as TeaTimer in Spybot, that is preventing Malwarebytes' from successfully undoing the modifications.  You can add this item to Malwarebytes' ignore list to prevent these detections, or just disregard them.

 

Malwarebytes' may have done something recently that is causing this to appear more, as this is the second post about this today in the Norton forums.

 

http://forums.malwarebytes.org/index.php?showtopic=71070

Dear SendOfJive

 

Thank you very much for your comment. It's reassuring to know that there is no infection.

 

I wonder whether it's changes to MBAM which has triggered this detection. I think this is unlikely as there has been a post about this on the MBAM forum a while ago. As for programs on my PC which may have altered this, the only one I can think of is CCleaner. This cleaner though seems to behave very well and I'm not aware this it would make this sort of change.

 

Still a bit of a mystery.

 

Best wishes

You may want to see if any of the following will repair the error: http://www.dougknox.com/xp/file_assoc.htm

 

or a search on Google turns up many interesting articles on scr file associations.

 

 


SendOfJive wrote:

Hi Ordery,

 

This is not a problem and you are not infected.  Malwarebytes' finds and will correct registry settings that have been altered from the Windows defaults.  Do you use a registry cleaner (especially System Mechanic)?  If you are having Malwarebytes' fix this and it returns, then either another program, such as a registry cleaner, is reapplying the changes, or you have a program, such as TeaTimer in Spybot, that is preventing Malwarebytes' from successfully undoing the modifications.  You can add this item to Malwarebytes' ignore list to prevent these detections, or just disregard them.

 

Malwarebytes' may have done something recently that is causing this to appear more, as this is the second post about this today in the Norton forums.

 

http://forums.malwarebytes.org/index.php?showtopic=71070


Hi SendOfJive, I can confirm that at least in my case regarding this problem, it is not due to System mechanic and the problem keeps reacurring  each time I update  Malwarebytes definitions files

 

Hi reactivate,

 

Since a couple of Malwarebytes' experts have posted on the MBAM forum that System Mechanic can cause these registry changes that MBAM detects, and you have posted here that you installed and ran System Mechanic Premium, how have you ruled out its involvement?