We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Virus on new laptop
HollaHolla84
Posts: 156 Forumite
in Techie Stuff
Hi there I purchased a new laptop earlier in the week, first things I done was install malwarebytes, superantispyware and avira from a clean usb stick. I run a quick scan and it found something, rather odd I think. what do you guys think?
Malwarebytes' Anti-Malware 1.44
Database version: 3927
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29/03/2010 17:47:26
mbam-log-2010-03-29 (17-47-26).txt
Scan type: Quick Scan
Objects scanned: 103015
Time elapsed: 5 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
p.s all of this was done before I connected to the internet for the first time.
Malwarebytes' Anti-Malware 1.44
Database version: 3927
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
29/03/2010 17:47:26
mbam-log-2010-03-29 (17-47-26).txt
Scan type: Quick Scan
Objects scanned: 103015
Time elapsed: 5 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
p.s all of this was done before I connected to the internet for the first time.
0
Comments
-
Looking in the Malwarebytes forum this particular entry may well have been a false positive, but even it it was it shouldn't matter that it's been removed.
The "NoActiveDesktopChange" property is sometimes hijacked by malware and viruses, but it's also sometimes used by legitimate software.
If you find that any of your pre-installed software doesn't work as expected (which i think is doubtful), then you can restore the changes by clicking on the item in malwarebytes quarantine and restoring it.
See the thread (all 7 pages of it!) at malwarebytes - http://forums.malwarebytes.org/index.php?showtopic=76530 -
Slartibardfast wrote: »Looking in the Malwarebytes forum this particular entry may well have been a false positive, but even it it was it shouldn't matter that it's been removed.
The "NoActiveDesktopChange" property is sometimes hijacked by malware and viruses, but it's also sometimes used by legitimate software.
If you find that any of your pre-installed software doesn't work as expected (which i think is doubtful), then you can restore the changes by clicking on the item in malwarebytes quarantine and restoring it.
See the thread (all 7 pages of it!) at malwarebytes - http://forums.malwarebytes.org/index.php?showtopic=7653
Erm.....maybe not
Quarantined and deleted successfully.0 -
That's exactly what i mean by false positive. If you check the link to malwarebytes forum there's a consensus on this.
7 pages of posts dealing with people have the same false positive on brand new pc's before 3rd party software installed.
As I said before, the registry entry is meant to be there, the fact that it's value was "on" rather than "off" could mean that malware was present.
Detecting malware can often be hit and miss and no piece of software yet has been able to get everything right all the time! Sometimes we put too much trust in the software.
Through my years in IT I've had to deal with false positives on an increasingly regular basis.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards