Not sure what this is.

Discussion in 'malware problems & news' started by Raider7, Nov 1, 2006.

Thread Status:
Not open for further replies.
  1. Raider7

    Raider7 Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    3
    Hi,
    I did an Ad aware scan this morning and this came up.

    Name: Windows
    Category: Vulnerability
    Object type: Reg data
    Size: 13 bytes
    Location: scrfile\shell\open\command " " ("%1" /s "%3")
    Last activity: 1-11-2006
    Relevance: Low
    TAC rating: 3
    Description: Windows security issue. Your system may be compromised. The specifics of the posible compromised item are listed in the comments section.
    There were no comments.

    Is this a virus, Malware or Trojan? Our Antivirus program is up to date. We are running a fire wall which is also up to date. I have also done an anti virus scan which showed up nothing. Just went to Windows update there are software and hardware updates that are optional to download. I have not downloaded them yet. We are running Windows Media Edition SP 2.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Raider7,

    Can you click Start > Run > and copy this command in the window:
    regedit /e c:\screensaver.txt "HKEY_LOCAL_MACHINE/CLASSES/scrfile/shell/open/command"
    click OK to execute the command.

    This will export that key to a newly created file c:\screensaver.txt
    Can you find that file and post the content.
    That will show us what AdAware is warning you about.

    Regards,

    Pieter
     
  3. Raider7

    Raider7 Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    3
    Hi Pieter,
    Thanks for replying. Here is the info you wanted. I hope it makes sense.

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\scrfile]
    @="Screen Saver"

    [HKEY_CLASSES_ROOT\scrfile\shell]

    [HKEY_CLASSES_ROOT\scrfile\shell\config]
    @="C&onfigure"

    [HKEY_CLASSES_ROOT\scrfile\shell\config\command]
    @="\"%1\""

    [HKEY_CLASSES_ROOT\scrfile\shell\install]
    @="&Install"

    [HKEY_CLASSES_ROOT\scrfile\shell\install\command]
    @="rundll32.exe desk.cpl,InstallScreenSaver %l"

    [HKEY_CLASSES_ROOT\scrfile\shell\open]
    @="T&est"

    [HKEY_CLASSES_ROOT\scrfile\shell\open\command]
    @="\"%1\" /S \"%3\""

    [HKEY_CLASSES_ROOT\scrfile\shellex]

    [HKEY_CLASSES_ROOT\scrfile\shellex\DropHandler]
    @="{86C86720-42A0-1069-A2E8-08002B30309D}"
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Yours does indeed have a little extra.

    Since there is no way of seeing what added that, keep the file you posted as a backup.
    If anything goes wrong you can rename it to screensaver.reg and doubleclick it to restore the old value in the registry.

    Copy the part in the CODE box below into notepad and save it as scrcomm.reg
    Set Filetype to "All types"
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\scrfile\shell\open\command]
    @="\"%1\" /S"
    
    Doubleclick the file and confirm you want to merge it with the registry.

    The warning should no longer come up.

    Keep us posted,

    Pieter
     
  5. Raider7

    Raider7 Registered Member

    Joined:
    Oct 31, 2006
    Posts:
    3
    Hi Pieter,
    I did what you said and it has worked. Thankyou very Much for helping out. :D
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    My pleasure. :)
     
Loading...
Thread Status:
Not open for further replies.