Member
I am using Malwarebytes' Anti-Malware. I had just updated the most recent antivirus definition. After update I scanned the system and nothing was detected. I think there is some infection in the market and I think malwarebytes is not detecting the same. I checked the log also which is also showing it clean. Except a single infection found in registry. There is no detailed threat detected.
Member
I do not think so. You can try some other type of antivirus also. The best thing of using Malwarebytes is that you can simply use any other antivirus also. You can install a good antivirus and then check back again. There can be some suspicious thing installed in your system which is bypassing the malware infection.
Member
Yes, I have the same problem. I do not believe, however that it is of any concern. After "fixing" it, Spyware doctor (that's right, a security program) had to restart IntelliGuard. This simply could be one security program not liking the processes of another. I have a free trial version of Malwarebytes, Norton 2010, and Spyware Doctor 2010, and nothing is wrong with my computer (no slow down or etcetra.)
I'm not sure if this works, but if you are seeming to have a virus problem, you could try clearing all browser history, and use Firefox. I happened to get some non-malicious tracking cookies and adware, and my computer is clean. Not all adware is bad, though.
Member
I bought a brand new Acer laptop from newegg, and opened it today. After initial setup with first boot etc i logged on to the net and
1. Went to Acer website to register the laptop,
2. Went to windows updates and downloaded updates for win7
3. downloaded ms security essentials and installed, and ran scan, came up green, and then
4. downloaded and installed MBytes, ran scan, and came up with the same scan results....
Hijack.DisplayProperties
Now, i am thinking it is extremely unlikely i picked up a trojan "out there" that quickly while working at 3 very reliable and safe sites. So...
My question is...Was this hijack routine;
a) created by Acer when doing an info seek to see if i'm a legitimate Acer laptop (??) yet MS SE missed the registry change while doing the initial scan immediately after (hmmmm, unlikely?)
b) MS did this when checking my win7 version and checking if i have admin rights while installing the desktop icons for MS Sec. Essentials?? , OR
c) MBytes did it while installing desktop and startmenu icons, then unknowingly flags the traces of its own activity?? wouldn't that be funny.
I'm a mechanical engineer and think in terms of function, but a complete novice to this stuff, so its a bit frustrating that i don't (at present) know how to begin researching this problem. If i knew a little more about win code i'd go digging and find out what is really happening, but it sure would be nice if someone who really knows what he's doing could explain to us exactly what must occur for this string to be deposited in the registry, and what legitimate processes could do it. because it SURE seems like a false positive to me.
Or should i say a "safe" positive. By that i mean a tracking routine deposited during a noninjurious process, but junk that certainly doesn't need to be on our systems and needs cleaning.
Member
I had the same issue, and did some reading on the web (Google search for Hijack.DisplayProperties) -- some of the items on the MalwareBytes forum were pretty helpful.
From what I gather, on older OSes (XP vintage), this registry setting was normally turned off, and was often turned on by malware (as well as some legitimate software) that messed with your Active Desktop to make it harder for you to undo what they'd done, so seeing it turned on was a suspicious sign (though not conculusive proof that you were infected). On newer OSes (I'm running Vista 64-bit) the setting is turned on by default, so it's simply a false positive. So how much you need to worry about seeing this depends on what OS you're running. On a brand new laptop, I'd guess you have Vista or Win 7, in which case don't worry, just set MalwareBytes to ignore this (and if you removed it, you can restore it from quarantine, though it's not a big deal).
Basically, what the setting does is stop you changing the contents of the Windows Active Desktop (the ability to use a webpage as your desktop - MS added this feature during the legal fight about whether IE was a web browser competitor to Netscape or a part of the operating system, I imagine to strengthen their case that IE was part of the operating system. Very few people use it, since it's clunky, though it's actually kind of a cool idea to be able to have have something off the web as your desktop -- I wish MS had made it not clunky rather than disabling it, though it did have potential security issues since you were basically running IE immediately on startup).
So the short answer is that if Hijack.DisplayProperties is detected, you're on XP, and you have a Viagra advert site as your desktop and can't get rid of it, you have a problem. But if you're on Vista or Win 7, it's going to be detected, and if your desktop looks normal, it's almost certainly a false alarm.
I wish MalwareBytes was smart enough to know that on some OSes this is the default setting so it should ignore it, even though on other OSes it's a useful warning sign.
Last edited by rogerd; 25-03-2010 at 02:39 AM.
Posting Permissions
Reply With Quote
Bookmarks