# Solved: Malwarebytes' "false positive?"



## redoak (Jun 24, 2004)

"Malwarebytes" says that "Broken.Open Command" is malware. This is in the Registry of "XP Pro." "AVG" and "Super Antispyware" do not. 

This item has appeared three consecutive times during my weekly scans.

Is this a false positive? 

{redoak}


----------



## Phantom010 (Mar 9, 2009)

Is this the report you get?

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> No action taken.

If that's what you see, click Start > Run > type regedit.

Go to:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

In the right-hand pane, change the value "%1" %* for * "%1" /S*.

If something similar, please give me the exact information.


----------



## Byteman (Jan 24, 2002)

Moving to General Security

Probably others have been seeing this error.....thank you.


----------



## redoak (Jun 24, 2004)

See the attached for the full registry reference.

{redoak}


----------



## Phantom010 (Mar 9, 2009)

I would have prefered seeing the text report. It would have been more complete.

Again, click Start > Run > type *regedit*

Browse to:

HKEY_CLASSES_ROOT\piffile\shell\open\command

In the right-hand pane, make sure the value is *"%1" %* *and not ||"%1" %*

Change accordingly.


----------



## redoak (Jun 24, 2004)

I believe this is what you desired:
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> No action taken.

I will proceed as you directed, if this confirms your diagnosis.

Many thanks, 
{redoak}


----------



## Phantom010 (Mar 9, 2009)

OK, seeing your text report, I now understand why your screenshot was showing ||. The text report shows () (Bad). Therefore, it must mean that you don't have an entry in the right-hand pane of that registry key. So, you'll need to insert the (Good) *"%1" %* *and you should be all set.


----------



## redoak (Jun 24, 2004)

"P-010":
See the attachment. My Registry doesn't follow your example. Note "shellex," not simply "shell."

{redoak}


----------



## Phantom010 (Mar 9, 2009)

Then, you'll have to create the registry key:

Browse to: HKEY_CLASSES_ROOT\*piffile*

Right-click on *piffile*.

Click *New* > *Key*

Type *shell*.

Then, right-click *shell* and click *New* > *Key*.

Type *open*.

Right-click *open *and click *New* > *Key*

Type *command*.

In the right-hand pane, double-click the default entry and type *"%1" %**.

Exit the registry editor and you should be all set. You may have to reboot though for changes to take effect.


----------



## Phantom010 (Mar 9, 2009)

So, redoak, getting the hang of it?


----------



## Phantom010 (Mar 9, 2009)

Looks like you've solved your problem. Glad you did!









You're quite welcome!


----------



## redoak (Jun 24, 2004)

Yes! After creating the key from your detailed instructions, a Malwarebytes scan just now ran flawlessly.

I did have to use the right-click menu item "Rename" before I could put in the names of the new sub-keys. When I went directly to typing in the name, I was sent to a key alphabetically in the huge list of keys. 

Once again, many thanks, 
{redoak}

This was delayed when some one came to visit as I was drafting it following clicking "solved."


----------

