Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Infected registry found by MBAM

20 Sep 2011   #1

Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode
Infected registry found by MBAM


W7 Home 64bit - Windows firewall (highest settings) - MSE (real time protection)
Browser: Firefox in safe mode but IE is still on the computer since i use Windows Live Mail.

MBAM found an infection, quick scan, admin rights:
Malware.Trace: Registry value HKEY_current_user_software\Microsoft\currentversion\Policies\Explorer\DisallowCpl|1

I put it in quarantine.

Next day i had some time and restored the infection. Then i ran (quick) scans with MSE, MBAM and SuperAntiSpyware. Nothing found. Also a scan with Hitmanpro 3.5: nothing found. A full registry scan with SuperAS: nothing found.
A renewed scan with MBAM found it again. I put it back into quarantine.

My questions now are:
Is it a false positive?
If not, can i just delete it from quarantine and that's it? Or do i have to look at the registy entries and change/check something there too?
I also did (quick) scans with those AV programs in safe mode while the infection was in quarantine but nothing found in addition.
I am at a loss that MBAM found something that no less than 3 other AV programs did not find.

My System SpecsSystem Spec
20 Sep 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium SP1, 64-bit

You could upload the file in question to and see what results you get there. It will analyze the file with a bunch of different scanners.

You also might want to take a gander at Malwarebytes forums to see if there are any posts about it, particularly re false positive.
My System SpecsSystem Spec
20 Sep 2011   #3
Phone Man

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit

It may be just alerting you to the setting being set to "1".


My System SpecsSystem Spec

20 Sep 2011   #4

Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode

Thanks to both of you. I did have a look at the link given (not that i understand it).
It may be something for the Malwarebyte's forum, rather than for this forum.

It may also be connected with CCleaner. I usually fix the registry problems there but once i stored a backup in my documents before fixing and left it there.
It may be wiser not to fix the registry problems found with CCleaner but up to now it has never caused any problems.
Meanwhile i decided to delete the infection from quarantine and get rid of that backup in my documents. Some icons in the start menue are now gone. No problem though.
Point remains why that setting was changed to 1 and how and by whom.
My System SpecsSystem Spec
20 Sep 2011   #5
Phone Man

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit

You could edit the registry and change it to "0" which is the default and see if it gets changed again.

My System SpecsSystem Spec
20 Sep 2011   #6

Windows 7 Home Premium x64 SP1

MBAM once found a false positive on my machine regarding a registry key. I had customized the start menu and chose to hide the "help and support" link in the start menu, and MBAM flagged it as PUM (potentially unwanted modification).
My System SpecsSystem Spec
21 Sep 2011   #7

Windows 7 Home Premium 32bit, Linux Mint Julia, in dual boot mode

I tried taking a restore point but the icons in the start menu did not return.
I'll try your suggestions above but i can live with no icons.
Everything else seems ok.
I probably posted all this too fast but you are always afraid something is really wrong.
I should swallow my own medicine and surf with Linux exclusively and also transfer my mailbox to Linux. All this looking over your shoulder constantly when online is getting on my nerves, trying to outwit tens of thousands of virus writers.
Thanks all for your replies.
My System SpecsSystem Spec

 Infected registry found by MBAM

Thread Tools

Similar help and support threads
Thread Forum
AdwCleaner found this in the registry. Is it safe to remove?
I ran an AdwCleaner scan today just to make sure everything was okay, and it found this in the registy. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Is it safe to remove this? Thanks in advance.
System Security
Help with 8024402C error and DVD now not found in registry
I have been getting a windows 8024402C error and I can't fix it. I am a novice computer user. I went through your list of things to do and I can't download the SURT - my explorer tells me that it can't find microsoft download and boots me out of microsoft. I did the second step and it did not...
Windows Updates & Activation
Mom's computer infected. Cycbot.G found.
My mom asked me to help her with a problem with her internet this morning. She was connected to the internet, but IE (her only browser) would not work. In the process of troubleshooting, MSE popped up saying that it had found a threat. It found Cycbot.G. After a quick scan, it found the same...
System Security
So i have had Malwarebytes Pro 1.44 installed for months now ... certain sites i visit that i know mbam is posed to block hasn't been blocking anything not one notification nothing since i had it V1.43 had worked fine. am now using The Beta version (1.45) and everythings working like it used...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:58.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App