malwarebyte false positive ? (solved)

[Hermite15]

I'm not familiar with this software. Just run a quick scan with it and it detected a supposed to be bad registry key. It's a microsoft key, so I doubt it's spyware (although   )...unless it's been modified by spyware stuff; anyway, what do you guys think ? it's not detected by anything else (SAS tells there's nothing...)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

edit: just found that
http://malwarebytes.org/forums/lofiversion/index.php/t7653.html
http://www.malwarebytes.org/forums/index.php?showtopic=7653&st=20&p=48178&#entry48178

OK so that's definitely a false positive.

[YoKenny]

You did not read the whole topic.

You need to read this thread again. It's not an indication of infection. It's a display setting which you may have changed.

http://www.malwarebytes.org/forums/index.php?s=&showtopic=7653&view=findpost&p=121291

[Hermite15]

That's due to the fact the Active Desktop setting may have been changed by you or by a malware infection.

You need to read this thread again. It's not an indication of infection. It's a display setting which you may have changed.

http://www.malwarebytes.org/forums/index.php?s=&showtopic=7653&view=findpost&p=121291

I know, I edited my post:

unless it's been modified by spyware stuff

the malwarebyte forum thread tells the key should be left set to "1" if in Vista.

edit: oh OK, the thread you link to is about win7, I'll have a further look then...say again it's a false positive in Vista 64, should be the same in 7/64...

[YoKenny]

I modified my post as TeMerc answered about Windows 7.
 

 

[Hermite15]

I modified my post as TeMerc answered about Windows 7.
 

 

what's your username there ?
anyway avast never detected it for me, neither avast 4 nor 5 , and MSE neither. the thing is I'll never know if it's set by default to 1 (noactivedesktopchanges) or not...

[Hermite15]

just found:
http://www.sevenforums.com/system-security/7219-malwarebytes-noactivedesktopchanges.html

it's been coded like that by MS themselves for the misc testing builds of Win7...anyway, active desktop is not something I ever used, except once when it got released years ago   It could be a security to leave it disabled.

[YoKenny]

YoKenny1 Member 100 and joined there when MBAM was still in beta.

Malwarebytes Poll:
http://www.malwarebytes.org/forums/index.php?showtopic=27068

[Hermite15]

just a question: when the registry was detected, the scan was interrupted, and when I clicked on "ignore" and attempted to close the UI I had the message that the scan was running...but it wasn't...weird. Also, it seems the app is using a lot of CPU during a scan.

[YoKenny]

It is still running in the background and it is throttled to use a maximum 50% of the CPU but it starts out high then settles back to about 50%

[Hermite15]

thanks for the feedback; I guess I'm just used to Avast 4 that could do a full scan without eating too much resource. Noticed avast 5 beta was also rather resource demanding when scanning.