"wasted" <rubbish@xxnone.notreal.com> wrote in
news:ZemdneBi37CRnaHUnZ2dnUVZ8omdnZ2d@posted.plusn et:

> "wasted" <rubbish@xxnone.notreal.com> wrote in message
> news:QIednfj_1uS35qfUnZ2dnUVZ8jydnZ2d@posted.plusn et...
>> Hi I just updated MBAM and did a full scan and it found 18 hits of
>> folders and files that it calls Rogue.XLG, and one Registry data
>> item
>>
>> The files and folders are all subfolders of one particular folder
>> that I created in my Start Menu Called "Protection". In there I have
>> all the shortcuts to my anti-virus and anti-spyware programmes and
>> the hits include ALL those folders and the actual shortcut links -
>> including MBAM itself. There are no executable files in there, just
>> shortcut links.
>>
>> I find it hard to believe that these are real alerts - do you think I
>> can ignore them?
>>
>>
>> The registry item is
>>
>> HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\POLICIES\
>> EXPLORER\NOACTIVEDESKTOPCHANGES Bad (1) Good (0)
>>
>> Can someone please explain what this is and if I should delete it.
>>
>>
>> Many thanks
> Just discovered from a sequence of Googling that a folder named as
> "Protection" is created by some malware or other, which is why it is
> flagged. Renaming my folder has stopped it being flagged.

It has to do with hueristics... MBAM has a complicated collection of
them.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org