wasted wrote:
>Hi I just updated MBAM and did a full scan and it found 18 hits of folders
>and files that it calls Rogue.XLG, and one Registry data item
>
>The files and folders are all subfolders of one particular folder that I
>created in my Start Menu Called "Protection". In there I have all the
>shortcuts to my anti-virus and anti-spyware programmes and the hits include
>ALL those folders and the actual shortcut links - including MBAM itself.
>There are no executable files in there, just shortcut links.
>
>I find it hard to believe that these are real alerts - do you think I can
>ignore them?
>
>
>The registry item is
>
>HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CUR RENTVERSION\POLICIES\EXPLORER\NOACTIVEDESKTOPCHANG ES
>Bad (1) Good (0)
>
>Can someone please explain what this is and if I should delete it.
>
>
>Many thanks
The HKLM\...\NoActiveDesktopChanges registry key above determines
whether or not the users of the machine have the ability to change
their active desktop configuration. There are a large number of
trojans and malware that change that registry entry to "1" in order to
prevent users from removing the displayed content within the active
desktop. You can also set this to 1 to prevent users from changing
their wallpaper, for instance. It is not necessarily an indication
that you are compromised, but by default users are allowed to change
their active desktop settings. The Malwarebytes program flagged the
registry entry because it is more often than not an indication that
malware may be present. If you are comfortable with the appearance
and functioning of your Windows desktop, and don't plan on allowing
other users to change the desktop settings, then leave the registry
entry set to 1, otherwise set it to zero or allow Malwarebytes to do
it for you.
Reply With Quote