HKEY_CLASSES problem

My AdAware has been repeatedly sending me this bug message:

HKEY_CLASSES_ROOT:regfile\shell\open\command

It activates on startup. I"ve gone thru my start up menu, have deleted =
just about everything, but have to run the ad aware every morning before =
I go on line, since this one particular file keeps coming up as a =
possible trojan. For the life of me I can't find it. I've looked for =
the file, I've sent the registry file finder to search for it, and it =
can't find it. SpyBot misses it, Spyware blaster misses it, WinCleaner =
misses it, my virus protection misses it, and my firewall has no record =
of it. All of my programs are up to date, and I check daily if there are =
updates before I log off for the evening)

My AdAware is on the newest regfile. It says this file is a =
vulnerability, possible trojan, and low threat, but none the less, I =
can't even find it to get rid of it, much less know what it is.
=20
Would anybody have any idea what this file is, where I can find it and =
what I can do about it ?

Thank you in advance
Bev

Bev,

What file are you looking for? I suspect the problem is not due to any file
but that AdAware is informing you that the default action for a regfile is
Open. IMO this is particularly dangerous and should be changed to Edit. You
can do this using Control Panel | Folder Options | File Types, browse to
filetype REG, click Advanced, highlight edit and then click "Set Default". Ok
and Apply out.
--
Mike Maltby



caroskos caroskos wrote:

My AdAware has been repeatedly sending me this bug message:

HKEY_CLASSES_ROOT:regfile\shell\open\command

It activates on startup. I"ve gone thru my start up menu, have
deleted just about everything, but have to run the ad aware every
morning before I go on line, since this one particular file keeps
coming up as a possible trojan. For the life of me I can't find it.
I've looked for the file, I've sent the registry file finder to
search for it, and it can't find it. SpyBot misses it, Spyware
blaster misses it, WinCleaner misses it, my virus protection misses
it, and my firewall has no record of it. All of my programs are up to
date, and I check daily if there are updates before I log off for the
evening)

My AdAware is on the newest regfile. It says this file is a
vulnerability, possible trojan, and low threat, but none the less, I
can't even find it to get rid of it, much less know what it is.

Would anybody have any idea what this file is, where I can find it
and what I can do about it ?

Thank you in advance
Bev

Thank you for your suggestion. I did follow your directions exactly, =
rebooted, ran ad aware at start up again and the same message comes up =
over the quarantine window.....

1 object recognized...1 registry value defined, and then the quarantine =
notice says:

WINDOWS
=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=A F=AF=AF=AF=AF=AF=AF=AF=AF=
=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF
obj[0]=3DRegData : regfile\shell\open\command

I'm not looking for a file, I'm trying to get the continual quarantine, =
possible virus found message to stop. Haven't a clue what this thing is =
doing when I go on line. It gets contained if I run the AdAware before =
connecting.
Bev


"Mike M" wrote in message =
...
Bev,

What file are you looking for? I suspect the problem is not due to any =
file=20
but that AdAware is informing you that the default action for a regfile =
is=20
Open. IMO this is particularly dangerous and should be changed to Edit. =
You=20
can do this using Control Panel | Folder Options | File Types, browse to =

filetype REG, click Advanced, highlight edit and then click "Set =
Default". Ok=20
and Apply out.
--=20
Mike Maltby



caroskos caroskos wrote:

My AdAware has been repeatedly sending me this bug message:

HKEY_CLASSES_ROOT:regfile\shell\open\command

It activates on startup. I"ve gone thru my start up menu, have
deleted just about everything, but have to run the ad aware every
morning before I go on line, since this one particular file keeps
coming up as a possible trojan. For the life of me I can't find it.
I've looked for the file, I've sent the registry file finder to
search for it, and it can't find it. SpyBot misses it, Spyware
blaster misses it, WinCleaner misses it, my virus protection misses
it, and my firewall has no record of it. All of my programs are up to
date, and I check daily if there are updates before I log off for the
evening)

My AdAware is on the newest regfile. It says this file is a
vulnerability, possible trojan, and low threat, but none the less, I
can't even find it to get rid of it, much less know what it is.

Would anybody have any idea what this file is, where I can find it
and what I can do about it ?

Thank you in advance
Bev=20

Bewv,

Haven't a clue what this thing is doing when I go on line.

I've tried to explain what this report is referring to and it has nothing to
do with going on line but rather the default action for reg files. If you
have modified the default action to Edit from Merge you can now safely ignore
or exclude the AdAware warning. You can check this for yourself by right
clicking on a reg file and seeing which of the various actions is highlighted.
--
Mike Maltby



caroskos caroskos wrote:

Thank you for your suggestion. I did follow your directions exactly,
rebooted, ran ad aware at start up again and the same message comes
up over the quarantine window.....

1 object recognized...1 registry value defined, and then the
quarantine notice says:

WINDOWS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegData : regfile\shell\open\command

I'm not looking for a file, I'm trying to get the continual
quarantine, possible virus found message to stop. Haven't a clue what
this thing is doing when I go on line. It gets contained if I run the
AdAware before connecting.

Thank you for your help in this matter. I've made sure that Edit is in =
the default, and have now put the file into Ignore on my AdAware =
program. I'm breathing easier ) This has been driving me wild for =
nearly a week and I couldn't figure out what had happened. You've been =
most kind helping me to understand and solve this problem.=20
Thank you again
Bev


"Mike M" wrote in message =
...
Bewv,

Haven't a clue what this thing is doing when I go on line.

I've tried to explain what this report is referring to and it has =
nothing to=20
do with going on line but rather the default action for reg files. If =
you=20
have modified the default action to Edit from Merge you can now safely =
ignore=20
or exclude the AdAware warning. You can check this for yourself by right =

clicking on a reg file and seeing which of the various actions is =
highlighted.
--=20
Mike Maltby



caroskos caroskos wrote:

Thank you for your suggestion. I did follow your directions exactly,
rebooted, ran ad aware at start up again and the same message comes
up over the quarantine window.....

1 object recognized...1 registry value defined, and then the
quarantine notice says:

WINDOWS
=
=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=A F=AF=AF=AF=AF=AF=AF=AF=AF=
=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF
obj[0]=3DRegData : regfile\shell\open\command

I'm not looking for a file, I'm trying to get the continual
quarantine, possible virus found message to stop. Haven't a clue what
this thing is doing when I go on line. It gets contained if I run the
AdAware before connecting.

Bev,

No problem. I just hope that my analysis is correct (I believe that to be the
case).

Cheers,
--
Mike Maltby



caroskos caroskos wrote:

Thank you for your help in this matter. I've made sure that Edit is
in the default, and have now put the file into Ignore on my AdAware
program. I'm breathing easier ) This has been driving me wild
for nearly a week and I couldn't figure out what had happened. You've
been most kind helping me to understand and solve this problem.
Thank you again

On Mon, 9 Aug 2004 13:37:23 -0700, caroskos wrote:

I've made sure that Edit is in the default, and have now
put the file into Ignore on my AdAware program.

Yes, I think AdAware is prone to false positives here, in that it sees
any changes from duhfaults as possibly hostile - e.g.
- any use of about:Blank as IE home page
- any non-standard associations for .reg etc.

So when you change from risky duhfaults to something smarter, AdAware
may highlight this as an "intrusion". Such is life, when one lives in
a room without walls... we lost that game when the industry decided it
was fine and proper to allow web sites programming rights on visitor's
PCs, and trying to push even the genie's toes back into the bottle (as
XP SP2 sets out to do) causes "you broke our app!" pain.



------------ ----- --- -- - - - -
Drugs are usually safe. Inject? (Y/n)
------------ ----- --- -- - - - -