This past weekend I did my usual scan with MBAM Premium, and it flagged two registry entries related to the above, both as Broken-OpenCommand. I let MBAM quarantine them, and afterwards googled the warning to find there’s considerable differences of opinion on it. Some sites advise that unspecified malware can set it up as a backdoor, while others say it’s simply a Windows warning that file associations have been changed, and if there’s no other signs of infection then it’s harmless and can be ignored.
Interesting to learn that Crypto-Prevent was the probable source.
