Jump to content

Search the Community

Showing results for tags 'pum'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I have unwanted pups and pums, and I want to remove them without damaging anything. How? I came here first before doing anything a.txt
  2. Hi, Business client has an issue with two workstations, both Windows 10, using Malwarebytes (Corp) 1.80.2.1012, Run a scan and Malwarebytes detects and fixes the follow PUM infection. Registry Data Items Detected: 1 HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Optional.DisabledSecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. [223bb30f7047de58c1186843c9397c84] Screenshot attached, plus log for adw cleaner and malwarebytes. On the next Malwarebytes scan you get the same PUM infection again, used AdwCleamer (found and remove infectison, on second scan all is OK) and JRT no infections found. I need to stop this as the client has been hacked and they lost $20K we think this happened via 365 but I need to clean up all workstations. Thanks in advance. John Hutchins. AdwCleaner[S0].txt mbam-log-2018-01-24 (19-26-07).txt
  3. I'm having problems removing 2 PUM programs from my computer. The first one is PUM.Optional.ProxyHijacker, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [7997], [-1],0.0.0 and the second one is: PUM.Optional.ProxyHijacker, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [7997], [-1],0.0.0 I've used Malwarebytes for many years and have never had this problem. I'm attaching three screenshots to show what it showed after the scan finished. If someone can help me resolve this problem I'd sure appreciate it. Thanks in advance. KathyD
  4. Hi I am trying to determine if A problem exists in my registry. For the second time MBAM quarantined PUM.Optional.NoDrives. Registry Data: 1 PUM.Optional.NoDrives, HKU\S-1-5-21-4184324408-3988974429-3171806208-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoDrives, 1, Good: (0), Bad: (1),Replaced,[967f1dea5662ae88455d7235659d6898] This is worrying to me. I came across this page, and am wondering what I can do next. Thanks
  5. Ihave a registry hack that I have done myself and want to keep [it prevents logoff from appearing on the start menu]. MBAM 3 keeps finding it and I have not been able to find a way to tell MBAM 3 to always ignore it.
  6. I keep getting the same 7 threats every time I run a scan. I try to delete them but after I restart my system I get a message that it was only able to quarantine 5 of the 7. However, if I run a scan again right after, the same 7 threats pop up again. Its been doing this for over a month now. No idea how to get rid of these things. MBAM 9.2.17.txt
  7. Hi, A computer at our workplace has a threat detected named "PUM.Optional.NoDispScrSavPage". It didn't quarantine it in the Malwarebytes Management Console. I'm not sure exactly what this is about. Can anybody give more information about this? See attached screenshot from the console.
  8. Every morning after Malwarebytes Premium 3.0.5 does it's daily scan, it pops up with a PUM detection regarding Windows Defender security being disabled in the registry. It's disabled because I'm not using it. I click on "Ignore Always" and the next morning, same popup. Any ideas? If I can't ignore it permanently, then there is a bug in this product and needs to be fixed.
  9. environment: win-10au (1607-14393.576) 64bit windows-defender (auto-disabled) avg (16.131.7924) mbam (2.2.1.1043) free default-login: admin am wondering if PUM.Optional.NoDrives is false-positive or legitimate threat. here on support.malwarebytes … not much coverage with regard to PUM offenses/detections … i find that curious. does everyone take a nilly-willy approach and simply white-list or remove PUM incidents? and what do they base their decision on? i have read mbam's cursory faq/PUM article … and thanks for that. anyway … normal routine for me is to update/scan mbam every time i boot up. two days ago, after update/scan … mbam alerted me to the above mentioned PUM. investigating on the internet i found only one article regarding a "NoDrives" registry key (see url below). the article never stated if its a legitimate key or not. cutting to the chase, i chose mbam "ignore once" option … rebooted and update/scan second time … same result (the key's binary value changes). so, my question is this … should i white-list the detection or remove it? if the detection reappears (after reboot) … would it then be a candidate for white-list? am attaching the *.txt file … this file was the result after running "mbam.exe /developer" at command-line … thanks, in advance, for the courtesy. attempt_03.txt ref: https://technet.microsoft.com/en-us/library/cc938267.aspx https://support.malwarebytes.com/customer/portal/articles/1834897-what-are-pum-detections-are-they-threats-and-should-they-be-deleted-?b_id=6438
  10. Hi there, We are testing out our new endpoint protection at my company and our first weekly scan was last night. When I came in this morning about 20 out of 75 of our computers had PUM and the Operation says 'no action taken' but when I look in our policy it says 'Show in results list and check for removal.' The only way I can get it to remove it, is if I manually scan each device and when the box comes up to confirm scan, there is a checkbox that says automatically remove threats and if that is checked, they will be quarantined, but that kind of defeats the purpose of the policy and we are going to push this out to 2000 users in the coming weeks, so I want to make sure I get this squared away before then
  11. Hi All I am getting reports of PUM LowRiskFileTypes when performing a scan would appreciate feedback as to whether these are legitimate issues or being reported in error as the LowRiskFileTypes in the registry are intended to assist with the detection of certain file Types and the actions to take thereafter Many Thanks Rob
  12. Is it possible to exclude the PUM object type 'NoSMHelp' from being flagged and removed? Our current policies have the scanner action for PUMs set to 'Show in results and check for removal'. I of course understand that changing the action to 'Show in results list and do not check for removal' or 'Do not show in results list' will exclude it, but this is undesired as we do want PUMs to be logged and flagged for removal; just not 'PUM.Optional.NoSMHelp'. I also understand that we could find the object in the threat list and right-click the object and select 'exclude this object' or manually add it to the ignore list. However, the object itself is going to be for the specific user account, with a unique SID, under which the scanner detected the setting. With this scenario, the exclusion would only apply to that specific user account on that specific machine. The exclusion would not apply to other machines or accounts as the SID in the registry entry would be different for every user on every machine. This is simply unsustainable over time. Even though I am fairly certain this wouldn't work... could editing the ignore list entry to replace the SID with an asterisk work? e.g. HKEY_USERS\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp Or would simply adding 'PUM.Optional.NoSMHelp' to the ignore list accomplish it? Any assistance will be greatly appreciated.
  13. Hello! I scanned with Roguekiller just out of paranoia and it found eight PUM detections in my registry. Malwarebytes has found nothing, so I figure it might just be Roguekiller being overly-protective. Nonetheless, I attached logs from Roguekiller and FRST. If nothing is detected(F/Ps), please tell me. I've never used P2P software, and have never pirated anything. Cheers! roguekillerReport.txt FRST.txt Addition.txt
  14. Having downloaded executed the Farbar Recovery tool I ran a scan. Attached are the Addition.txt and FRST.txt files. What do I do next? Addition.txt FRST.txt
  15. Every time I sit at my computer there is a message saying there is a PUP or PUM waiting to be removed. And I don't seem to be able to update or scan until I have manually quarantined this non-malware item. I have tried setting MBAM to ignore the PUPs and PUMs but it makes no difference. I keep getting these inconvenient demands. Please let me know if there is a way to have PUMs and PUPs handled AUTOMATICALLY. If MBAM can't do it I will look into another anti-malware program. It is a shame because I bought the paid version thinking I would enjoy it, but I am not.
  16. I was doing a screenshot of a youtube clip and trying to paste it into paint, when I tried to save the file to my pictures I got a window error "This operation has been cancelled due to restrictions in effect on this computer. Please contact you system administrator." All of a sudden Malwarebytes started to quarantine some PUP's. When I go into My Computer/This PC I cannot see any of my 3 disk drives. I have my OS and a few programs such as my browser on my SSD and the rest are split between two HDDs. So at the moment file explorer grants me no access to my documents at all...I tried to plug in my usb drive, the system did it's beep sound to detect the drive, but nothing shows up in My Computer/This PC, and the folder doesn't autoload either. I do have Avast Free as well as spyware blaster and spybot s&d. Did I get a virus? What happened? How can I fix this? Please help FRST Logs Attached Thanx! -------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/17/2014 Scan Time: 10:38:44 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.17.05 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Cummings Scan Type: Threat Scan Result: Completed Objects Scanned: 266778 Time Elapsed: 5 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 5 PUM.Hijack.Run, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoRun, 1, Good: (0), Bad: (1),Replaced,[0683f287fc7fee487649205521e33fc1] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetActiveDesktop, 1, Good: (0), Bad: (1),Replaced,[e7a20b6ef08b082e91abc2b39d67d927] PUM.Hijack.Explorer, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetFolders, 1, Good: (0), Bad: (1),Replaced,[bdcce9902259bb7bd9ad2351af55c937] PUM.Hijack.TaskManager, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[d1b87405bcbf8aac69b5b0c790745da3] PUM.RightClick.Disabled, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS|NoBrowserContextMenu, 1, Good: (0), Bad: (1),Replaced,[3e4b1564740762d4d5828be7d82cd52b] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST.txt Addition.txt
  17. Hy ,i've scanned yesterday my computer cause i had problems with the internet connection always falling ,scanned with avira and malwarebytes,spybot plus adwcleaner tdss killer and found nothing ,i did a scan with combofix too (didnt knew then i should wait for someone to ask me to use combofix because i found out later ,so i did it ) ,after i did a scan with rougue killer in safe mode and found the pum policies and pum desktop icons ,are they dangerous?To be more precise i found some time ago pum dns too with rougue killer but since they are noted as pums and since my other antivirus and antimalware programs havent found anything i didnt worried about them but i keep getting them all the time Here is the Rk report of the first scan : RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 01:12:13 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log RKreport_SCN_07162014_230720.log Update 2: then i did another scan after a few hours with Rk in normal startup mode with avira's security settings like autorun block and host protection turned on and came up with this hj.name,userinit.exe marked red so i got scared : RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 04:37:43 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe, -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\cmderd.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_SCN_07012014_160322.log RKreport_SCN_07012014_231456.log - RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log RKreport_SCN_07162014_223100.log - RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - I deleted the pums again but the hj.name couldnt be deleted because avira was protecting the host files so i unchecked the host protection and block autorun security functions in avira ,restarted ,scanned again with Rk and deleted the hj.name too ,but on this second scan the atapi filter wasnt recognize as possible malware .So im thinking the filter could have been the avira block autorun option?and was userinit.exe part of avira too and a false positive or a virus ? it was marked with red Here is the last report without the filter being detected after i disabled avira security protection but with hj.name still there: RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 05:11:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe, -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_DEL_07212014_044312.log RKreport_DEL_07212014_045018.log - RKreport_DEL_07212014_050007.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - RKreport_SCN_07212014_043743.log RKreport_SCN_07212014_044348.log - RKreport_SCN_07212014_045004.log - RKreport_SCN_07212014_045952.log
  18. I was doing a screenshot of a youtube clip and trying to paste it into paint, when I tried to save the file to my pictures I got a window error "This operation has been cancelled due to restrictions in effect on this computer. Please contact you system administrator." All of a sudden Malwarebytes started to quarantine some PUP's. When I go into My Computer/This PC I cannot see any of my 3 disk drives. I have my OS and a few programs such as my browser on my SSD and the rest are split between two HDDs. So at the moment file explorer grants me no access to my documents at all...I tried to plug in my usb drive, the system did it's beep sound to detect the drive, but nothing shows up in My Computer/This PC, and the folder doesn't autoload either. I do have Avast Free as well as spyware blaster and spybot s&d. Did I get a virus? What happened? How can I fix this? Please help Thanx! -------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/17/2014 Scan Time: 10:38:44 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.17.05 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Cummings Scan Type: Threat Scan Result: Completed Objects Scanned: 266778 Time Elapsed: 5 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 5 PUM.Hijack.Run, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoRun, 1, Good: (0), Bad: (1),Replaced,[0683f287fc7fee487649205521e33fc1] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetActiveDesktop, 1, Good: (0), Bad: (1),Replaced,[e7a20b6ef08b082e91abc2b39d67d927] PUM.Hijack.Explorer, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSetFolders, 1, Good: (0), Bad: (1),Replaced,[bdcce9902259bb7bd9ad2351af55c937] PUM.Hijack.TaskManager, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[d1b87405bcbf8aac69b5b0c790745da3] PUM.RightClick.Disabled, HKU\S-1-5-21-3870333655-2615791586-3426683706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS|NoBrowserContextMenu, 1, Good: (0), Bad: (1),Replaced,[3e4b1564740762d4d5828be7d82cd52b] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  19. Hello, Similar to Chuck95 I have two virusses which keep returning at every scan. Already scanned a lot, it doesn't matter if I do a full scan or quick scan. They are in the HKEY. Attached you will find the scan details given by MBAM. It's dutch though. mbam-log-2013-10-25 (10-39-30).txt I don't notice anything on my computer but it's not really comforting to know your infected.. Thanks in advance. Martismarti
  20. Potentially Unwanted Malware detected controlling IE10's homepage. In deliberation with GeeksToGo was concluded that this is most likely a false positive caused by one of my security programs like OnlineArmor or WinPatrol. The following link is a reference to the topic on the forum of GeeksToGo that discusses whether this could truly be malware, I hope this helps: http://www.geekstogo.com/forum/topic/332496-pumhijackhomepagecontrol-false-is-this-a-false-positive-caused-by/ Here is the MBAM log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.08.21.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mattias :: DURRE [administrator] 8/21/2013 7:52:43 PM MBAM-log-2013-08-21 (21-11-46).txt Scan type: Volledige scan (C:\|D:\|) Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 315893 Verstreken tijd: 40 minuut/minuten, 41 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 1 HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Slecht: (1) Goed: (0) -> Geen actie ondernomen. [d9201373175590a60e7b9ea06d9729d7] Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) MBAM_log_2013_08_21_21_11_46_.zip
  21. A couple days ago on my netbook, malwarebytes free picked up the pum. security block malware. after removing it with the software, i have encounted several problems double clicking files or shortcuts opens a settings menu the symbol keys are not working choosing safe mode when booting the pc causes the blue screen of death I have a couple registry back ups, from ccleaner 3.27, but nothing later than the nineth of this month and the most recent system restore point is The net book in question is running windows xp (service pack 3) thanks for the help in advance
  22. For a number of reasons, I thought my system had been compromised, so I installed Malwarebytes and avast, and uninstalled AVG and turned off Windows Firewall and Defender. I hope I've done the right thing. My first mbam scan found several Vundo trojans and a number of PUP and PUM threats, which AVG had not. I deleted all, assuming they were dangerous, but now understand the PUP/PUMs may actually be ok. I think my action has caused problems because my system has slowed dramatically. Changing to Chrome (from IE) seems to have helped, but I don't know why or if I am just imagining it. Not being technical, can anyone offer any advice on how I decide what to delete next time? How do I decide what's safe and what's not, apart from the obvious trojans and virus'? Should I now delete everything in my quarantine? Thanks.
  23. Hello, my name is Martin and I'm a new forum member. Recently I've decided to install Anti-Malware by Malwarebytes and this is the result of a quick scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.23.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 DOM :: DOM-DDCE8360705 [administrator] 2012-07-23 19:39:41 mbam-log-2012-07-23 (19-42-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 172150 Time elapsed: 2 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) From what I've read, items detected are potentially unwanted modifications and you have to do futher research to find out if it is a malware's or software's (yours) modifications. In my OS I selected the option to inform about the updates but not download or install unless I decide to do so. Is this the result of HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0)? I'm not sure about the rest, but i read that it could be actions by antivirus. I'm using AVAST and COMODO Firewall (both up to dates). I'll be thankful for helping me to solve this. Martin
  24. I can't seem to get rid of this item, apparently along with some other people. Here are my logs from Malwarebytes and DDS. Will post Attach.txt if need be. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 California Raisin :: GAMEPC [administrator] Protection: Enabled 6/18/2012 1:31:53 AM mbam-log-2012-06-18 (01-31-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214095 Time elapsed: 2 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by California Raisin at 1:29:55 on 2012-06-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2024 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Motorola Media Link\NServiceEntry.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Razer\Naga\RazerNagaSysTray.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\SupportSoft\bin\bcont.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\system32\ping.exe C:\WINDOWS\explorer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\California Raisin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.xfinity.com/?cid=insDate03062012 uInternet Connection Wizard,ShellNext = hxxp://www.logitech.com/gamepanel uInternet Settings,ProxyOverride = 192.168.*.*;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\california raisin\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe" mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe" mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe" mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE mRun: [soundMan] SOUNDMAN.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [zLoader] c:\documents and settings\california raisin\my documents\downloads\zLoader mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray uPolicies-system: DisableTaskMgr = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A23E82BC-680E-4814-8F9F-A74BCB0A0CF0} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll . ============= SERVICES / DRIVERS =============== . R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-11-5 81920] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-30 654408] R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-5-1 816672] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-12-28 14856] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-30 22344] R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-2-20 103424] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-12-24 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-12-24 20480] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-12-24 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-12-24 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-12-24 11008] S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-18 05:37:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-18 05:31:17 -------- d-----w- c:\program files\Anti-Virus_RootKit 2012-05-24 23:28:53 -------- d-----w- c:\documents and settings\california raisin\application data\LolClient2 . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 1:30:12.75 ===============
  25. Hi Today when I did a flash scan with MBAM I recived this message that i have some PUM wich i really want to delete. http://imageshack.us/photo/my-images/521/32991228.png/ I hat two more PUM-s wich were disabling my registry editor and the task manager. I finally deleted those two viruses using registry editor but now i want to delete these three. Do you know a way to delete these viruses whitout appearing again? Every time I do a flash scan I see them but every time i delete them using MBAM they keep comming back
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.