Jump to content
TheDude

False Positive (PUM.Hidden.Desktop)

Recommended Posts

*I updated MBAM and ran a quick scan. I keep my desktop icons hidden, using my task bar icons. Seeing PUM.Hidden.Desktop, I quarantined and rebooted. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 3:22:26 PM

mbam-log-2011-12-27 (15-22-26).txt

Scan type: Quick scan

Objects scanned: 168980

Time elapsed: 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I rebooted my computer and ran a complete MBAM scan. PUM.Hidden.Desktop registered again and I quarantined and rebooted. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 4:10:44 PM

mbam-log-2011-12-27 (16-10-44).txt

Scan type: Full scan (C:\|)

Objects scanned: 311283

Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I allowed my desktop icons to be viewed and ran a full MBAM scan. PUM.Hidden.Desktop did not register. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 4:36:31 PM

mbam-log-2011-12-27 (16-36-31).txt

Scan type: Full scan (C:\|)

Objects scanned: 311130

Time elapsed: 23 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I then ran a full MBAM scan with my desktop icons hidden to confirm this false positive. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 4:58:24 PM

mbam-log-2011-12-27 (16-58-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 311152

Time elapsed: 20 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I didn't have a detection hit until I updated to Database version: 911122705. Previous Database versions didn't detect anything whilst I keep my desktop icons hidden. I believe PUM.Hidden.Desktop is a false positive since I can induce this hit from manually hiding or viewing my desktop icons.

H.P. Pavilion P6000 Series, Model p6703w

Microsoft Windows Ultimate 64 Bit O.S. S.P.1

AMD Athlon 640 3000MHz Quad Core Processor

MBAM Free Version

Norton 360 v5

Share this post


Link to post
Share on other sites

PUM mean potentially unwanted modification. Being you set this you want this modification. This is not the default in windows. This can be added to the ignore list.

In the scan results right click the detection and hit add to ignore list.

The reason this was added is a lot of fakeav's are starting to hide icons.

Share this post


Link to post
Share on other sites

*I updated MBAM and ran a quick scan. I keep my desktop icons hidden, using my task bar icons. Seeing PUM.Hidden.Desktop, I quarantined and rebooted. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 3:22:26 PM

mbam-log-2011-12-27 (15-22-26).txt

Scan type: Quick scan

Objects scanned: 168980

Time elapsed: 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I rebooted my computer and ran a complete MBAM scan. PUM.Hidden.Desktop registered again and I quarantined and rebooted. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 4:10:44 PM

mbam-log-2011-12-27 (16-10-44).txt

Scan type: Full scan (C:\|)

Objects scanned: 311283

Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I allowed my desktop icons to be viewed and ran a full MBAM scan. PUM.Hidden.Desktop did not register. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 4:36:31 PM

mbam-log-2011-12-27 (16-36-31).txt

Scan type: Full scan (C:\|)

Objects scanned: 311130

Time elapsed: 23 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I then ran a full MBAM scan with my desktop icons hidden to confirm this false positive. (see below)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/27/2011 4:58:24 PM

mbam-log-2011-12-27 (16-58-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 311152

Time elapsed: 20 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*I didn't have a detection hit until I updated to Database version: 911122705. Previous Database versions didn't detect anything whilst I keep my desktop icons hidden. I believe PUM.Hidden.Desktop is a false positive since I can induce this hit from manually hiding or viewing my desktop icons.

H.P. Pavilion P6000 Series, Model p6703w

Microsoft Windows Ultimate 64 Bit O.S. S.P.1

AMD Athlon 640 3000MHz Quad Core Processor

MBAM Free Version

Norton 360 v5

*I just downloaded MBAM 1.60.0.1800 and ran a quick scan with my desktop icons hidden and had PUM.Hidden.Desktop register (see below)

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.27.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sad1-V :: SAD1-V-HP [administrator]

12/27/2011 5:59:25 PM

mbam-log-2011-12-27 (18-01-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 169023

Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*I quarantined, rebooted and ran another quick scan with the same result (see below)

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.27.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sad1-V :: SAD1-V-HP [administrator]

12/27/2011 6:05:28 PM

mbam-log-2011-12-27 (18-07-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 169017

Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*I then quarantined,rebooted and ran a third scan with desktop icons showing (see below)

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.27.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sad1-V :: SAD1-V-HP [administrator]

12/27/2011 6:09:42 PM

mbam-log-2011-12-27 (18-09-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 169015

Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*I can create the PUM.Hidden.Desktop hit at will by hiding my desktop icons

Share this post


Link to post
Share on other sites

PUM mean potentially unwanted modification. Being you set this you want this modification. This is not the default in windows. This can be added to the ignore list.

In the scan results right click the detection and hit add to ignore list.

The reason this was added is a lot of fakeav's are starting to hide icons.

I understand your explanation - thanks. However, I have chosen to "ignore" this item since I hide my desktop icons, when using Rainmeter. All seems fine until a new update is issued and I reboot the pc, then I have to again "ignore" the item. Is this the way it is gong to be from now on?

Share this post


Link to post
Share on other sites

I understand your explanation - thanks. However, I have chosen to "ignore" this item since I hide my desktop icons, when using Rainmeter. All seems fine until a new update is issued and I reboot the pc, then I have to again "ignore" the item. Is this the way it is gong to be from now on?

No, the following should correct your issue:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

The formatting of our Ignore List changed, so doing a clean install of version 1.60 should correct the problem. You'll just need to scan and ignore this detection one last time after doing the above steps.

Share this post


Link to post
Share on other sites

PUM mean potentially unwanted modification. Being you set this you want this modification. This is not the default in windows. This can be added to the ignore list.

In the scan results right click the detection and hit add to ignore list.

The reason this was added is a lot of fakeav's are starting to hide icons.

Thank you for this! I logged in to ask about this issue as I always keep my desktop icons hidden so that I can see whatever nice wallpaper I'm using! I have a Desktop Toolbar on my Quick Launch bar so that I can access any of the programs after clicking on the double chevron and this makes having the desktop icons visible somewhat superfluous. I'd already added 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideIcons' to my Ignore List, so it's nice to know I did the right thing.

Many thanks for an excellent program!

Madeline :)

Share this post


Link to post
Share on other sites

No, the following should correct your issue:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

The formatting of our Ignore List changed, so doing a clean install of version 1.60 should correct the problem. You'll just need to scan and ignore this detection one last time after doing the above steps.

Thanks exile360. I followed your instructions and all went well. I believe everything is working fine for me now. I appreciate your detailed instructions.

Share this post


Link to post
Share on other sites

Thanks exile360. I followed your instructions and all went well. I believe everything is working fine for me now. I appreciate your detailed instructions.

You're very welcome, and thank you for letting me know :).

Please don't hesitate to contact us again if you have any future issues or questions.

Thanks :)

Share this post


Link to post
Share on other sites

PUM mean potentially unwanted modification. Being you set this you want this modification. This is not the default in windows. This can be added to the ignore list.

In the scan results right click the detection and hit add to ignore list.

The reason this was added is a lot of fakeav's are starting to hide icons.

Hi, lot's of user OS configurations will be non-standard.

How does MBAM differentiate between a normal/safe non-standard Windows OS setup and possible changes due to malware?

Also, when getting this FP, after I right-clicked and chose 'vendor information', the MBAM home page opened.

Am I supposed to look further myself or is this an error/bug?

Regards, BiBo.

Share this post


Link to post
Share on other sites

Hi again, (I can't edit my post so here is another one)

When having finished a quick scan and added this pum to the ignore list, when I click on 'exit', i get a message like 'A scan is in progress, are you sure you want to exit', while the scan has obviously already finished. Is this a known error/bug or normal?

Share this post


Link to post
Share on other sites

That is normal so malware cant easily close mbam on you.

Mbam cant differentiate from Malware or the user setting this. That is why its set to PUM meaning potentially unwanted modification as its default is to show icons. If a user wants this then they can set it on the ignore list like you did.

That said we are still evaluating this detection.

Share this post


Link to post
Share on other sites

You're very welcome, and thank you for letting me know :).

Please don't hesitate to contact us again if you have any future issues or questions.

Thanks :)

I understand what why this is happening but I don't particularly like it. I am getting this again after each update - I have to "ignore" it and all is ok until another update. I just wish there were some way to make the ignore permanent so I don't have to mess with it each time.

Share this post


Link to post
Share on other sites

Why is this problem only happening to some computers, my MWBAM full scan also came with this result PUM.Hidden.Desktop HKCU/SOFTWARE/Microsoft/CurrentVersion/Explorer/Advanced|HideIcons.

But when I did a full scan on my other pc (netbook running windows 7 starter), the results came clean even though both of my pcs have the desktop icons set to hide. I use objectdock on my "infected" pc that's why I have no need for icons.

Share this post


Link to post
Share on other sites

Being there seems to be similiar software (objectdock and the like) using this we have decided to pull this detection. This will no longer be detected in the next update.

Share this post


Link to post
Share on other sites

Johnburns if you are using 1.60 and the ignore list is not sticking you may have to do a complete uninstall/reinstall to get the ignore list working properly so it retains the ignore. 1.60 changed the format and if the old format file is left behind by the install package then we have seen this issue.

Share this post


Link to post
Share on other sites

Johnburns if you are using 1.60 and the ignore list is not sticking you may have to do a complete uninstall/reinstall to get the ignore list working properly so it retains the ignore. 1.60 changed the format and if the old format file is left behind by the install package then we have seen this issue.

Thanks for your post - everything seems to be working fine now. Good way to start the year. May 2012 be good to you!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.