BCMBAM1 Posted July 7, 2012 ID:567810 Share Posted July 7, 2012 Hello Everyone:I've been using MBAM Pro for some time, but this is my first post. I bought a new ASUS G75 laptop and am getting the following message when I scan:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch. Vendor: PUM.Hijack.StartMenuCategory: Registry DataOther: Bad (0) Good (1)My system is set up, for the most part, just like my previous laptop and my curretn desktop. However, this is the first time I've seen this after a scan. It also has not been flagged by either my previous AV program (KIS) or my current AV (NIS 2012). Also, I don't see anything in the actual scan logs. My last scan looks like this:7/7/2012 12:53:10 AMmbam-log-2012-07-07 (00-53-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 204850Time elapsed: 1 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)I have put the detection in the ignored list for now. Is this a false positive or anything I need to be concerned about. Note that I have made changes to the start menu using Autoruns to reduce the number of items running at startup.Any help would be appreciated.BC Link to post Share on other sites More sharing options...
daledoc1 Posted July 7, 2012 ID:567819 Share Posted July 7, 2012 Hello and welcome to MBAM forum, BCMBAM1: Until one of the MBAM staff arrives, PUM means "Potentially Unwanted Modification".If it is a change to the system that you made & you are experiencing no abnormal computer symptoms suggestive of infection, then I am pretty sure it would be safe to ignore it.If not, then it could possibly be a sign of infection.FYI Your MBAM scan log looks as if it's missing some of the header info?I'd probably post back with the entire, complete scan log, so that one of the experts can take a look and provide further advice.HTH,daledoc1 Link to post Share on other sites More sharing options...
BCMBAM1 Posted July 7, 2012 Author ID:567821 Share Posted July 7, 2012 Hi Daledoc1:Thanks for the quick reply. Here's the full log as you suggested (I crossed out the name portion for privacy reasons):Malwarebytes Anti-Malware (PRO) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.07.07.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421XXXXXXXXXXXXX[administrator]Protection: Disabled7/7/2012 12:53:10 AMmbam-log-2012-07-07 (00-53-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 204850Time elapsed: 1 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)You'll note that I have real-time protection off. I'd like to turn it on, but Norton suggests it should be off - but that's off-topic right now. I'll be looking forward to hearing from you or a staff member about this.Thanks again,BC Link to post Share on other sites More sharing options...
daledoc1 Posted July 7, 2012 ID:567823 Share Posted July 7, 2012 OK, thanks.With the caveat that I am neither qualified nor authorized to provide malware advice, I expect that this detection reflects a change to your computer's settings that you made.Because this modification is something that could be done by malware, it is detected by MBAM as a "PUM".But we'll need to wait for someone more expert to weigh in.I assume you do not suspect infection???Also, it ought NOT to be necessary to disable MBAM PRO Real-Time protection with NIS.MBAM is specifically designed and tested to be compatible with all of the major AV products, in order to provide layered, complementary protection against threats often missed by the AVs.So long as you set the reciprocal exclusions, you should be fine.These instructions are for NIS2011, but I assume they would be similar for NIS2012.Cheers,daledoc1Show Hidden Files and Folders in Windows Vista and Windows 7:Click on the Start button and select ComputerPress the Alt key on your keyboard and click on ToolsSelect Folder OptionsClick the View tab and make sure that Show hidden files and folders is selected under Hidden files and foldersNext, uncheck the box next to Hide protected operating system files (Recommended)Then, uncheck the box next to Hide extensions for known filetypesClick Apply then click OKSet Exclusions for Malwarebytes' Anti-Malware in Norton Internet Security 2011 on 64 bit Windows Versions:Open Norton Internet Security and click on Settings at the topClick on Computer SettingsClick Configure [+] to the right of Items to Exclude from Auto-Protect and SONARClick AddMake sure that Include subfolders is checked in the small Add Item windowClick the small folder icon to the right of the blank white spaceIn the Browse for Folder window that opens, navigate to C:\Program Files (x86)Click once on Malwarebytes' Anti-Malware to highlight it and click on OKClick OK and verify that in the box under The following items are ignored by both Auto-Protect and SONAR: it says C:\Program Files (x86)\Malwarebytes' Anti-MalwareRepeat steps 4-9 for the following files and folders:C:\Documents and Settings\All Users\Application Data\Malwarebytes Note: On Vista and 7 this will be C:\ProgramData\MalwarebytesC:\Windows\System32\drivers\mbam.sysC:\Windows\SysWOW64\drivers\mbamswissarmy.sys Once you have all of those items in your list, click on Apply then click on OK to close that window and then click Apply and OK to close the Settings windowClose the Norton Internet Security windowReset Hidden Files and Folders in Windows Vista and Windows 7:Click on the Start button and select ComputerPress the Alt key on your keyboard and click on ToolsSelect Folder OptionsClick the View tab and make sure that Do not show hidden files and folders is selected under Hidden files and foldersNext, check the box next to Hide protected operating system files (Recommended)Then, check the box next to Hide extensions for known filetypesClick Apply then click OKSet Exclusions for Norton Internet Security in Malwarebytes' Anti-Malware:Open Malwarebytes' Anti-Malware and click on the Ignore List tabClick the Add button on the lower leftIn the small browse window that opens, navigate to C:\Program Files and click once on Norton Internet Security and click OKClose Malwarebytes' Anti-Malware Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now