Jump to content

Confused

BCMBAM1
 Share

Recommended Posts

BCMBAM1

BCMBAM1

Posted
Posted

Hello Everyone:

I've been using MBAM Pro for some time, but this is my first post. I bought a new ASUS G75 laptop and am getting the following message when I scan:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch.

Vendor: PUM.Hijack.StartMenu

Category: Registry Data

Other: Bad (0) Good (1)

My system is set up, for the most part, just like my previous laptop and my curretn desktop. However, this is the first time I've seen this after a scan. It also has not been flagged by either my previous AV program (KIS) or my current AV (NIS 2012). Also, I don't see anything in the actual scan logs. My last scan looks like this:

7/7/2012 12:53:10 AM

mbam-log-2012-07-07 (00-53-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204850

Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I have put the detection in the ignored list for now. Is this a false positive or anything I need to be concerned about. Note that I have made changes to the start menu using Autoruns to reduce the number of items running at startup.

Any help would be appreciated.

BC

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hello and welcome to MBAM forum, BCMBAM1: :)

Until one of the MBAM staff arrives, PUM means "Potentially Unwanted Modification".

If it is a change to the system that you made & you are experiencing no abnormal computer symptoms suggestive of infection, then I am pretty sure it would be safe to ignore it.

If not, then it could possibly be a sign of infection.

FYI Your MBAM scan log looks as if it's missing some of the header info?

I'd probably post back with the entire, complete scan log, so that one of the experts can take a look and provide further advice.

HTH,

daledoc1

Link to post
Share on other sites
BCMBAM1

BCMBAM1

Posted
  • Author
Posted

Hi Daledoc1:

Thanks for the quick reply. Here's the full log as you suggested (I crossed out the name portion for privacy reasons):

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.07.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

XXXXXXXXXXXXX[administrator]

Protection: Disabled

7/7/2012 12:53:10 AM

mbam-log-2012-07-07 (00-53-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204850

Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

You'll note that I have real-time protection off. I'd like to turn it on, but Norton suggests it should be off - but that's off-topic right now. I'll be looking forward to hearing from you or a staff member about this.

Thanks again,

BC

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

OK, thanks.

With the caveat that I am neither qualified nor authorized to provide malware advice, I expect that this detection reflects a change to your computer's settings that you made.

Because this modification is something that could be done by malware, it is detected by MBAM as a "PUM".

But we'll need to wait for someone more expert to weigh in.

I assume you do not suspect infection???

Also, it ought NOT to be necessary to disable MBAM PRO Real-Time protection with NIS.

MBAM is specifically designed and tested to be compatible with all of the major AV products, in order to provide layered, complementary protection against threats often missed by the AVs.

So long as you set the reciprocal exclusions, you should be fine.

These instructions are for NIS2011, but I assume they would be similar for NIS2012.

Cheers,

daledoc1

Show Hidden Files and Folders in Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Set Exclusions for Malwarebytes' Anti-Malware in Norton Internet Security 2011 on 64 bit Windows Versions:

  1. Open Norton Internet Security and click on Settings at the top
  2. Click on Computer Settings
  3. Click Configure [+] to the right of Items to Exclude from Auto-Protect and SONAR
  4. Click Add
  5. Make sure that Include subfolders is checked in the small Add Item window
  6. Click the small folder icon to the right of the blank white space
  7. In the Browse for Folder window that opens, navigate to C:\Program Files (x86)
  8. Click once on Malwarebytes' Anti-Malware to highlight it and click on OK
  9. Click OK and verify that in the box under The following items are ignored by both Auto-Protect and SONAR: it says C:\Program Files (x86)\Malwarebytes' Anti-Malware
  10. Repeat steps 4-9 for the following files and folders:
    • C:\Documents and Settings\All Users\Application Data\Malwarebytes Note: On Vista and 7 this will be C:\ProgramData\Malwarebytes
    • C:\Windows\System32\drivers\mbam.sys
    • C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

  • Once you have all of those items in your list, click on Apply then click on OK to close that window and then click Apply and OK to close the Settings window
  • Close the Norton Internet Security window

Reset Hidden Files and Folders in Windows Vista and Windows 7:

  • Click on the Start vista-7-start.png button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Do not show hidden files and folders is selected under Hidden files and folders
  • Next, check the box next to Hide protected operating system files (Recommended)
  • Then, check the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Set Exclusions for Norton Internet Security in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Norton Internet Security and click OK
  • Close Malwarebytes' Anti-Malware

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.