Jump to content

2 potentially unwanted modification found --> what does it mean&what to do?


Recommended Posts

Hi,

I just started MB the first time (I use avast, and just want an occasional additional second opinion scan from MB free) and the only 2 things MB found were these 2  potentially unwanted modifications:

I copied the exact description out of the protocoll:

Quote

Registrierungsdaten: 2
PUM.Optional.ConnectionControlRestriction, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|CONNECTIONSTAB, Keine Aktion durch Benutzer, [12965], [293303],1.0.6635
PUM.Optional.ConnectionControlRestriction, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|CONNECTIONSTAB, Keine Aktion durch Benutzer, [12965], [293303],1.0.6635

I do not know what it means and I have not yet made "an action" (means no deleting or putting it into quarantine).

Is this something i should worry about?

PS: I use nearly never the internet explorer so I wondered about the location of the PUM.

 

Thank you in advance!

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

PUM is considered  Potentially Unwanted Modifications. In your case in Internet Explorer.

For me to check it out I need to see these logs.


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This fix will remove the restriction on IE

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know if all is well.

fixlist.txt

Link to post
Share on other sites

Hey Nasdaq,

thanks for your answer!

I have 2 questions left and would be very thankful if you could answer them.? sorry, I am not yet very experienced with malware.

1. ) Should I first "delete" the 2 PUM (which are currently in the quarantine in Malwarebytes) with Malwarebytes? or should I just run your attached file and do nothing else with Malwarebytes?

2.) Is it possible that I create an external backup of my system before I run your file? Just in case it gets worse than before. Or is this not recommended?

 

Thanks for your help so far!

Edited by cacao123
Link to post
Share on other sites


Should I first "delete" the 2 PUM (which are currently in the quarantine in Malwarebytes) with Malwarebytes?

No. The file in the quarantine folder of MBAM can be deleted when all is well.

===

Is it possible that I create an external backup of my system before I run your file? Just in case it gets worse than before. Or is this not recommended?

Not required. The fix will create a restore point in the event tha something goes wrong.

Link to post
Share on other sites

Edit: I want to add something: 20 minutes before I ran your fixlist I googled something with firefox (wanted to know something about microsoft outlook) and clicked the google-link to a german blog. In that moment an Avast window opened an told me that it blocked the connection to a completely other web-adress because it was infected with URL:Phishing. In my browser history it seems like this blog-website has directed me to the "harmful" site. I just don't know whether this was caused by a problem/infection from my computer or the website of the blog was infected.

Anyway, after that I let your script do its job and posted the fixlog.

After that I did a new scan with malwarebytes free, which found nothing.

Now I am just concerned a little, if there is something more hiding ?

 

Edit2: The 2 PUM Files are still in quarantine, i will delete them when you give me your ok.

Edited by cacao123
Link to post
Share on other sites

Hi,

If all is well, you should be clean.

For your peace of mind you can always run this scan.

This scan may take an hour or two. Execute it when you know you will not need the comuuter.

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.



Please re-enable your antivirus program.
 

 

 

Link to post
Share on other sites

Thanks for your patience and your answer nasdaq!

I will try the eset scanner in the next days ?

 

I have just two short questions left (how could it be otherwise ? )

1. can I now delete the two PUM in malwarebytes quarantine?

2. how do I do a clean uninstall/removal of the farbar recovery scan tool from my computer?

 

kind regards

Edited by cacao123
Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

1. can I now delete the two PUM in malwarebytes quarantine?


https://www.malwarebytes.com/support/guides/malwarebytes-for-mac/Quarantine.html

===

2. how do I do a clean uninstall/removal of the farbar recovery scan tool from my computer?

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.

Hope that will help.

Link to post
Share on other sites

8 minutes ago, nasdaq said:

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

 


https://www.malwarebytes.com/support/guides/malwarebytes-for-mac/Quarantine.html

===

--> My question was not how, but whether I can delete them now. But I comprehend your answer as a yes ?

 

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.

Hope that will help.

Thanks nasdaq! Do you want me to upload the log from delfix after this programm did its job?

Thanks for your help nasdaq! I really appreciate it! I posted my answers in red inside your quote.

Thank you for removing the PUM!

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.