Jump to content

Recommended Posts

Hi,

I recently updated to MBAM 1.50 from the previous version. After the database update, I performed a full scan with the result shown below. Can anyone tell me what the PUM.Hijack.StartMenu is, and what the possible source could be?

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5237

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

04/12/2010 00:55:04

mbam-log-2010-12-04 (00-55-04).txt

Scan type: Full scan (C:|)

Objects scanned: 237511

Time elapsed: 41 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt

art_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt

art_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I suspect these may be false positives, but really we need someone from MBAM to confirm or deny this...hopefully they will be able to respond here soon enough.

Everyone but Golden, your post will be removed.

Groups authorized to help with HJT logs

http://forums.malwarebytes.org/index.php?showtopic=12264

Link to post
Share on other sites

Hi,

Take a look at the detection name: PUM.Hijack.StartMenu.

PUM stands for "potentially unwanted modification". These kind of items could have been set by yourself or a program you used, but also by malware. It's up to you whether you want to delete them.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\St

art_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

This one hid 'My Documents' from the Start Menu.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\St

art_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

This one hid the 'Run' command from the Start menu.

Link to post
Share on other sites

Thanks for the reply Gammo. I'm pretty confident its not malware as this PC is only used occisional to access a limited number of trusted websites. Perhaps it was some Windows program modification/update, as I never changed anything that I'm aware of.

At any rate, I'm quite confident its not malware, so we can mark this as solved.

Thanks again,

Golden

Link to post
Share on other sites

  • 2 months later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.