Jump to content
Sign in to follow this  
cahosrahneveloza

Removing "Help & Support" from the Start Menu makes Malwarebytes "thinks" it's a virus

Recommended Posts

For the last two days whenever I perform a full scan with Malwarebytes it shows a report of a "could be" Malware infection which I'm pretty sure is not.

Quoted from one of my Full scan results...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5243

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/5/2010 5:00:56 AM
mbam-log-2010-12-05 (05-00-56).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 206141
Time elapsed: 45 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Removing & fixing said "threat" only "resolves" one thing:

It shows "Help & Support" back on my Windows XP Machine's start menu. I actually disable or more precisely speaking "hide" this option by default, that is to say I usually have it hidden.

If I again hide "Help & Support", the application (Malwarebytes) would again see what I did as a Ppotentially Unwanted Modification (PUM), making me think that this whole deal is just a False Positive. The program started detecting this "threat" after I updated Malwarebytes to version 1.50 from the last version (sorry I forgot the last version number but rest assured it's the previous one immediately before 1.50) but it never saw this "threat" while I was still using the last version release.

Share this post


Link to post
Share on other sites

PUM.Hijack.StartMenu <- PUM stands for Potentially Unwanted Modification.

There is no way to determine if the user has changed this or if malware has so we opt to help less knowledgeable users and assume that advanced users will understand the detection and add it to their ignore list.

In the MBAM option you can also set all PUM to ignore or even warn but do not fix.

Share this post


Link to post
Share on other sites
PUM.Hijack.StartMenu <- PUM stands for Potentially Unwanted Modification.

There is no way to determine if the user has changed this or if malware has so we opt to help less knowledgeable users and assume that advanced users will understand the detection and add it to their ignore list.

In the MBAM option you can also set all PUM to ignore or even warn but do not fix.

Thanks for the reply :(

So I should just add what its seeing in the ignore list for now then?

And LOL! I clicked on remove/fix which is how I found out what the modification it detected did.

Again thank you for the quick response at least my mind is now at ease.

Share this post


Link to post
Share on other sites
So I should just add what its seeing in the ignore list for now then?

Yes or you can use the options screen to turn modification detections off or to just warn but not fix. Pick the option that works best for the way you use your system.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.