Jump to content

Recommended Posts

Hi guys,

Almost certain this is NOT malware.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6621

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/20/2011 1:55:31 PM

mbam-log-2011-05-20 (13-55-31).txt

Scan type: Quick scan

Objects scanned: 181185

Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal. [7b6268b1d32d47b92e82b0effc098779]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal. [25b8f42544bc4fb141724e51fe0757a9]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal. [c91452c73fc1956b10a57e2160a54eb2]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks,

Jkc73

mbam-log-2011-05-20 (13-54-01).zip

Link to post
Share on other sites

Hi guys,

Almost certain this is NOT malware. I also didn't change my Start Menu, and it appears to still be the same.

These 3 below have not appeared in the Start Menu for some time now, and they still don't.

(This is by intention)

  • ControlPanel

  • MyDocs

  • Search

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6621

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/20/2011 1:55:31 PM

mbam-log-2011-05-20 (13-55-31).txt

Scan type: Quick scan

Objects scanned: 181185

Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal. [7b6268b1d32d47b92e82b0effc098779]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal. [25b8f42544bc4fb141724e51fe0757a9]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal. [c91452c73fc1956b10a57e2160a54eb2]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks,

Jkc73

mbam-log-2011-05-20 (13-54-01).zip

Link to post
Share on other sites

PUM = Potentially Unwanted Modifications.

Malware can disable these so we offer a way to correct them for our novice users assuming that advanced users that has intentionally disabled these will see and understand the detection and set them to ignore.

You also have the option to disable all PUM detections in options.

Link to post
Share on other sites

Hello nosirrah,

Thank you for your reply.

I understand that malware can modify the registry, and this part of the registry is not too important for me as I was the one that made the adjustment so these menu items wouldn't show in the Start Menu.

However, I run daily updated scans with mbam, I have not recently encounted these 3 items, could this be an effect of a previous infection that another user of this machine has detected and removed. I don't have any logs to go on, as they have also been deleted. These include my avast logs and my mbam logs.

I thought it may be something involving a new user profile that was created. Is this the only possibility, considering the above information.

eg: The other user profile created the

  • ControlPanel

  • MyDocs

  • Search

for their profile.

That user profile is
Limited
, whilst my user profile is set to
Administrator
.

This doesn't really make any sense to me either, regarding the actual location of the reg entry.

I don't understand how one day it doesn't appear in a scan, the next it does.
:huh:

Thanks for your time...

Regards,

Jkc73 :)

Please note: If you have nothing, I will simply add these entries to the ignore list, as you recommend. ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.