22 replies to this topic

[tmax86]

Hello all, I am new here and this is my first post. I just reloaded XP on my machine. When done this time, I installed the Microsoft Security Essentials security suite for protection. I ran scans ... all good. I then installed Malwarebytes and ran scan. I can up with the same alerts.

PUM.Disabled.SecurityCenter

AntiVirusDisableNotify
AntiVirusDisableNotify


Now a long time ago when used Spybot Search and Destroy, it came up with the same type of message. Turned out to be some kind of false alert and an exception had to be flagged.

Are you guys sure this is an actual pest? I just thought I would throw my two cents in, this alert seems to be new.


Thanks

Rockit86

[tmax86]

Hi there ... me again, sorry to bother.


I ran into this post ... is this a similar issue?

http://forums.malwar...showtopic=69556

[tmax86]

OK I think I misread the post ... you guys are talking about the Malware.Packer.Gen issue. sorry about that. I only noticed the PUM thing and was wondering about it myself as I just ran across that on my machine.

R

[tetonbob]

Hi tmax86,

The entry may be a bit different than the post you linked to but the answer is similar.

PUM means potentially unwanted modification. Spyware can disable the security center or some power users decided to disable it on their own. If you haven't disabled security center monitoring yourself, then we would recommend fixing it. Or, if you have disabled security center monitoring, you can choose to ignore those, or "show in results list but do not check for removal" on the Scanner Settings.

[tmax86]

tetonbob, on Dec 7 2010, 09:10 PM, said:

Hi tmax86,

The entry may be a bit different than the post you linked to but the answer is similar.

PUM means potentially unwanted modification. Spyware can disable the security center or some power users decided to disable it on their own. If you haven't disabled security center monitoring yourself, then we would recommend fixing it. Or, if you have disabled security center monitoring, you can choose to ignore those, or "show in results list but do not check for removal" on the Scanner Settings.

Thanks tetonbob

So what is the final outcome to this issue ... about the PUM? This must be some change in MBAM, I never received this error and this is a brand new install. I have checked and rechecked everything I know ... have have found no malware.

So Until I hear something concrete from MBAM, I am going to put the PUM antivirus notification thing on ignore. Surely someone will have a definite explanation.

Thanks all

[tetonbob]

Hi tmax86.

PUM is a new classification in our 1.50 release of entries we were already monitoring and reporting in previous versions.

More detail here:

http://forums.malwarebytes.org/index.php?s...mp;#entry353243

Quote

4. Ability to include or exclude potentially unwanted programs (PUP), potentially unwanted system modifications (PUM), and peer-to-peer software (P2P) from scans and protection module detections.

Also, more detail is available in the internal help file. Go to the About tab, and click on Help. Expand "Features and Functions" and click on Settings.


May I ask what AntiVirus application you have installed?

The reason I ask is because many of them (in particular Symantec/Norton and McAfee along with some others) will disable these settings because they have their own monitoring components and they don't want users bothered with twice the number of alerts should a component be disabled (these settings monitor whether your AV and Firewall are turned on or not).

This setting can also be created when you uncheck in Windows Security Center (for example, in XP, open the Security Center - from Control Panel and click on Change the way Security Center notifies me. > "Alert me if my computer might be at risk because of my virus protection software settings" )

[nosirrah]

In options you can turn all PUM detections off or even set them to warn only. We added this additional functionality to give advanced users and corp users an easy way to work around their intentional policy restrictions.

[AdvancedSetup]

[tmax86]

tetonbob, on Dec 8 2010, 11:45 AM, said:

Hi tmax86.

May I ask what AntiVirus application you have installed?

I installed the Microsoft Security Essential

[AdamK]

Good Morning all,

I had recently reinstalled my XP OS on my laptop and when the security settings red balloon came up in the task bar, i customized it to disable firewall, allow me to monitor my own anti virus software and to allow me to choose when i update my machine with MS updates. These actions inhibit the messages from coming up in the task bar every time the machine is started up. So MB recognizes this as a potential threat and not spyware, just changes to your system most every time (in my case) by me the user.

Hope this helped.

[Spendthrift]

I’m a newbie so please forgive me if this is the wrong thread – it’s the latest of many threads on the PUM topic. I’ve been perplexed by the PUM warnings with Malwarebytes, in my case, relating to the IE home page. I could not find any problems and running MSE and an online virus checker didn’t disclose anything wrong..
However, I also use Spybot and I set the IE Tweaks tool to lock my start page against user change. After scanning with Malwarebytes and receiving the PUM warning, I discovered that this setting had been unlocked. On locking the start page again, the next time I scanned with Malwarebytes, the warning reappeared.
I wonder if Malwarebytes is finding the block put on start page changes by Spybot and it treating it as an attempt to hijack the setting. I am no expert so can anyone more knowledgeable say whether this might be the (or, a) solution to the puzzle?

[exile360]

Greetings

Your assessment is quite correct. Since you used Spybot Search & Destroy to lock your home page settings in IE, Malwarebytes' Anti-Malware is detecting this policy restriction when you perform a scan. The reason for this is identical to other such policy detections: because infections have been known to manipulate these settings in the same way to prevent the user from altering the settings.

In this case, since you know why this policy restriction is in place, and you are actually using it to protect your homepage settings, please have Malwarebytes' Anti-Malware ignore this detection and it will no longer show up when you perform future scans.

Please let us know if there's anything else we can assist you with.

Thanks

[Spendthrift]

exile360, on 19 September 2011 - 11:25 AM, said:

Greetings

Your assessment is quite correct. Since you used Spybot Search & Destroy to lock your home page settings in IE, Malwarebytes' Anti-Malware is detecting this policy restriction when you perform a scan. The reason for this is identical to other such policy detections: because infections have been known to manipulate these settings in the same way to prevent the user from altering the settings.

In this case, since you know why this policy restriction is in place, and you are actually using it to protect your homepage settings, please have Malwarebytes' Anti-Malware ignore this detection and it will no longer show up when you perform future scans.

Please let us know if there's anything else we can assist you with.

Thanks

[Spendthrift]

Many thanks for the quick reply.
I'm glad you confirm my analysis.

[exile360]

You're very welcome, I'm glad to be of service .

[davejames]

Hi All,

First-time member, first post.

Just wanted to say thanks to all the responders on this thread topic.

After having my computer resurrected after a nasty, nasty malware attack ("System Fix"/"System Tool"), I just about freaked when seeing the PUM warning this morning.

Forum member exile's explanation lead me right to where I could correct the issue.

Thanks again!

Oh - and also - the Malwarebytes staff responders are a lot friendlier than the Mxxxxx responders.

Regards,

DJ

[exile360]

Greetings DJ and welcome

I'm glad that the info was able to help you out, if you need anything else please don't hesitate to post.

Thanks

[CiTiBoY]

I have this problem and trust me it's not something you want to ignore, unless you want everything you do on the net to be open to whoever implanted this thig to begin with. I am running MBAM Pro and am still trying to find somone who can remove this thing permanently by the way, has anyone tried windows update since receiving this warning? Not only has it disabled the security center it disable windows update and infested several other programs. Start/run msconfig rssponse "msconfig cannot be found on the system" "windows update cannot proceed because security is disabled all these items are not a result of a fake trojan. Someone gets the answer to the seurity part I can't wait to hear the answer!! The other items I have resolved myself. Thanks for any help!

[davecason]

Hello,

I just did a reinstall of my XP OS as well and now I am also getting this flag in MBAM. But in reading the thread I’m not sure I understand.

- is the MBAM shutting off the Microsoft Security Essentials (MSE) program? - Before the re-install I had the MSE on the PC for a long
time and then I installed the MBAM and they both ran happily for a long time is that because of the order of the install?

- is it actually a virus that is performing that registry edit and turning off the MSE and Microsoft program can’t see it where MBAM can ?

- is it a problem having both programs running at the same time, do you suggest leaving the MSE off and just going with MBAM ?

- is there a how-to that will walk me thru removing the virus that causes this error?

Cheers’
Dave

[Maurice Naggar]

Hello Davecason and welcome to MalwareBytes forums.

MBAM and MSE can get along very well. Make sure you set the trust settings as outlined in Section I of the F.A.Q. for MalwareBytes MBAM
see http://forums.malwar...post&pid=181018

MBAM setup does in no way flag or complain about MSE. Nor does it shut it off.

As MBAM is not an anti-virus program, your system does need one, and MSE will do fine. I personnaly have one such system configured with those.

If you had a malware infection and you did not cure it already, then for free guided expert help, do the following:
Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select FOLLOW this topic .

BTW, advise if you (like some of the prior posters) have Spybot S & D as a live protection monitor.

Edited by Maurice Naggar, 07 February 2012 - 03:09 PM.