4 replies to this topic

[Golden]

Hi,

I recently updated to MBAM 1.50 from the previous version. After the database update, I performed a full scan with the result shown below. Can anyone tell me what the PUM.Hijack.StartMenu is, and what the possible source could be?

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5237

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/12/2010 00:55:04
mbam-log-2010-12-04 (00-55-04).txt

Scan type: Full scan (C:|)
Objects scanned: 237511
Time elapsed: 41 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt
art_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt
art_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I suspect these may be false positives, but really we need someone from MBAM to confirm or deny this...hopefully they will be able to respond here soon enough.

Everyone but Golden, your post will be removed.

Groups authorized to help with HJT logs
http://forums.malwar...showtopic=12264

[Gammo]

Hi,

Take a look at the detection name: PUM.Hijack.StartMenu.

PUM stands for "potentially unwanted modification". These kind of items could have been set by yourself or a program you used, but also by malware. It's up to you whether you want to delete them.

Quote

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\St
art_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

This one hid 'My Documents' from the Start Menu.

Quote

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\St
art_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

This one hid the 'Run' command from the Start menu.

[Golden]

Thanks for the reply Gammo. I'm pretty confident its not malware as this PC is only used occisional to access a limited number of trusted websites. Perhaps it was some Windows program modification/update, as I never changed anything that I'm aware of.

At any rate, I'm quite confident its not malware, so we can mark this as solved.

Thanks again,
Golden

[Gammo]

Glad I could help.

I'll ask moderator to close this topic.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!