Jump to content


Photo
- - - - -

PUM.Hijack.StartMenu


  • This topic is locked This topic is locked
4 replies to this topic

#1 Golden

Golden

    New Member

  • Members
  • Pip
  • 24 posts
  • Location:Adelaide

Posted 03 December 2010 - 09:33 AM

Hi,

I recently updated to MBAM 1.50 from the previous version. After the database update, I performed a full scan with the result shown below. Can anyone tell me what the PUM.Hijack.StartMenu is, and what the possible source could be?

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5237

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/12/2010 00:55:04
mbam-log-2010-12-04 (00-55-04).txt

Scan type: Full scan (C:|)
Objects scanned: 237511
Time elapsed: 41 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt
art_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt
art_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I suspect these may be false positives, but really we need someone from MBAM to confirm or deny this...hopefully they will be able to respond here soon enough.

Everyone but Golden, your post will be removed.

Groups authorized to help with HJT logs
http://forums.malwar...showtopic=12264

#2 Gammo

Gammo

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,366 posts
  • Gender:Male
  • Location:the Netherlands

Posted 05 December 2010 - 09:35 AM

Hi,

Take a look at the detection name: PUM.Hijack.StartMenu.

PUM stands for "potentially unwanted modification". These kind of items could have been set by yourself or a program you used, but also by malware. It's up to you whether you want to delete them.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\St
art_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

This one hid 'My Documents' from the Start Menu.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\St
art_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

This one hid the 'Run' command from the Start menu.

Posted Image

Posted Image

Please post the final results, good or bad. We like to know!
I'm infected - What do I do now? - please read before starting a new topic

My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 Golden

Golden

    New Member

  • Members
  • Pip
  • 24 posts
  • Location:Adelaide

Posted 06 December 2010 - 03:12 AM

Thanks for the reply Gammo. I'm pretty confident its not malware as this PC is only used occisional to access a limited number of trusted websites. Perhaps it was some Windows program modification/update, as I never changed anything that I'm aware of.

At any rate, I'm quite confident its not malware, so we can mark this as solved.

Thanks again,
Golden

#4 Gammo

Gammo

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,366 posts
  • Gender:Male
  • Location:the Netherlands

Posted 07 December 2010 - 11:38 AM

Glad I could help. ;)

I'll ask moderator to close this topic.

Posted Image

Posted Image

Please post the final results, good or bad. We like to know!
I'm infected - What do I do now? - please read before starting a new topic

My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 08 February 2011 - 02:24 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users