tmax86

PUM.Disabled.SecurityCenter

23 posts in this topic

Hello all, I am new here and this is my first post. I just reloaded XP on my machine. When done this time, I installed the Microsoft Security Essentials security suite for protection. I ran scans ... all good. I then installed Malwarebytes and ran scan. I can up with the same alerts.

PUM.Disabled.SecurityCenter

AntiVirusDisableNotify

AntiVirusDisableNotify

Now a long time ago when used Spybot Search and Destroy, it came up with the same type of message. Turned out to be some kind of false alert and an exception had to be flagged.

Are you guys sure this is an actual pest? I just thought I would throw my two cents in, this alert seems to be new.

Thanks

Rockit86

Share this post


Link to post
Share on other sites

OK I think I misread the post ... you guys are talking about the Malware.Packer.Gen issue. sorry about that. I only noticed the PUM thing and was wondering about it myself as I just ran across that on my machine.

R

Share this post


Link to post
Share on other sites

Hi tmax86,

The entry may be a bit different than the post you linked to but the answer is similar.

PUM means potentially unwanted modification. Spyware can disable the security center or some power users decided to disable it on their own. If you haven't disabled security center monitoring yourself, then we would recommend fixing it. Or, if you have disabled security center monitoring, you can choose to ignore those, or "show in results list but do not check for removal" on the Scanner Settings.

Share this post


Link to post
Share on other sites
Hi tmax86,

The entry may be a bit different than the post you linked to but the answer is similar.

PUM means potentially unwanted modification. Spyware can disable the security center or some power users decided to disable it on their own. If you haven't disabled security center monitoring yourself, then we would recommend fixing it. Or, if you have disabled security center monitoring, you can choose to ignore those, or "show in results list but do not check for removal" on the Scanner Settings.

Thanks tetonbob

So what is the final outcome to this issue ... about the PUM? This must be some change in MBAM, I never received this error and this is a brand new install. I have checked and rechecked everything I know ... have have found no malware.

So Until I hear something concrete from MBAM, I am going to put the PUM antivirus notification thing on ignore. Surely someone will have a definite explanation.

Thanks all

Share this post


Link to post
Share on other sites

Hi tmax86.

PUM is a new classification in our 1.50 release of entries we were already monitoring and reporting in previous versions.

More detail here:

http://forums.malwarebytes.org/index.php?s...mp;#entry353243

4. Ability to include or exclude potentially unwanted programs (PUP), potentially unwanted system modifications (PUM), and peer-to-peer software (P2P) from scans and protection module detections.

Also, more detail is available in the internal help file. Go to the About tab, and click on Help. Expand "Features and Functions" and click on Settings.

May I ask what AntiVirus application you have installed?

The reason I ask is because many of them (in particular Symantec/Norton and McAfee along with some others) will disable these settings because they have their own monitoring components and they don't want users bothered with twice the number of alerts should a component be disabled (these settings monitor whether your AV and Firewall are turned on or not).

This setting can also be created when you uncheck in Windows Security Center (for example, in XP, open the Security Center - from Control Panel and click on Change the way Security Center notifies me. > "Alert me if my computer might be at risk because of my virus protection software settings" )

Share this post


Link to post
Share on other sites

In options you can turn all PUM detections off or even set them to warn only. We added this additional functionality to give advanced users and corp users an easy way to work around their intentional policy restrictions.

Share this post


Link to post
Share on other sites
Hi tmax86.

May I ask what AntiVirus application you have installed?

I installed the Microsoft Security Essential

Share this post


Link to post
Share on other sites

Good Morning all,

I had recently reinstalled my XP OS on my laptop and when the security settings red balloon came up in the task bar, i customized it to disable firewall, allow me to monitor my own anti virus software and to allow me to choose when i update my machine with MS updates. These actions inhibit the messages from coming up in the task bar every time the machine is started up. So MB recognizes this as a potential threat and not spyware, just changes to your system most every time (in my case) by me the user.

Hope this helped.

Share this post


Link to post
Share on other sites

I’m a newbie so please forgive me if this is the wrong thread – it’s the latest of many threads on the PUM topic. I’ve been perplexed by the PUM warnings with Malwarebytes, in my case, relating to the IE home page. I could not find any problems and running MSE and an online virus checker didn’t disclose anything wrong..

However, I also use Spybot and I set the IE Tweaks tool to lock my start page against user change. After scanning with Malwarebytes and receiving the PUM warning, I discovered that this setting had been unlocked. On locking the start page again, the next time I scanned with Malwarebytes, the warning reappeared.

I wonder if Malwarebytes is finding the block put on start page changes by Spybot and it treating it as an attempt to hijack the setting. I am no expert so can anyone more knowledgeable say whether this might be the (or, a) solution to the puzzle?

Share this post


Link to post
Share on other sites

Greetings :)

Your assessment is quite correct. Since you used Spybot Search & Destroy to lock your home page settings in IE, Malwarebytes' Anti-Malware is detecting this policy restriction when you perform a scan. The reason for this is identical to other such policy detections: because infections have been known to manipulate these settings in the same way to prevent the user from altering the settings.

In this case, since you know why this policy restriction is in place, and you are actually using it to protect your homepage settings, please have Malwarebytes' Anti-Malware ignore this detection and it will no longer show up when you perform future scans.

Please let us know if there's anything else we can assist you with.

Thanks :)

Share this post


Link to post
Share on other sites

Greetings :)

Your assessment is quite correct. Since you used Spybot Search & Destroy to lock your home page settings in IE, Malwarebytes' Anti-Malware is detecting this policy restriction when you perform a scan. The reason for this is identical to other such policy detections: because infections have been known to manipulate these settings in the same way to prevent the user from altering the settings.

In this case, since you know why this policy restriction is in place, and you are actually using it to protect your homepage settings, please have Malwarebytes' Anti-Malware ignore this detection and it will no longer show up when you perform future scans.

Please let us know if there's anything else we can assist you with.

Thanks :)

Share this post


Link to post
Share on other sites

Hi All,

First-time member, first post.

Just wanted to say thanks to all the responders on this thread topic.

After having my computer resurrected after a nasty, nasty malware attack ("System Fix"/"System Tool"), I just about freaked when seeing the PUM warning this morning.

Forum member exile's explanation lead me right to where I could correct the issue.

Thanks again!

Oh - and also - the Malwarebytes staff responders are a lot friendlier than the Mxxxxx responders.

Regards,

DJ

Share this post


Link to post
Share on other sites

Greetings DJ and welcome :)

I'm glad that the info was able to help you out, if you need anything else please don't hesitate to post.

Thanks :)

Share this post


Link to post
Share on other sites

I have this problem and trust me it's not something you want to ignore, unless you want everything you do on the net to be open to whoever implanted this thig to begin with. I am running MBAM Pro and am still trying to find somone who can remove this thing permanently by the way, has anyone tried windows update since receiving this warning? Not only has it disabled the security center it disable windows update and infested several other programs. Start/run msconfig rssponse "msconfig cannot be found on the system" :o "windows update cannot proceed because security is disabled :o all these items are not a result of a fake trojan. Someone gets the answer to the seurity part I can't wait to hear the answer!! The other items I have resolved myself. Thanks for any help!

Share this post


Link to post
Share on other sites

Hello,

I just did a reinstall of my XP OS as well and now I am also getting this flag in MBAM. But in reading the thread I’m not sure I understand.

- is the MBAM shutting off the Microsoft Security Essentials (MSE) program? - Before the re-install I had the MSE on the PC for a long

time and then I installed the MBAM and they both ran happily for a long time is that because of the order of the install?

- is it actually a virus that is performing that registry edit and turning off the MSE and Microsoft program can’t see it where MBAM can ?

- is it a problem having both programs running at the same time, do you suggest leaving the MSE off and just going with MBAM ?

- is there a how-to that will walk me thru removing the virus that causes this error?

Cheers’

Dave

Share this post


Link to post
Share on other sites

ID: 20   Posted (edited)

Hello Davecason and welcome to MalwareBytes forums.

MBAM and MSE can get along very well. Make sure you set the trust settings as outlined in Section I of the F.A.Q. for MalwareBytes MBAM

see http://forums.malwar...post&pid=181018

MBAM setup does in no way flag or complain about MSE. Nor does it shut it off.

As MBAM is not an anti-virus program, your system does need one, and MSE will do fine. I personnaly have one such system configured with those.

If you had a malware infection and you did not cure it already, then for free guided expert help, do the following:

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select FOLLOW this topic .

BTW, advise if you (like some of the prior posters) have Spybot S & D as a live protection monitor.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

I did a new install on a laptop for a friend, I then went to put flashplayer from adobe on his computer and went to this site.......... http://get.adobe.com/flashplayer/........ DO NOT USE THIS SITE, my microsoft pop up blocked it and i unblocked it thinking it was flash player then downloaded it, a box opened with a bunch of code, i closed it but knew something wasnt quite right, I am familiar with MB and have been using the free version, downloaded it and installed on friends computer, ran it, the PUM showed up and I fortunately was able to remove it. :D

Share this post


Link to post
Share on other sites

I did a new install on a laptop for a friend, I then went to put flashplayer from adobe on his computer and went to this site.......... http://get.adobe.com...player/........ DO NOT USE THIS SITE, my microsoft pop up blocked it and i unblocked it thinking it was flash player then downloaded it, a box opened with a bunch of code, i closed it but knew something wasnt quite right, I am familiar with MB and have been using the free version, downloaded it and installed on friends computer, ran it, the PUM showed up and I fortunately was able to remove it. :D

wbauers

Please do not post links to malicious sites. Uninformed users could possibly be infected.

Share this post


Link to post
Share on other sites

The posted link is actually invalid so should not be an issue, although you may want to check that computer as the link in general is a valid Adobe link. If the link was redirected that is a sign the system is potentially infected.

Unless you know for certain that you have and keep a valid link for Acrobat Reader I would simply recommend going to the main site and using their link to obtain the correct Reader.

Adobe.com Main Site

You can also go directly to their FTP site for download.

Adobe Reader FTP site

Current Adobe Reader ENGLISH version 10.1.3

When using the Adobe.com main website please also make sure you wait a few seconds after clicking the download for their plugins and if/when they bring up a link you will often see a check mark on items like McAfee Security Scan Plus - please make sure you uncheck those items unless it really is something you specifically do want (in most cases users don't even realize it is installing that other item when you click the download link and the check mark is on).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.