Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Found Infected RegKey


  • Please log in to reply
6 replies to this topic

#1 CoryD55

CoryD55

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 07 July 2011 - 01:14 PM

Here is what it found:

hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced\start_showsearch

Good or bad? Should I allow MalwareBytes to remove it?

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:26 AM

Posted 07 July 2011 - 01:18 PM

Can you post the full log?

#3 CoryD55

CoryD55
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 07 July 2011 - 01:25 PM

Here you go:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7042

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/7/2011 2:24:24 PM
mbam-log-2011-07-07 (14-24-16).txt

Scan type: Quick scan
Objects scanned: 171533
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:26 AM

Posted 07 July 2011 - 02:16 PM

Do a complete scan please.

#5 CoryD55

CoryD55
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 07 July 2011 - 03:38 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7042

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/7/2011 4:37:37 PM
mbam-log-2011-07-07 (16-37-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 362017
Time elapsed: 23 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:26 AM

Posted 07 July 2011 - 09:56 PM

PUM means potentially unwanted modification. Malwarebytes will detect certain registry key modifications but it cannot determine if they were made intentionally by the user or by malware. Therefore, Malwarebytes flags these changes and offers a way to correct them for novice users. The program developers assume that advanced users know if they disabled such keys, understand the detection and can safely add it to the ignore list. You also have the option to disable all PUM detections.

There are various tweaking programs which can keep Search from appearing in the Start Menu. You can even perform that action in Windows by right-clicking Start > select Properties > Customize... under the Start Menu tab > Advanced tab > Start menu items, uncheck the box "Search" and click Ok twice. To add it back to the Start Menu, you repeat those steps but this time check "Search".

If a scan is showing this entry and there no other signs of infection, then having Malwarebytes add them to the Ignore list (by right-clicking) will prevent the detections from showing in future scans. If you are experiencing symptoms of malware and did not disable the entry yourself, then further investigation is warranted as there is no way to specifically tell how or by what something became disabled. There are infections that disable certain Start menu items so that's why Malwarebytes is detecting that setting and letting you know it is disabled.

Usually when your machine is infected with malware, you will experience other signs and symptoms (pop-up alerts, slow computer, poor performance, browser redirects, etc) that indicate something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 CoryD55

CoryD55
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 07 July 2011 - 10:12 PM

That makes way more sense. Thanks for explaining that. I did not disable it and the computer was running slow (mainly startup and internet - I cleared lots of the startup junk). I did some cleanup though and it seems to be doing better. I will post in the Log sections if problems persist. I'll just ignore for now, unless your professional opinion warrants further investigation.

Edited by CoryD55, 07 July 2011 - 10:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users