Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Should I delete these registry keys? (Rogue Killer)

  • Please log in to reply
1 reply to this topic

#1 squid917


  • Members
  • 3 posts
  • Local time:08:28 AM

Posted 04 October 2014 - 10:52 AM

So my computer is running great.  But, I just wanted to check with several malware removers that I had.  I ran Emsoft Emergency Kit, Malware Bytes, Spybot search and destroy, TDSS Killer, and Rogue Killer.  They all came up empty except rogue killer.  It just found some registry keys, from what I think is a piece off malware I had a while ago.  I wanted to make sure they were not false positives or just harmless leftovers.  Thanks!


[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3296861245-906978654-1349800872-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3296861245-906978654-1349800872-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3296861245-906978654-1349800872-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3296861245-906978654-1349800872-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> DELETED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> DELETED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> ERROR [2]
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 AM

Posted 04 October 2014 - 11:04 AM

A Potentially Unwanted Modifcation (PUM) is a possibly unwanted change made to a computer's settings at the system level. PUMs are considered "potentially unwanted" (not necessarily malicious) because the security program making the detection cannot determine if the modification was set by the user, an administrator, a legitimate program or by malware.

The 'PUM' (Potentially Unwanted Modification) detections are not false positives or actual infections but rather settings which you may have made and in some cases, malware also makes. So we scan those sections of the registry for changes which differ from default settings. If you made the modification, you can add them to ignore after your next scan or allow them to be set to Microsoft default settings by our software.

What are 'PUM' detections, are they threats and should they be deleted?

Some security tools will scan and flag certain registry key modifications (i.e. StartMenu, Desktop, SecurityCenter, HomePageControl, NewStartPanel, Internet Explorer HomePage/StartPage, etc and various other Windows registry policies) but cannot determine if they were made intentionally and who or what made the changes. Since that is the case, the tool may flag these changes to ensure the user is aware of the modification(s).

In most cases if you recognize the PUM, you can ignore the detection. If you don't recognize the detection, then you may need to investigate further as to what or who made the modification(s). Security tool developers assume that those using their programs have sufficient or advanced knowledge to know if they disabled or modified such keys and understand the detection. If folks are unsure how to use a particular security tool, then they probably should not be using it without proper guidance.

Usually when a computer is infected with malware there will be indications (signs of infection) that something is wrong.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users