Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What are 'PUM' detections - can they be innocent?


  • Please log in to reply
6 replies to this topic

#1 Charles29

Charles29

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 11 April 2016 - 04:01 PM

Hello
I'm new here, so do excuse my ignorance.
 
A recent Malwarebytes scan brought up a whole host of 'PUMs' (but no trojans etc) and my computer has been running fine. The only thing I can think of that might have made the change is Rosetta Stone (a language training course). Recently it stopped working completely, and a technical advisor took us though in-depth changes to our laptop in order to make it work again.
 
I also ran Norton Power Eraser after the MB scan, which detected nothing. Could someone please have a look at the below detections, and let me know whether they could be innocent or not?
 
Registry Values: 
Hijack.FolderOptions,
 
Registry Data: 
PUM.Hijack.Run
PUM.Hijack.Regedit
PUM.Hijack.DisplayProperties
PUM.Hijack.DisplayProperties
PUM.Hijack.DisplayProperties
PUM.Hijack.DisplayProperties
PUM.Hijack.TaskManager
PUM.Hijack.HomePageControl
PUM.Hijack.CMDPrompt
 
 
Thank you.

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Charles29

Charles29
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 12 April 2016 - 04:15 AM

Hello

 

I see that my post has been moved - could someone tell me where it's been moved to?

 

Thanks

 

Charles



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 12 April 2016 - 06:13 AM

Your topic was moved to the Am I infected? What do I do? Forum. The path to its location will always show above the title of your first post.

A Potentially Unwanted Modifcation (PUM) is a possibly unwanted change made to a computer's settings at the system level. PUMs are considered "potentially unwanted" (not necessarily malicious) because the security program making the detection cannot determine if the modification was set by the user, an administrator, a legitimate program or by malware.

The 'PUM' (Potentially Unwanted Modification) detections are not false positives or actual infections but rather settings which you may have made and in some cases, malware also makes. So we scan those sections of the registry for changes which differ from default settings. If you made the modification, you can add them to ignore after your next scan or allow them to be set to Microsoft default settings by our software.

What are 'PUM' detections, are they threats and should they be deleted?

Some security tools will scan and flag certain registry key modifications (i.e. StartMenu, Desktop, SecurityCenter, HomePageControl, NewStartPanel, Internet Explorer HomePage/StartPage, SearchPage (SearchScopes), etc and various other Windows registry policies) but cannot determine if they were made intentionally and who or what made the changes. Since that is the case, the tool may flag these changes to ensure the user is aware of the modification(s). If you did not make the change, then most likely it was made by some type of Potentially Unwanted Program (PUP).

In most cases if you recognize the PUM, you can ignore the detection. If you don't recognize the detection, then you may need to investigate further as to what or who made the modification(s). Security tool developers assume that those using their programs have sufficient or advanced knowledge to know if they disabled or modified such keys and understand the detection. If folks are unsure how to use a particular security tool, then they probably should not be using it without proper guidance.

Usually when a computer is infected with malware there will be indications (signs of infection) that something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Charles29

Charles29
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 12 April 2016 - 06:24 AM

Hello

 

Thank you very much for your reply. To be honest, I don't know whether I made those changes. But as I mentioned before, we did have some pretty heavy technical issues with Rosetta Stone that we had to amend, using guidance form an online technical adviser - could they be the cause?

 

I don't recognise any of the signs of infection that you pointed to.

 

To be honest, the one thing I'm worried about is a remote access trojan, because a family member was infected with one recently - he thinks it turned on his webcam and everything! Hence my paranoia. Considering my above results, and the fact that Norton Power Eraser found nothing, and a subsequent MB scan found nothing, is it safe to assume that I don't have one of these?

 

Many thanks

 

Charles



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 12 April 2016 - 07:44 PM


I can only go by what the scan logs show (what was detected, removed) and your description of whatever signs or symptoms of infection you are experiencing.

If you want a more comprehensive look at your system for possible malware by experts, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If you choose to post a log, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Charles29

Charles29
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 13 April 2016 - 07:41 AM

Hello

 

Thank you very much. You may close this post.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 13 April 2016 - 07:54 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users