Malwarebytes found something strange..

Discussion in 'other anti-malware software' started by Engineeringfun, Apr 12, 2011.

Thread Status:
Not open for further replies.
  1. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    I downloaded and installed Malwarebytes, and after it ran its scan, right at the end it found this.

    PUM.Disabled.SecurityCenter in the Registry Data.

    Our computer has never been infected by malware, there was a site that tried to send a few trojan but ESET NOD32 terminated the attempt. There have also been no indications of infection. Does this mean that the computer is infected or is it a false positive?

    Our Antivirus is Nod32 version 4

    Thanks :)
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Run scans with some other scanners and see what they say. Suggestions:

    1. Dr.Web Cureit
    2. SuperAntiSpyware Portable
    3. Hitman Pro
     
  3. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    341
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    trouble is that something has disabled the security center!
    either malware or user her-/himself - dig that.
    btw there is no reason to do so - and eset did not.
     
  5. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    you have no problem at all. i also disable security center service manually (it is useless) and malwarebytes detect this as a threat.
     
  6. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Don't be so ignorant bollity. Malware routinely disable the security center and use their own fake alerts. A recent malware infection could be the cause. It might not mean that he is currently infected but it may have caused changes. Running a few scans with some demand scanners are probably warranted.
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, and that does not change a bit about the fact that the "security" center is a useless piece of junk based on completely broken WMI technology (lets break randomly whenever a butterfly does a wrong wing movement over there on the other hemisphere) that actually helps to spread malware.
     
  8. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    The thing is we have never been infected with malware, and it would be easy to notice if there were fake alerts popping up everywhere, which hasn't been occurring. I am just unsure if I accidentally configured the security centre, because I asked a Malwarebytes creator and they said that the Windows Updates were disabled, and I should not be worried. I am still curious as to how they were disabled though.
     
  9. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    This is what Malwarebytes actually detected.

    HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Security Center/UpdatesDisableNotify

    I am unsure if I have configured it so that I have to manually install the updates, because I am sure that we have never had malware on our computer, so I don't know how this was changed.
     
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I have placed those warnings on the MBAM Ignore list a long time ago.
    All three... Updates, FW and AV, because I do manual updates.

    MBAM Ignore.jpg

    But if the OP isn't clear on how it got disabled, by all means, run scans to look for malware.
     
  11. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    I have noticed for a while that the computer hasn't really notified me of automatic updates, even though every time I check, the automatic updates are enabled in the Security Centre. I find that I always have to manually install the updates, but it is strange as automatic updates is enabled when I manually install. Is it possible that some error in configuration has taken place or something similar?
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    My take is that based purely on the fact that MBAM threw up that alert, I wouldn't be concerned... had I known I had disabled updates. But you're basically saying that you don't know for sure if you did, plus they appear to be enabled even though you have to manually update. (Have I got that right?)

    Given those circumstances, if it was me, I would try once more to toggle the updates off and then back on, to see if the setting sticks. The drawback to that is you will have to wait for new updates to arrive to see if it is working, right? And the wait might be detrimental if in fact there is an infection that is causing this issue.

    So I would run a few scans (as already mentioned), and maybe search the internet for people who have had similar issues (like this), but I would definitely try to get to the bottom of why your Security Center says you have auto updating enabled and they don't come through.

    HTH
     
  13. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    that`s only a registry key detected by mbam : PUM- Potentially Unwanted Modification. a registry key was modified and your security center was disabled/closed. nothing to worry about. i never keep security center enabled.
     
  14. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    yeah spybot will detect those kinds of things too. dont worry ur alright.
     
  15. xorrior

    xorrior Registered Member

    Joined:
    Mar 22, 2010
    Posts:
    66
    "stopped" and caught mid-way by a poorly written HIPS are totally different things. Likely a key from the failed malware.
     
  16. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    PUM = Potentially Unwanted Modification

    These are for all cases where it could go either way when it comes to the cause so we notify and let the user make the call to either fix or ignore.

    The classification PUM itself is in the options list and the default action for all PUM can be set to full detect, warn only (intentional check mark required to fix) or disabled.
     
Loading...
Thread Status:
Not open for further replies.