Results 1 to 12 of 12
  1. #1
    2 Star Lounger
    Join Date
    Mar 2005
    Posts
    110
    Thanks
    124
    Thanked 2 Times in 2 Posts

    HKCU/PUM infection

    Malwarebytes scan showed the above infection;their scan could not erase it even after the notice to reboot after removal.In their forum,I saw similar problem with a very complicated(to me anyway!)series of steps,which was never confirmed as the final solution to the problem.Can anyone help with this?I am using Win 7 Home edition,32 bit,and the "infection "is:HKCU/Software/Mictosoft/WindowsNT/Current Version/windows/Load(PUM.User W.Load).
    Would appreciate an opinion.(I am a forever beginner-old guy too).

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Did you try the removal while in safe mode?
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    Try the malwarebytes removal in Safe Mode as Medico suggests. It's quite possible that will clear the infection.

    I'm not familiar with the Windows 7 registry, but in my XP registry, the Windows folder at that location, the first letter is capitalized while the one in your string is in lower case. Are you comfortable with editing your registry ?? If so, try navigating down to that key and check to see if there are 2 Windows folders, one Windows and the other windows. If you do, run Malwarebytes again and then, immediately after rebooting, don't let the machine access the internet after it reboots and run Malwarebytes again to see if the file has recreated itself from a file on your machine. If it finds it, you may need to go to one of the malware removal help forums, like Bleeping Computer and let them really confuse you.

    This thread in the Malwarebytes forums will give you an idea of what you may be in for with this little nasty. Sorry I can't be more encouraging.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  4. #4
    2 Star Lounger
    Join Date
    Mar 2005
    Posts
    110
    Thanks
    124
    Thanked 2 Times in 2 Posts
    Thanks very much for taking the trouble to answer my problem.I did try to run and after reboot Malwarebytes,but the same infection has appeared.Interestingly,it doesn't seem to effect the use of my computer(though I know that this can be deceiving).I guess I shall try and call the technician I usually do,when having problems,before really messing up.I understand this effect the use of IE,and I always use Firefox(admittedly,an old version(4.0,because I don't want to get rid of Google Toolbar,that I use all the time,and the new FF doesn't allow it.Thanks again,it is nice to know that there are always people who care and are willing to help!

  5. #5
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    If it keeps coming back, it's hiding somewhere. If the system is otherwise stable, shut off System Restore to kill off the old restore points. You can turn it on later. Also run CCleaner to clean out temp files etc.

    Perhaps an offline scanner will help.

    The procedure Doc linked to at Bleeping looks worse than it is...the guy getting help isn't following instrux well. All he's doing is checking, cleaning, and scanning, plus Combofix. Bleeping is a great place, and I agree with their recommendation to NOT run Combofix unless told to. I've broken a couple computers with that tool, so their warnings are appropriate. I wish I knew more about how that tool worked but they keep the details quiet.

    -John

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    As John-O said, if it is recurring, it has hidden a .dll or other infected file or registry key on your system that may be tough (but not impossible) to ferret out. It sounds like you are not comfortable working with something like this and should probably seek the assistance of a local tech to clean your system. If you feel you can do it, without transferring the infection, I would suggest you make a backup copy of all your important data like pictures, documents, address book, Favorites menu, etc. (anything you have created and do not wish to lose) before taking it to the tech. Better safe than sorry when dealing with personal data that cannot be easily recreated, if at all. Second best option is to ask the tech to backup your data to an external source before they begin work.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    John-O, you mention Combofix in your post, but your warning about the tool could be a little stronger. This tool should NOT be used by most users without supervision by someone who understands the logs and the power of the tool. Even where you get the tool is important since the hackers already have posted infected versions on the net. Using it incorrectly or using an infected version can turn a computer into a doorstop in a heartbeat.

    Read this IT guys post on Combofix.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  8. #8
    2 Star Lounger
    Join Date
    Mar 2005
    Posts
    110
    Thanks
    124
    Thanked 2 Times in 2 Posts
    Thank you guys!I am going to seek professional help.This is a registry problem and I am very far from being able to deal with (to me)such complicated issue.Especially,since there seems to be no visible ill effect,I am reluctant even to start.
    Many thanks again-a computer is a learning experience forever!Very grateful for your interest and valuable help!

  9. #9
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Midwest USA
    Posts
    120
    Thanks
    2
    Thanked 2 Times in 2 Posts
    That's a wise move if you're uncomfortable with all this technobabble nonsense. :-)

  10. #10
    2 Star Lounger
    Join Date
    Mar 2005
    Posts
    110
    Thanks
    124
    Thanked 2 Times in 2 Posts
    Hi,Again I can only thank you all for your very valuable help.After reading Doc Watson's lines and the fantastic amount of work it described between Malwarebytes' tech.advice and the sufferer of this PUM Hijack,and after all those steps(that I would not be able to follow as he did!)IT ENDED WITH NO RESULT,I am reluctant even to get technical help for this,especially in the light of the fact,that I experience(so far!)no ill effect from this malware(or whatever it is),for fear that I may end up much worse off,than before the technician starts.This conclusion is reached by me arguing,that if the Malwarebyte expert can't do it,maybe my technical helper may not be able to do it either,and I would hate to lose my desktop,favorites,and so much more that I have on this netbook,that I use only when travelling.If in the meantime a solution may come up,I will keep on the subject,and a few month from now,I shall try again by first asking Malwarebytes,and/or this knowledgeable Forum for an available solution.I did run ESET Virus scan,Trend Micro scan,and downloaded and kept on my desktop Threatfire(active),and do regular Superantispyware-none of these showing any infection,only M.bytes show always the same(reboot or not after their scan).One more mystery(to me)in the world of computing.Thanks again to you all and all good wishes!!!!

  11. #11
    New Lounger
    Join Date
    Sep 2011
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Lightbulb Hkcu-pum

    Not in a position to verify now; I think this results from editing group policy to prevent home-page hijacking. I have a list of gp edits to help secure the machine.
    I remember telling MBAM to ignore it, once I figured it out with googlesearch's help <grin>.
    Hth.
    Brgds,
    radiosigs

  12. #12
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    Macko: Here's one thing you can try before paying someone to fix your computer: a pre-Windows virus scan. In other words, you install the scanner program on a CD, and you then boot your computer from the CD. It will scan everything before Windows loads, which will have a better chance of catching stuff that is buried deep in Windows.

    You can try Windows Defender Offline, a free program. From another computer, go to the following web site:

    http://windows.microsoft.com/en-US/w...fender-offline

    The site includes complete instructions.

    When you boot with the CD, be patient; it takes a while before it finally starts scanning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •