New malware floating around

My AntiMalware found and removed a new malware going around called " PUM.Bad.proxy " on all three of my computers today.
http://answers.yahoo.com/question/index ... 554AAmJSSA

It's new and very little known about. I use Malwarebytes Free AntiMalware.

Just letting everyone know about it

Unfortunately, many of the "free" virus scanners seem to "invent" their own problems, in an effort to sell you the PAY version by demonstrating how dangerous they are.

If you google "PUM.Bad.proxy" you will find that MBAM seems to be the ONLY malware scanner that finds this one. Hmmmm... Does that suggest anything?

I bet if you uninstall MBAM and buy some decent software, you'll never see it again.

Link I have used malwarebytes for the past 2 years. With great success. It is the 4th most popular download on cnet.com. I can't believe thats the problem. It's been downloaded and used over 59,000,000 times world wide.

http://download.cnet.com/windows/most-p ... contentAux

I've used Malwarebytes for a while too. Quite reputable. Although there is a payfor version, I have never needed it to clean a computer. It is actually one of the best at removing those fake scanners you are talkiing about

Are you using the free version? The OP is.

Run the Google and see the "coincidence" for yourself. Funny how it's only infecting systems with MBAM installed... You'd think with the number of MBAM'ed computers getting hit, the rest of the world would get a FEW infections.

MBAM Pro may well be a decent product. If you're happy with it, fine. But where there is smoke...

Yes using the free one. But, if you are googling with the PUM prefix, then you are only going to get Malwarebytes hits. PUM is their identifier for Potentially Unwanted Modification. It is not part of the name of a virus or malware or anything like that. It could just be their database has been updated to check for a new vulnerability. In thios particular case, it seems to be indicating that it has noticed a setting or change that it sees as something you would not normally want. Perhaps the proxy server setting in the browser?

If it had located a suspect program, the prefix would be PUP. That again is a Malwarebytes identifier

The 'pay for' version does not remove any more malware than the free version. It just offers real time protcection (rather than having to manually scan), the ability to schedule updates and protection against known bad sites. Same malware checking engine though,

All that said, there are DEFINITELY some bogus scanners out there and there seems to be a rash of them right now. But Malwarebytes is NOT one of them.,

Thanks for the alert, found that on mine too. I have to mention this is the first time my malwarebytes turned up anything.... if they are trying to sell the paid version by pumping in false positives, well they are not doing a good job as this has happened only once in my year of using it. They would do it a a lot more often if they really wanted results.

PUM means Potentially Unwanted Modification. PUM notifications were added to Malwarebytes' around the end of November 2010 to notify users of Potentially Unwanted Modification. Before deleting of asking Malwarebytes' to modify a setting, you should make sure it's actually unwanted. Malwarebytes' gave me the result "PUM.Windows Security Center Disabled". Yes, it was disabled. It was disabled by by my Norton Internet Security, which was not unwanted.

harwich wrote:PUM means Potentially Unwanted Modification. PUM notifications were added to Malwarebytes' around the end of November 2010 to notify users of Potentially Unwanted Modification. Before deleting of asking Malwarebytes' to modify a setting, you should make sure it's actually unwanted. Malwarebytes' gave me the result "PUM.Windows Security Center Disabled". Yes, it was disabled. It was disabled by by my Norton Internet Security, which was not unwanted.

Thanks for the information harwich.

Just to add to Harwich's excellent comments. With the use of any security program (paid for or free), it is always advised to try to do a bit of detective work when something new is flagged for any reason before panic sets in and something gets removed that shouldn't be removed. In the absence of any obvious signs of infection, caution is better than panic.

Any security product (paid for or free) can and will have false positives from time to time. They walk a fine line between being effective and being too aggressive.

McAffee used to have a PUP notice. I assume that it still does. This was for Potentially Unwanted Program. Some programs and/or files were flagged that were wanted by users. SpyBot Search & Destroy will flag any changes from the norm to the Windows security system and it is up to the users to verify if the change was on purpose or not. I have an online friend who had his Vista OS killed by a false positive a few years ago when he allowed his paid for security program to remove something that was called a very bad trojan and it wasn't. He went into panic mode instead of detective mode. He wasn't the only one and the problem definition was fixed within 2 days but many people had to reinstall Vista because of the false positive.

MalwareBytes is an excellent program for removing some of the nasties that are very new and very bad. The free version uses the same definition database that the paid for version uses. The paid for version just has a few more bells and whistles. This is true with most of the paid programs that offer a limited free version, the important parts are the same with just minor added features on the paid for version.

In the absence of symptoms of infection, it is always advised to use caution when a security product flags something. Particularly if the flagging comes immediately after a definition update. Use caution by trying to verify with another security product and/or using the quarantine feature instead of the remove feature.

There are several free security products available that are effective and safe to use. I am not afraid to use them and often I have seen them to be at least as effective (if not better) than a paid for product. Just depends on what the goal is.

There are also many bogus security products out there that have one goal in mind and that is to take your money. They can and do mimic legit infected alert notices. Most often they will mimic a Windows alert and it looks very real. I have helped many, many people all over the world, remove infections and I have seen first hand how real these scams fake things. They will infect a computer then offer a product link to remove the alleged infection, for a fee of course or worse for a chance to get a person's credit card or personal info.

And with that I will get down off my soapbox.....as usual I have rambled more than I intended.

Great information from harwich and Pugsy, especially

Pugsy wrote:...

In the absence of symptoms of infection, it is always advised to use caution when a security product flags something. Particularly if the flagging comes immediately after a definition update. Use caution by trying to verify with another security product and/or using the quarantine feature instead of the remove feature.

...

MBAM is widely used and regarded as a solid defensive tool and it doesn't matter which version (assuming you keep the free version updated manually).

"PUM.Bad.proxy", is not an actual report of malware being detected. It is simply a report of a system setting that may have an adverse effect on your computer. In this specific case, there appears to be a bad proxy setting, probably in your registry. In and of itself, that is not malware. But, it could have been caused by malware. If this is the only thing being reported and you aren't having any trouble accessing network/internet resources and sites, you're fine.

Thanks everyone for those replies. I did remove all of them and everything is still running just fine. So I got lucky there. I'll have to pay closer attention in the future. Malwarebytes for me has been better than the paid for products I have used before. It does not have the automatic updates like the paid for. You have to run an update everytime before you scan (takes about 30 seconds) so thats no big deal.

BernieRay wrote:"PUM.Bad.proxy", is not an actual report of malware being detected. It is simply a report of a system setting that may have an adverse effect on your computer. In this specific case, there appears to be a bad proxy setting, probably in your registry. In and of itself, that is not malware. But, it could have been caused by malware. If this is the only thing being reported and you aren't having any trouble accessing network/internet resources and sites, you're fine.

Makes sense to me. A search on both Norton and Trendmicro websites comes up empty for bad.proxy, pum.bad.proxy, or pup.bad.proxy. If it were a real virus it would be listed on one or both of those web sites. I know Trend often has definition updates out to users within 2 or 3 hours of a malware becoming known somewhere around the world.