Ora

What is a PUM (Potentially Unwanted Modification) Detection, Often Referred to as a 'PUM Virus'?

Published in Potentially Unwanted Modification 5 mins read

A PUM, which stands for Potentially Unwanted Modification, is a classification used by security software like Malwarebytes' Anti-Malware to identify changes to your computer's settings that, while not always malicious, are generally undesirable or made without your explicit consent. Contrary to the common phrasing, a PUM is not a virus in the traditional sense, nor is it a specific, unique piece of malware. Instead, it describes an alteration to your system, often impacting how your browser or operating system functions, that could compromise your privacy, security, or user experience.

Understanding Potentially Unwanted Modifications

When your antivirus program flags a "PUM" (e.g., PUM.bad.proxy), it's indicating that a specific system setting, often in the Windows Registry or browser configuration, has been altered in a way that is typically associated with adware, spyware, or other intrusive software. These modifications are deemed "unwanted" because they can lead to unexpected behavior, redirects, performance issues, or even security vulnerabilities.

Key Characteristics of PUM Detections

  • Not a Virus: Unlike viruses, PUMs do not self-replicate or directly infect other files. They are modifications to existing system settings.
  • Assigned by Security Software: The "PUM" designation is a classification assigned by specific anti-malware programs (like Malwarebytes) to categorize a type of threat.
  • System Alterations: PUMs involve changes to critical system areas, such as the Windows Registry, browser settings, or network configurations.
  • Potentially Harmful: While some modifications might seem innocuous, they can often lead to further unwanted software installations, data tracking, or redirection to malicious websites.

Common Examples of PUM Detections

PUM detections cover a broad range of system alterations. Here are some common types:

  • PUM.bad.proxy: This specific detection, mentioned in our context, refers to an alteration of your system's proxy settings. A "bad proxy" can reroute your internet traffic through a third-party server, potentially allowing attackers to intercept your data, monitor your browsing habits, or inject unwanted advertisements into your web pages.
  • PUM.Hijack.StartMenu: Modifies your Windows Start Menu, often adding unwanted entries or changing default program associations.
  • PUM.Hijack.HomePage: Changes your web browser's homepage to an unwanted website, making it difficult to revert.
  • PUM.Hijack.SearchSettings: Alters your browser's default search engine to an unsolicited provider, often displaying more ads or less relevant results.
  • PUM.Disabled.Security: Disables or weakens important Windows security features, such as the Firewall or User Account Control (UAC), making your system more vulnerable.
  • PUM.DNS: Alters your Domain Name System (DNS) settings, potentially redirecting you to phishing sites or preventing access to legitimate ones.

How PUMs Infiltrate Your System

PUMs are often introduced through various deceptive or non-transparent means:

  • Bundled Software: They can be stealthily included with legitimate software downloads, especially freeware or shareware, where users often click "Next" without reviewing custom installation options.
  • Adware Installers: Many adware programs will make these system modifications as part of their installation process to ensure persistence and control over your browsing.
  • Deceptive Websites: Clicking on misleading advertisements or pop-ups can sometimes trigger downloads or scripts that make these changes.
  • Malicious Websites: Visiting compromised or malicious websites might exploit browser vulnerabilities to alter settings.

The Impact of a PUM

While not as destructive as a ransomware attack, PUMs can significantly degrade your computing experience and pose security risks.

Aspect Impact of a PUM
Privacy Can allow tracking of online activities, collection of personal data, or redirection to data-harvesting sites.
Security May disable security features, reroute traffic through malicious servers, or expose your system to further threats.
Performance Can slow down your internet connection or overall system by routing traffic unnecessarily or running background processes.
User Experience Leads to unwanted ads, browser redirects, altered homepages, and a general loss of control over your system.

Detecting and Removing PUMs

Security software like Malwarebytes Anti-Malware is specifically designed to detect and remove these types of unwanted modifications.

Steps to Address a PUM Detection:

  1. Run a Full System Scan: Use a reputable anti-malware program to perform a comprehensive scan of your computer.
  2. Quarantine/Remove Detected Items: Follow the software's instructions to remove or quarantine the detected PUMs. This typically involves reverting the altered system settings to their default or safe configurations.
  3. Check Browser Settings: After removal, manually verify your browser's homepage, default search engine, and proxy settings. Restore them to your preferred settings if they are still altered.
    • For Chrome: Go to Settings > Search engine, Settings > On startup, and Settings > System > Open your computer's proxy settings.
    • For Firefox: Go to Options > Home, Options > Search, and Options > General > Network Settings.
  4. Review Installed Programs: Look for any recently installed or unfamiliar programs in your Control Panel (Windows) or Applications folder (macOS) and uninstall them.
  5. Update Software: Ensure your operating system, web browser, and all security software are up-to-date to patch any known vulnerabilities.

Prevention Strategies

Proactive measures can help protect your system from PUMs:

  • Download from Official Sources: Always download software directly from the developer's official website or trusted app stores.
  • Pay Attention During Installation: Opt for "Custom" or "Advanced" installation options instead of "Express" or "Recommended" to deselect bundled unwanted software.
  • Use Ad Blockers: Install reputable browser extensions to block intrusive ads and pop-ups that might lead to PUM installations.
  • Maintain Security Software: Keep your anti-malware and antivirus programs updated and run regular scans.
  • Exercise Caution: Be wary of unsolicited emails, suspicious links, and unexpected pop-up warnings.
  • Regular Backups: Back up your important data regularly, so you can restore your system if an unwanted modification causes irreversible issues.

By understanding that a "PUM virus" is actually a Potentially Unwanted Modification and taking appropriate preventative and remediation steps, you can maintain a cleaner, more secure, and more reliable computing environment.

← Previous Article
Is it Safe to Repair a Laptop?
Next Article →
Can hydrocephalus come back after surgery?