Related blog content
Malwarebytes for Windows detected a Potentially Unwanted Modification
PUM.Optional.CMDShell
Short bio
PUM.Optional.CMDShell is Malwarebytes’ detection name for a potentially unwanted modifications (PUMs) in the registry where the default Windows shell value, explorer.exe, is replaced with cmd.exe. This can be done by malware to hinder users in cleaning up their system.
System modifications
The following registry value data are modified:
Under
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\
CurrentVersion\Winlogon
From:
Shell=explorer.exe
To:
Shell=cmd.exe
Under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Winlogon
From:
Shell=explorer.exe
To:
Shell=cmd.exe
Remediation
Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.
Also, we advise users to do a full system scan as PUM.Optional.CMDShell could have been added to the system by malware or PUP.
Add an exclusion
When a Potentially Unwanted Modification (PUM) is detected on your computer, Malwarebytes for Windows does not know whether it was authorized. Optimization software, malware, and Potentially Unwanted Programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted by design.
To have Malwarebytes for Windows ignore a PUM, you must add the PUM to the Allow list. Here’s how to do it.
- When a PUM appears in the list of Scan results.
- Uncheck the entry or entries related to the PUM.
- Then click on Next.
- You will see a prompt giving you several options.
- Choosing Always ignore will add the PUM to the Allow List.
- You can remove them there when you decide they should no longer be ignored.
- When the PUM is on the Allow list it will no longer show up in your Scan results.
