PUM.Optional.DisableRecycle

Short Bio

This detection is for potentially unwanted modifications (PUMs) in the registry where the Windows Recycle Bin is bypassed. As a result, files and folder are deleted entirely and cannot be recovered quickly.

System Modifications

The following registry value data are modified:

Under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer

From:
NoRecycleFiles=0

To:
NoRecycleFiles=1

Under
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer

From:
NoRecycleFiles=0

To:
NoRecycleFiles=1

Remediation

Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.

Also, we advise users to do a full system scan as PUM.Optional.DisableRecycle could have been added to the system by malware or PUP.