PUM.Optional.CMDShell is Malwarebytes' detection name for a potentially unwanted modifications (PUMs)in the registry where the default Windows shell value, explorer.exe, is replaced with cmd.exe. This can be done by malwareto hinder users in cleaning up their system.
The following registry value data are modified:UnderHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
From:Shell=explorer.exe
To:Shell=cmd.exe
UnderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
From:Shell=explorer.exe
To:Shell=cmd.exe
Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.Also, we advise users to do a full system scan as PUM.Optional.CMDShell could have been added to the system by malware or PUP.
When a Potentially Unwanted Modification (PUM)is detected on your computer, Malwarebytes for Windowsdoes not know whether it was authorized. Optimization software, malware, and Potentially Unwanted Programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted by design.To have Malwarebytes for Windowsignore a PUM, you must add the PUM to the Allow list. Here’s how to do it.
Select your language