Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: DR M on August 12, 2015, 03:01:23 PM

Title: Suddenly, two PUPs from MBAM
Post by: DR M on August 12, 2015, 03:01:23 PM
Hello!

I left my computer running for a couple of hours, without being with it. When I returned, I saw that a MBAM scan had being completed, with two threats found in the registry. I didn't install anything and I found this very strange. What are these PUPs?? Should I check anything else?
Title: Re: Suddenly, two PUPs from MBAM
Post by: plodr on August 12, 2015, 03:27:09 PM
Here's some information about it
http://www.wintips.org/remove-pup-optional-outbrowse-adware/

Did you download anything from CNet or Softonic yesterday or since the last MBAM scan? Could be it was bundled with something you downloaded.
Title: Re: Suddenly, two PUPs from MBAM
Post by: DR M on August 12, 2015, 03:30:52 PM
Quote from: plodr on August 12, 2015, 03:27:09 PM
Here's some information about it
http://www.wintips.org/remove-pup-optional-outbrowse-adware/

Did you download anything from CNet or Softonic yesterday or since the last MBAM scan? Could be it was bundled with something you downloaded.

I didn't downloaded anything !!! I don't even remember when it was the last time MBAM found a threat in my computer!

But I knew it: My computer lost its mind last months...  :huh:
Title: Re: Suddenly, two PUPs from MBAM
Post by: winchester73 on August 12, 2015, 03:52:15 PM
I haven't looked at what the last few database updates have included, but these may be new detections added since your last scan.
Title: Re: Suddenly, two PUPs from MBAM
Post by: Corrine on August 12, 2015, 05:12:01 PM
Also consider that Malwarebytes acquired the Junkware Removal Tool plus the owner/developer, thisisu/Filipos Mouliatis joined the Malwarebytes Staff.  I've seen many logs where JRT has picked up leftover registry entries that both AdwCleaner and Malwarebytes missed.  Thus, the addition of his expertise has likely enhanced MBAM.  (Note:  JRT is continuing as a stand-alone tool.)
Title: Re: Suddenly, two PUPs from MBAM
Post by: DR M on August 12, 2015, 05:18:36 PM
Quote from: Corrine on August 12, 2015, 05:12:01 PM
Also consider that Malwarebytes acquired the Junkware Removal Tool plus the owner/developer, thisisu/Filipos Mouliatis joined the Malwarebytes Staff.  I've seen many logs where JRT has picked up leftover registry entries that both AdwCleaner and Malwarebytes missed.  Thus, the addition of his expertise has likely enhanced MBAM.  (Note:  JRT is continuing as a stand-alone tool.)

So, no action has to be taken. Thank you.

(Filipos Mouliatis is Greek? The name is greek. Also the minotaur on the JRT icon, and the name tisisu-Theseus... )
Title: Re: Suddenly, two PUPs from MBAM
Post by: Corrine on August 12, 2015, 05:37:05 PM
All I know is what has been published, which is that thisisu lives in Houston, Texas.
Title: Re: Suddenly, two PUPs from MBAM
Post by: DR M on August 12, 2015, 09:55:49 PM
I made a check with Adware Cleaner and JRT, and post the results, just to be sure:

# AdwCleaner v4.208 - Logfile created 13/08/2015 at 00:38:19
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : DR WHO - DR-WHO
# Running from : C:\Users\DR WHO\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files (x86)\Pale Moon\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17937


-\\ Pale Moon v25.6.0 (en-US)


*************************

AdwCleaner[R0].txt - [822 bytes] - [13/08/2015 00:36:51]
AdwCleaner[S0].txt - [750 bytes] - [13/08/2015 00:38:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [808  bytes] ##########



Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Home Premium x64
Ran by DR WHO on œ£ 13/08/2015 at  0:41:27,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\KsafeDelay



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google



~~~ Chrome


[C:\Users\DR WHO\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\DR WHO\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\DR WHO\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\DR WHO\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on œ£ 13/08/2015 at  0:50:50,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please note that I don't have Chrome installed.
Title: Re: Suddenly, two PUPs from MBAM
Post by: Corrine on August 12, 2015, 10:19:20 PM
KsafeDelay is safe, just a leftover from Kingsoft PC Doctor.
Title: Re: Suddenly, two PUPs from MBAM
Post by: DR M on August 13, 2015, 06:59:23 PM
Thank you, Corrine, Winchester73 and plodr.
Text only | Text with Images