Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MalwareBytes Help


  • Please log in to reply
3 replies to this topic

#1 Falneth

Falneth

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 PM

Posted 15 January 2014 - 12:33 PM

I have a licensed version of MalwareBytes installed on all three of my computers. Each one is set up the exact same way.Each is scheduled to run a quick scan every 3 days and a full scan once every week as well as update daily. Unfortunately, every time that any scan runs and something is found, it is not removed. The scan runs, pops up the notepad report when finished showing what is found and what actions are taken. When I return to the MalwareBytes window, there is a popup window in the front that says "Scan Finished - All items removed" with an OK button. I click it and the entire window closes out. When I reopen the program and open the log again, it says next to each item found, no action taken.

 

I use the same settings on both Full Scan and Quick Scan in the scheduler:

 

[X] Wake computer from sleep to perform task.

 

[  ] Perform scheduled scan silently from system account.

[  ] Terminate program when scan completes successfully.

[X] Remove and quarantine all threats automatically.

[X] Save log file regardless of user settings.

[X] Restart the computer if required for threat removal.

 

 

What am I missing here to make the program actually remove all threats instead of taking no action against them?

 

Here is one such log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.15.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Samual :: OFFICE [administrator]
 
Protection: Enabled
 
1/14/2014 10:00:04 PM
mbam-log-2014-01-14 (22-00-04).txt
 
Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 451074
Time elapsed: 1 hour(s), 5 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 11
C:\Users\Samual\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Samual\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Samual\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTL08ILL\BiTool[1].dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\Samual\AppData\Local\Temp\AstroburnLite180-0182.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Samual\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\Samual\Downloads\DownloadSetup (1).exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Samual\Downloads\DownloadSetup.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Samual\Downloads\DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Samual\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Windows\System32\ARFC\wrtc.exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Windows\System32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> No action taken.
 
(end)

Edited by Falneth, 15 January 2014 - 12:35 PM.

A.A.S in Computer and Network Support from Crowder College


BC AdBot (Login to Remove)

 


#2 ChasLD

ChasLD

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Youngstown, OH
  • Local time:07:21 PM

Posted 15 January 2014 - 01:01 PM

PUPs (Potentially unwanted programs) have their own setting in Malwarebytes in the settings > Scanner Settings tab which by default is set to "Show in results list and do not check for removal". Perhaps yours is still set to default?


Edited by ChasLD, 15 January 2014 - 01:10 PM.


#3 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 PM

Posted 15 January 2014 - 01:40 PM

You are exactly right. I just looked and that is what it was set at. So I changed it to "Show in results list and check for removal". Let's see how it works now.


A.A.S in Computer and Network Support from Crowder College


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:21 PM

Posted 15 January 2014 - 03:08 PM

A PUP detection means a "Potentially Unwanted Program (PUP)". PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as harmful. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted (bundled) software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

In the past, Malwarebytes Anti-Malware detected only PUPs that were considered mostly harmful and deceiving but they revised their policy, taking a more aggressive approach to include PUPs that most users found annoying or misleading. PUPs may be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition. This is what Malwarebytes has to say: What are the 'PUP' detections, are they threats and should they be deleted?.

If you recognize the PUP detection(s) as belonging to a program you installed and/or want to keep, you can add those items to the exclusion or ignore list (by right-clicking) so they will not show in future scans. If you don't recognize the detection(s), then you can remove them.

About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

The default action for Malwarebytes' PUP detections is "Show in results list and do not check for removal."
- If you want Malwarebytes to remove them, make sure the settings are set to "Show in results list and check for removal."
- If you don't want Malwarebytes to remove them, set the settings back to default.

PUP-boxes.png
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users