Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes detecting my adwcleaner quarantine?


  • Please log in to reply
7 replies to this topic

#1 Eunuch

Eunuch

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 07 July 2014 - 05:41 PM

I ran a scan with mbam today and it detected an item at c:\adwcleaner\quarantine\c\program files (x86)\Vuze\.install4j\user\mism.exe.vir

It looks like mbam is just finding a quarantined PUP, but I wanted to make sure before I did anything with it. Ideas/hints/links to a clearly marked source of information regarding this exact thing that I missed?

BC AdBot (Login to Remove)

 


m

#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:10 PM

Posted 07 July 2014 - 06:25 PM

That is normal... in fact a good sign that MBAM is actually finding the unwanted .exe also.

 

You can go ahead and delete the file. In fact if you get MBAM to quarantine the file, the next malware scanner you use may also detect the MBAM quarantine and present you with options for the same file again.


Edited by TsVk!, 07 July 2014 - 06:25 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 AM

Posted 07 July 2014 - 08:18 PM

Adding to TsVk!'s comments...

When an anti-virus or security program quarantines a file (item) and moves it into a virus vault (virus chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename (usually by adding a .vir extension), encrypt and password protect the file as part of the process.

Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. One reason for doing this is to prevent the permanent deletion of a legitimate file that may have been incorrectly flagged (a "false positive") and placed in quarantine. This can occur if the scanner uses heuristic analysis technology which is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If the file is confirmed as legitimate, it can be safely restored from quarantine and added to the exclusion or ignore list.

When the quarantined file is known to be malicious, you can permanently delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them as a threat while in the quarantined area so don't be alarmed if you see such an alert. Just delete the quarantined items after confirming they are malware and subsequent scans should no longer detect them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Eunuch

Eunuch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 07 July 2014 - 08:42 PM

Thanks for the confirmation.  Unfortunately, the scan just finished, and shows a host of other issues, so I'll be digging more into those and possibly posting in the removal forum if I can't get it under control.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 AM

Posted 07 July 2014 - 09:41 PM

Not a problem. Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:10 PM

Posted 08 July 2014 - 12:10 AM

Do you still have the AdwCleaner program on your desktop ?

If you do, please Open the program, and hit the Uninstall button.

 

This will remove not only the quarantined items, but also the program fully.

 

If you wish to use AdwCleaner on a regular basis, I have found it better to only run it once or twice, then remove it.

You know that you are keeping up to date with the program, and cleaning out the quarantine area.



#7 Eunuch

Eunuch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 08 July 2014 - 08:48 PM

Done, thanks for heads up.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 AM

Posted 08 July 2014 - 08:52 PM

AdwCleaner is frequently updated so you should always download the latest version before using it again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users