Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this a false positive?


  • Please log in to reply
10 replies to this topic

#1 Tierra93

Tierra93

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:55 PM

Posted 11 May 2016 - 08:22 AM

I'm pretty sure my computer is clean (but one never knows); however, Malwarebytes found a PUP today.  Centureylink is my internet provider (PUP has centurylink in it).  I'm running windows 10 64-bit on a desktop.

 

So is this a false positive or do I need to post to the removal area?

 

I tried to copy and paste but it's not showing up on the post, is there a way to attach the picture of the log from Malwarebytes?

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 PM

Posted 11 May 2016 - 08:26 AM

Hi Tierra93 :)

Are you able to upload the file Malwarebytes detected on VirusTotal.com, and copy/paste the report URL here? It'll be easier that way :)

What was the detection name? PUP.CenturyLink?

Edited by Aura, 11 May 2016 - 08:26 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 kaljukass

kaljukass

  • Banned
  • 291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 11 May 2016 - 09:27 AM

PUP is potentially unwanted software. It doesn't mean nothing. For example Auslogics software is also fully PUP, but people likes it.


Edited by kaljukass, 11 May 2016 - 09:28 AM.


#4 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:55 PM

Posted 11 May 2016 - 12:38 PM

I don't know how to load the file onto virusTotal.com.

 

the file is: PUP,Optional.CenturyLink.ShrtCln

 

I've had PUPs on Malwarebytes before and was told that that particular one was a false positive, that's why I'm asking before doing more.

 

Thank you.


Edited by Tierra93, 11 May 2016 - 12:43 PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 PM

Posted 11 May 2016 - 12:57 PM

Follow the instructions below then please.

5KB3EXa.pngUpload a file on VirusTotal
  • Open your favorite web browser, and go on virustotal.com;
  • From there, click on the Select a file button and wait for the Windows Explorer to open;
  • Browse to the file below, select it and click on Open;
  • Once done, click on the Analyze button;
  • If you get a message that the file was already analyzed, click on the Re-analyze button;
  • At the end of the analysis, copy and paste the VirusTotal report URL in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:55 PM

Posted 11 May 2016 - 03:39 PM

I tried the above but couldn't find the file to get it to analyze, that's why I said I didn't know how to make it work.

 

Thank you.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 PM

Posted 11 May 2016 - 04:33 PM

Can you write down the file location and name here?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:55 PM

Posted 11 May 2016 - 04:43 PM

the file name was PUP.Optional.CenturyLink.ShrtCln  it's in Firefox sessions



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 PM

Posted 11 May 2016 - 04:45 PM

This is the detection name for that file, not the file name. You can grab it from the Malwarebytes logs. Go in the History tab, and click on Application Logs in the left pane, then open the latest scan log and copy/paste the full log here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Tierra93

Tierra93
  • Topic Starter

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:55 PM

Posted 11 May 2016 - 04:51 PM

It won't let me copy


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/11/2016
Scan Time: 5:43 AM
Logfile:
Administrator: No

Version: 2.2.1.1043
Malware Database: v2016.05.11.03
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: 4

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 247477
Time Elapsed: 4 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.CenturyLink.ShrtCln, C:\Users\4\AppData\Roaming\Mozilla\Firefox\Profiles\enmbkpo5.default\sessionstore.js, Good: (), Bad: (centurylink.net), Replaced,[b0ef0dc72376b0868032362f659fc23e]

Physical Sectors: 0
(No malicious items detected)


(end)



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:55 PM

Posted 11 May 2016 - 08:19 PM

It looks inoffensive to me. Looks like Malwarebytes didn't like the centurylink.net link in your sessionstore.js file which is used to restore browsing sessions under Firefox.

Edited by Aura, 11 May 2016 - 08:20 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users