Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was I okay?


  • Please log in to reply
2 replies to this topic

#1 Oldersiddhu

Oldersiddhu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 06 December 2017 - 06:12 PM

Hello,

 

I recently saw that Windows Defender gave my computer a clean bill of health, but wanted to run an additional scan using MalwareBytes:

 

I saw this in my scan

 

 
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, No Action By User, [777], [443124],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, No Action By User, [777], [443124],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage, No Action By User, [777], [443124],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.myway.com_0.localstorage-journal, No Action By User, [777], [443124],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, No Action By User, [777], [443123],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, No Action By User, [777], [443123],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage, No Action By User, [777], [443123],1.0.3427
PUP.Optional.MindSpark.Generic, C:\USERS\NAMEREMOVED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_translationbuddy.dl.tb.ask.com_0.localstorage-journal, No Action By User, [777], [443123],1.0.3
 
This is all local storage, and I ended up getting rid of these files, but what I'm wondering is given that I have no other signs of MindSpark being installed on my computer - i.e. no mindspark software and extensions - does this just mean I had at some point visited a website that stored some data using localstorage? 
 
I never download toolbars but I'm sure at some point I've see a download toolbar popup and rejected it. Maybe when I was on the site, this got logged to my local storage?
 
Can someone help me understand what it means for something to be detected in local storage? It seems to me like this is harmless, since there is no sign I further acted on it. If not, why would it have been a problem? My main goal is to make sure the data in my computer has stayed safe.
 
To add some additional context - I have no reason to think my computer has adware/spyware, however I am interested why these showed up in the scan

Edited by Oldersiddhu, 06 December 2017 - 06:31 PM.


BC AdBot (Login to Remove)

 


#2 Oldersiddhu

Oldersiddhu
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 06 December 2017 - 07:30 PM

I also ran a scan using AdwCleaner and got this. It looks like a couple registry entries. I'm not concerned about the amazon extension. Can these registry entries in of themselves be harmful? No files, folders, or dlls were detected:

 

Edit: I installed an old version of lavasoft's ad-aware, and it appeared to create the " HKCU\Software\AppDataLow\Software\adawarebp" key. So I think that would explain that. Would love to get other people's thoughts generally on this topic

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 06 23:51:17 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 12-06-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-367076768-2010601122-3727392110-1001\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\adawarebp
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.AmazonBrowserBar, Plugin found: Amazon Assistant for Chrome - 
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1286 B] - [2017/12/6 23:30:53]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Edited by Oldersiddhu, 06 December 2017 - 08:51 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:45 AM

Posted 07 December 2017 - 04:59 PM

Those are from the Ad-Aware App. you can remove them..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users