Goodmorning everyone.
I run system scans regularly and no problems have ever been found.
Yesterday I decided to remove the Freemake Video Converter application from my PC which was installed back in 2017 and almost never used.
From the control panel then I clicked uninstall it, but Windows Defender detected PUABundler: Win32 / CandyOpen in the SetupUpdate.exe file, which I promptly removed. This is weird, as I tried to uninstall many times without success but also without warnings. Did they launch an automatic update yesterday?
I also ran a full scan with Malwarebytes and Adwcleaner which removed the following entries. Here are the results (scan and clean).
I’m almost sure some are related to Samsung pre-installed app, whereas Freemake should be:
Quote
PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
Everything seems to be fine and the app itself (Freemake Converter) is now gone.
Did a few scans with no issues, both with Malwarebytes and Windows Defender. My question is: Is it possible that the uninstall operation alerted Windows Defender, even if the CandyOpen adware was not actually installed on my system, but was simply contained within SetupUpdate.exe? I didn't notice any strange behavior/slowdown or ads in my browser (I do not use Edge/Internet Explorer).
Thank you for your time and effort.
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-12-2021
# Duration: 00:00:11
# OS: Windows 10 Pro
# Scanned: 32011
# Detected: 15
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\Users\Computer\AppData\Roaming\Tencent
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.SamsungSmartSwitch File C:\Users\Computer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch Folder C:\Program Files\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder C:\Users\Computer\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-...}
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-...}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-12-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 9
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Computer\AppData\Roaming\Tencent
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2978 octets] - [12/12/2021 22:20:39]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########