Jump to content

maxime3

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by maxime3

    PUABundler:Win32/CandyOpen removed, but I have a few questions

    in Malwarebytes AdwCleaner

    Posted

    Goodmorning everyone.
    I run system scans regularly and no problems have ever been found.
    Yesterday I decided to remove the Freemake Video Converter application from my PC which was installed back in 2017 and almost never used.
    From the control panel then I clicked uninstall it, but Windows Defender detected PUABundler: Win32 / CandyOpen in the SetupUpdate.exe file, which I promptly removed. This is weird, as I tried to uninstall many times without success but also without warnings. Did they launch an automatic update yesterday?
    I also ran a full scan with Malwarebytes and Adwcleaner which removed the following entries. Here are the results (scan and clean).

    I’m almost sure some are related to Samsung pre-installed app, whereas Freemake should be:



     

    Quote

    PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
    PUP.Optional.FreeMakeConverter  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
     

    

Everything seems to be fine and the app itself (Freemake Converter) is now gone.
    Did a few scans with no issues, both with Malwarebytes and Windows Defender.

    My question is:
    Is it possible that the uninstall operation alerted Windows Defender, even if the CandyOpen adware was not actually installed on my system, but was simply contained within SetupUpdate.exe? I didn't notice any strange behavior/slowdown or ads in my browser (I do not use Edge/Internet Explorer).



    Thank you for your time and effort. 

    # -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-12-2021
# Duration: 00:00:11
# OS:       Windows 10 Pro
# Scanned:  32011
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\Computer\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\Main|Start Page

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.SamsungSmartSwitch   File   C:\Users\Computer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk 
Preinstalled.SamsungSmartSwitch   Folder   C:\Program Files\SAMSUNG\SMART SWITCH PC 
Preinstalled.SamsungSmartSwitch   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC 
Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Computer\AppData\Roaming\SAMSUNG\SMART SWITCH PC 
Preinstalled.SamsungSmartSwitch   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-...} 
Preinstalled.SamsungSmartSwitch   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-...} 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
    # -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-12-2021
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  9
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Computer\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted       HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2978 octets] - [12/12/2021 22:20:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.