[Scared of false-positives !!! 😰😰😰]

Thank you SOOOOOOOOOOOOO MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I was so scared of making a mistake !!!!!!!!!!! Thank you from ALL MY HEART !!!!!!!!!!!!!!! And I wish you and I wish to the whole MBAM's team a  VERY HAPPY YEAR 2024 !!!!!!!!!!!!!!!!!!!!!!!!!!! 🥰🥰🥰🥰🥰🥰🥰🥰🥰🥰🥰🥰🥰🥰🥰🤩🤩🤩🤩🤩🤩🤩🤩🤩🤩🤩🤩🤩🤩🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🥳🤗🤗🤗🤗🤗🤗🤗🤗🤗🤗✨✨✨✨✨✨✨✨✨✨✨✨🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈🌈☀️☀️☀️☀️☀️☀️☀️☀️☀️☀️☀️☀️🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉❤️🧡💛💚💙💜💖💓💗💜💙💚💛🧡❤️❤️🧡💛💚💙💜💗💖🤗🥰🤗🥰😘😘😘😘😘😘😘😘🤗🥰🤗🥰💛💛💛💛💛💛💛💛💛💛🤗🥰🤗🥰🤗😘😘😘😘😘😘😘😘😘😘😘😘😘🥰🤗🥰💙💙💙💙💙💜💜💜💜💖💖💖💖🤗🥰🤗🥰😘😘😘😘😘😘😘🤗🥰🤗🥰💖💛💖💙💛💛💖💛💖💙💛💛🤗🥰🤗😘😘😘😘😘😘😘😘🥰🤗🥰🤗🥰💛💙💙💙💙💙💜💜🤗🥰🤗🥰😘😘😘😘😘😘😘🤗🥰🤗🥰💜💜💜💖💖💖💖💖💖💚💖💛🤗🥰😘😘😘😘😘😘😘🤗🥰🤗🥰💖

[Scared of false-positives !!! 😰😰😰]

Thank you very much Portos, even the one that is not linked to Google Chrome but mentioned as a registry value ? It is a false positive as well ? I can let it stay in my PC ?

[Scared of false-positives !!! 😰😰😰]

5 minutes ago, Porthos said:

They are PUP's Potentially Unwanted Programs. They are not malware and you are welcome to exclude them if you wish if they are still being detected if you are not having issues in the browser with them there.

If you wish to exclude them,

To exclude these items you need to perform a scan then at the end when it shows the list of detections, uncheck any item that you do not want to be removed and click Next.  When prompted on what to do with the remaining unchecked items, select Ignore Always and they will be added to your exclusions and will no longer be detected by future scans.

 

Please let us know if you have any trouble or if there are any other issues we might assist you with.

 

Yes but as I said I don't know what it is ! It is a succession of letters and numbers, that tells me nothing about the name of the extension IF this is an extention (that could be something else... I don't know... But you do as if there are false positive, people should have tell you which ones were false positives...

All I know from those results is that every single one seems to be related to Google Chrome... Except one that seems to be a registry value 

Look at the results, please I don't want to take any risk of mistake

[Scared of false-positives !!! 😰😰😰]

27 minutes ago, Porthos said:

@EdinaElodie Please follow the instructions in the following topic. That should correct your issue.

 

No, maybe you were too busy and didn't read attentively my message but actually my problem is not to find again my extentions, but to lose them and to need to download them again, it is not to keep my history, and everything, it is to lose them, my problem is quite the opposite of what you think it was

As I said : I did everything MBAM told me once and I lost them all, I had to rebuild everything... I don't want that to happen again and if I joined in this topic the list of PUP MBAM gave me, it is because I hoped you could check if those are real threats or false-positives

If they are real threats, I need to remove them, of course ! But if they are false-positives, the best thing to do is doing nothing

[Scared of false-positives !!! 😰😰😰]

Hi everyone !!!! 😃

Since a few days Malwarebytes Anti-Malware alerts me about 11 PUP from Chrome and don't know what to do because I don't know if they are real threats or false-positives, I am scared to lose something... The last time it alerted me, I did everything Malwarebytes told me, restarted my computer (which is a very difficult thing to do today as I am using Stable Diffusion and I can't launch it, there is not a shortcut to do so, and each time I close my cmd window, I lost my access to my Stable Diffusion)

And after restarting my computer, my chrome browser was totally empty, not a single add-on remained, they all have been removed, I lost my History as well and my connection to my Google account, I had to re-log to my Google account and re-add my add-ons !

Here are the list of the PUP WBAM has detected two days ago (see the attachment)

Please, help me, I don't want malwares in my PC, but I don't want false-positives either ! 😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰😰

Thank you very much in advance for your help 😰😰😰😰😰😰😰😰

Elodie

MBAM detections.txt

[Spy Hunter 5]

2 hours ago, AdvancedSetup said:

D'accord, à vous de décider. Google est bien connu pour stocker les déchets.

S'il n'y a rien d'autre, je vais continuer et vous faire un discours de nettoyage sur les outils utilisés.

 

 

Allons-y et effectuons un travail de nettoyage et supprimons les outils et les journaux que nous avons exécutés.

Veuillez télécharger KpRm par kernel-panik et enregistrez-le sur votre bureau.

• cliquez avec le bouton droit sur kprm_(version).exe et sélectionnez Exécuter en tant qu'administrateur .
• Lisez et acceptez la clause de non-responsabilité.
• Lorsque l'outil s'ouvre, assurez-vous que toutes les cases sous Actions sont cochées.
• Sous Supprimer les quarantaines, sélectionnez Supprimer maintenant , puis cliquez sur Exécuter .
• Une fois terminé, cliquez sur OK.
• Un journal s'ouvrira dans le Bloc-notes intitulé kprm-(date).txt .
• Veuillez joindre ce fichier à votre prochaine réponse. (Pas obligatoire)

 

1. Recommandez d'utiliser un gestionnaire de mots de passe pour tous les sites Web, etc. qui nécessitent un mot de passe. N'utilisez jamais le même mot de passe sur plusieurs sites.
   https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
2. Assurez-vous de sauvegarder vos fichiers https://forums.malwarebytes.com/topic/136226-backup-software/
3. Gardez tous les logiciels à jour - PatchMyPC - https://patchmypc.com/home-updater#download
4. Gardez votre système d'exploitation à jour et à jour à tout moment - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
5. Autres conseils pour vous aider à protéger les données de votre ordinateur et à améliorer votre confidentialité :  https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
6. Veuillez envisager d'installer les bloqueurs de contenu suivants pour vos navigateurs Web si vous ne l'avez pas déjà fait. Cela contribuera à améliorer la sécurité globale

Protection du navigateur Malwarebytes

•   Google Chrome : https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge : https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox : https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Origine du bloc uBlock

• Google Chrome : https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm 
• Microsoft Edge : https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak 
• Mozilla Firefox : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

 

Lectures complémentaires si vous souhaitez suivre l'actualité des menaces liées aux logiciels malveillants : Blog Malwarebytes   https://blog.malwarebytes.com/

J'espère que nous avons pu vous aider à corriger les problèmes de votre système.

Merci d'utiliser Malwarebytes

 

You ask me to suppress every restoration points and the tools ?

[Spy Hunter 5]

1 hour ago, AdvancedSetup said:

D'accord, à vous de décider. Google est bien connu pour stocker les déchets.

S'il n'y a rien d'autre, je vais continuer et vous faire un discours de nettoyage sur les outils utilisés.

 

 

Allons-y et effectuons un travail de nettoyage et supprimons les outils et les journaux que nous avons exécutés.

Veuillez télécharger KpRm par kernel-panik et enregistrez-le sur votre bureau.

• cliquez avec le bouton droit sur kprm_(version).exe et sélectionnez Exécuter en tant qu'administrateur .
• Lisez et acceptez la clause de non-responsabilité.
• Lorsque l'outil s'ouvre, assurez-vous que toutes les cases sous Actions sont cochées.
• Sous Supprimer les quarantaines, sélectionnez Supprimer maintenant , puis cliquez sur Exécuter .
• Une fois terminé, cliquez sur OK.
• Un journal s'ouvrira dans le Bloc-notes intitulé kprm-(date).txt .
• Veuillez joindre ce fichier à votre prochaine réponse. (Pas obligatoire)

 

1. Recommandez d'utiliser un gestionnaire de mots de passe pour tous les sites Web, etc. qui nécessitent un mot de passe. N'utilisez jamais le même mot de passe sur plusieurs sites.
   https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
2. Assurez-vous de sauvegarder vos fichiers https://forums.malwarebytes.com/topic/136226-backup-software/
3. Gardez tous les logiciels à jour - PatchMyPC - https://patchmypc.com/home-updater#download
4. Gardez votre système d'exploitation à jour et à jour à tout moment - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
5. Autres conseils pour vous aider à protéger les données de votre ordinateur et à améliorer votre confidentialité :  https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
6. Veuillez envisager d'installer les bloqueurs de contenu suivants pour vos navigateurs Web si vous ne l'avez pas déjà fait. Cela contribuera à améliorer la sécurité globale

Protection du navigateur Malwarebytes

•   Google Chrome : https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
•   Microsoft Edge : https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
•   Mozilla Firefox : https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Origine du bloc uBlock

• Google Chrome : https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm 
• Microsoft Edge : https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak 
• Mozilla Firefox : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

 

Lectures complémentaires si vous souhaitez suivre l'actualité des menaces liées aux logiciels malveillants : Blog Malwarebytes   https://blog.malwarebytes.com/

J'espère que nous avons pu vous aider à corriger les problèmes de votre système.

Merci d'utiliser Malwarebytes

 

Hi

Actually, I work with several open tabs and I cannot reset Google Chrome, because I'd lose all of them, and I cannot save them all, I live in France, and there is a jet lag, it was too late for saving them all, and even so, I have big organization in my favourites, so even if it was earlier and I could save them all, it would have been difficult for me to going from where I left

I will do now what you recommended me with the KpRm file 😉

[Spy Hunter 5]

Hi, I actually didn't get again that... That seems fixed... So I don't know if reseting Google Chrome would be necessary if I never heard about Advanced Clean Up Set Up since then

 

Thank you very much for your patience with me and for all your help

[Spy Hunter 5]

L'adresse n'est pas microsoft.com, donc ce n'est pas Microsoft PC Manager 😉

[Spy Hunter 5]

3 hours ago, AdvancedSetup said:

Do you mean the Microsoft    PC Manager (Beta) ?
 

You can find and run this and it should remove it

"C:\Program Files\Microsoft PC Manager\Uninst.exe"

 

If you mean something else, please show me a screenshot of the program

 

8 hours ago, AdvancedSetup said:

Please get me a fresh set of logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

No, the Microsoft PC Manager is perfect... I chose it, I wanted to install it, and if it is in my PC this is what I chose... I really meant what I said when I was talking about Advanced PC Clean Up, not the Microsoft software, not Microsoft PC Manager (the URL is obviously not the Microsoft one 

Advanced PC Clean Up is a shareware

[Spy Hunter 5]

2 hours ago, AdvancedSetup said:

Please get me a fresh set of logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

I am sorry to answer you so late... Here they are !

FRST.txt Addition.txt

[Spy Hunter 5]

How can I remove it, please ?

[Spy Hunter 5]

1 hour ago, AdvancedSetup said:

In general Windows can already do the vast majority of maintenance on it's own with it's own tools.

 

Here is a general post about clean up - DO NOT download any software. Simply read and use builtin Windows tools

https://www.makeuseof.com/tag/best-way-clean-windows-10-step-step-guide/

 

8 Simple Ways To Clean Up Your Windows 11/10 PC
https://www.online-tech-tips.com/windows-10/8-simple-ways-to-clean-up-your-windows-11-10-pc/

 

 

Did you have something more in mind you're wanting to do?

 

Oh, I did not know, I left CCleaner for Glary Utilities thinking it was better... Now, I don't know what happens but my Malwarebytes blocked a website www.advabcespccleanup trying to go out with Google Chrome... I wanted to uninstall Advanced PC Clean Up but I did not find any software wearing that name in my PC 😰

[Spy Hunter 5]

Hi,

 

Thank you very much I was a little worried

Yes : I have downloaded the last version of Telegram as I said earlier, and I did it from https://desktop.telegram.org (I always try to download from the editor website

But you did not answer me about the idea to uninstall Glary Utilities, what should I download instead, with the same functions and free ? Do you have a software recommendation ? I don't want to download bad softwares (I don't want another Spy Hunter 5 experience... 1 is fully enough for me)

[Spy Hunter 5]

You said " Possible you became a victim of fraud or social engineering"... Did I ? Really ? What do I have to do ?

 

[Spy Hunter 5]

1 hour ago, AdvancedSetup said:

Il s'agit simplement d'une déclaration générique destinée aux utilisateurs au cas où ils rencontreraient Smart Screen qui les bloquerait.

 

Veuillez désinstaller, mettre à jour ou résoudre les problèmes suivants en fonction de votre ordinateur.

 

Telegram Desktop v.4.10 Attention ! Télécharger la mise à jour

---------------------------- [Applications indésirables] ------------------- ----------
VdhCoApp 1.6.3 Attention ! L'application est distribuée via les programmes de partenariat et les assemblages groupés. Désinstallation recommandée. Il est possible que vous ayez été victime de fraude ou d'ingénierie sociale. Glary Utilities 5.211 v.5.211.0.240 Attention ! Version de démonstration suspectée d'un anti-spyware, d'un programme de mise à jour de pilote ou d'un optimiseur . ----------------------------- [Fin du journal] ---------------- ---------------
 

 

 

Redémarrez ensuite l'ordinateur, recherchez les mises à jour Windows et installez les mises à jour de sécurité.

 

Acclamations

 

I have updated Telegram Desktop from the x64.4.10.0 to the x64.4.10.2, I have uninstalled VdhCoApp 1.6.3, but I usually use Glary Utilities and the version you ask me to uninstall is the last update to day... What should I use if not Glary Utilities ? Can you recommend me a better software to do the same job (not CCleaner, please... I heard bad things about it)

Thank you very much 😊

[Spy Hunter 5]

Ummm the link you sent me is for the Linux users, I am not a Linux user... I use Win10... But will go to the Telegram website to download the last version of Telegram, thank you

Edit, you were right : my version of Telegram was the x64.4.10.0 ... and just downloaded the version x64.4.10.2... Thank you very much 😊

[Spy Hunter 5]

Here is the log generated by SecurityCheck 😊

SecurityCheck.txt

[Spy Hunter 5]

I don't use Edge, my browser is Google Chrome... I found that SmartScreen is on Edge, not Chrome, isn't it ?

[Spy Hunter 5]

1 hour ago, AdvancedSetup said:

Thank you for the log. That should have removed the program

Please run the following

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.
CheckSecurity is a utility for quickly checking for the presence of vulnerable applications

• Temporarily disable Microsoft SmartScreen to download the software
• Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
• If SmartScreen blocks the file from running click on More info and Run anyway
• This tool is safe.   Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
• You can find this file in a folder called SecurityCheck,  C:\SecurityCheck\SecurityCheck.txt

Checked parameters:

1. User Account Control (UAC).
2. Service pack.
3. IE version.
4. Automatic OS update. Sets of critical KB patches when updating is disabled.
5. Antivirus, firewall, other security utilities.
6. Versions of Java, Oracle Virtualbox.
7. Version of Adobe Flash Player, Adobe AIR.
8. Versions of Adobe Reader, Acrobat Reader DC, Foxit Reader.
9. Versions of media players (iTunes, AIMP, foobar2000).
10. Versions of messengers (Skype, Pidgin).
11. Versions of installed browsers (Chrome, Opera, Firefox, Yandex, SeaMonkey).
12. Versions of mail programs (The Bat, Thunderbird).
13. Checking running processes and security program services
14. Searching for installed Adware programs and optimizer programs (More than 5000).

Thank you

 

Ah sorry, you sent me an answer and I didn't see it... I'll do the scan with the SecurityCheck ! Thank you very VERY much for helping me !!! 😉

[Spy Hunter 5]

2 hours ago, AdvancedSetup said:

Please follow the steps below

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

• Bonjour 

 

[ 2 ]

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

• NOTICE: This script was written specifically for this user, for use on this particular machine.
• Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRST64.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\elodi\Downloads\

NOTE. It's important that both files, FRST64.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
               Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt 50.92 kB · 3 downloads

Thanks

 

My computer has been restarted and a new log has been generated, here it is 

Fixlog.txt

[Spy Hunter 5]

Okay, I succeeded in disabling Malwarebytes... I clicked on "Fix", it is running right now 😉

[Spy Hunter 5]

Should I disable Malwarebytes as well and if I need to, how to do it, please ?

[Spy Hunter 5]

I found it, I closed it, 

[Spy Hunter 5]

It asks me to close NVIDIA GeForce Overlay, but I can't find it