thisisu

You're welcome. No you won't need to reinstall MBAM -- It should update on its own. Database v2016.02.16.06 is available now.

Actually we're going to remove these detections. I was wrong about the installer file being the same as the main executable. They are indeed the same. The bulk of definitions are being removed in database version v2016.02.16.06, the remaining ones will be removed in v2016.02.16.07. Sorry for any inconvenience caused.

Most likely you still have an installer for µTorrent on your PC which in most cases contains the OpenCandy module. I provided an example below with one of the pre-checked offers on the left. This is the OpenCandy portion of the installer. Basically we're saying that "Pluto TV" is potentially unwanted since it's being offered by an installer that should only contain µTorrent. This is why it is currently detected as PUP.Optional.OpenCandy which is a lesser detection compared to Trojan, worm, rootkit, etc. If you already have µTorrent installed, you should be able to safely quarantine the installer file which is not the same as the µTorrent application itself. Use the shortcuts on your desktop or start menu to access µTorrent, not the installer you originally downloaded and installed.

Hi mikebrayshaw, I'm pretty sure I know which detections you are referring to without even seeing the log so I wanted to respond now incase I didn't get a chance later on today. These are not false positives. The software has changed since August 2015 and has met our criteria for listing as potentially unwanted once again in February 2016. It is currently detected as PUP.Optional.DriverRestore which is a lesser type of detection compared to "Trojan", "Rootkit", "Worm", etc.. You are welcome to continue using the software if you'd like. Here is how to add it to Malwarebytes' exclusion list so future scans of Malwarebytes do not detect it: Open Malwarebytes Choose Settings Choose Malware Exclusions Now use the Add File and/or Add Folder buttons in the bottom right of the screen to which folders and files for Malwarebytes to ignore. That's all If you'd like to understand more and/or you are the developer of this software, please read: Malwarebytes PUP Criteria Best regards

Hello, This is a file threat as opposed to Website Blocking right? In any case, please provide your log so we can take a look.

Hi, JRT doesn't search for those registry keys. The cons of having this remain in the tool seemed to outweigh the pros so it was removed a while ago. I'll keep the idea in mind though to bring this back while not significantly slowing down scan times.

Will be fixed in next update. Thanks for reporting.

I've delisted this one and another similar file in version 8.0.3 which will probably be released within the next few days. They appear to be from ASUS, but if it gets returned on reboot, there's really no point in JRT deleting it.

Thanks all. The toolbar issue should be fixed in 8.0.3 which will hopefully be released soon. Haven't been able to reproduce the SearchAssistant value being deleted using that URL so I have that left that alone for now.

Do you get an error message of any sort when you try? If so, can you relay that to me. I was able to reproduce this as a FP which in turn deletes the HKLM version of "StartPage" too. Will be fixed in the next version

Hi, IE6 should still launch, why do you say it's "wrecked"? So I can get a better understanding, what URL(s) were these set to? HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) __ As for these below (something I was able to research), they appear adware related to me and others. HKCU\Software\Microsoft\Internet Explorer\Toolbar\\{1E796980-9CC5-11D1-A83F-00C04FC99D61} - here, here, and hereHKCU\Software\Microsoft\Internet Explorer\Toolbar\\{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} - here, here, and here Regards

Hi, Thanks for your report. That file probably is related to ASUS X551MA being the model number of the product 8086 being a vendor number associated with Intel Unsure about that last string (AF0620EC) In any case, I'll remove detection for it in an upcoming build if it is constantly readded. But no, it doesn't appear to be malware related. It's just an unusual place for any software to drop a system file. Regards

No problem

Hello Can you confirm you're running version 8.0.2 and then that's pulling down the update? If you're running 8.0.1 (from wherever), it will pull down 8.0.2 to %temp%\jrt\JRT_NewerVersion and then run. If you run 8.0.2 again, it won't pull itself down again. However, if you run 8.0.1 again, it will. The Content.IE5 folders -- this is normal behavior and indeed isn't an infection.

Hi, A new version of JRT was released today -- 8.0.2 Changelog: Version 8.0.2 (01.06.2016:1) New heuristic: MintCast Updated: Database Updated: Whitelist -> FireFox -> GreaseMonkey custom scripts Updated: Heuristic -> Content.IE5 folders -> Now includes support for Windows Vista, 7, 8, 8.1, 10 Thanks everyone for being patient. We'd like to hear your feedback! Regards, Filipos

Thank you for the report. This is being fixed in about 15-20 mins. -> https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314

Thank you for the report. This is being fixed in about 15-20 mins. -> https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314

Thank you for the report. This is being fixed in about 15-20 mins. -> https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314

Thank you Clade

Nice So it seems fixing some of the issues via sfc /scannow helped. Maybe the volume is somewhat dirty -- this can delay scan times too. Glad to hear it's somewhat working despite the longer than expected scan time. In general, the browser scan does take the longest. Regards

Hi Thanks for the additional information. I know there were some issues with the shortcut scan in the past but I haven't heard of any issues since 8.0.0 was released. I rewrote the entire tool in that version. 16 minutes to scan is definitely longer than it should be. Have you checked for other issues on the computer (possibly bigger than adware/junkware problem)? If you don't mind, you might want to visit here just to make sure you nothing else may be causing an issue. Unfortunately I wasn't able to replicate the issue here. I'm seeing the tool complete even on Windows 10 Pro x64 PR so I'm thinking it's probably not related to JRT (link to pics below) but will continue to monitor forums if others are experiencing the same issue which might help me identify the cause. http://imgur.com/a/ZZUeh Regards

Hi, So the problem is only on Windows 10 x64? I'll be able to test for issues later on today and into the next week.

Installed Windows 8.1 Portuguese version. No issues here but this is a clean install with default amount of shortcuts. Since the screenshot you posted is from Windows 10, make sure you're not clicking inside the command prompt window as the tool is scanning as I've noticed it will pause the scan right there. You can press the ESC key to unpause/continue. I'm not sure if this applies to your situation or not. I'll keep an eye out for others that may experience this issue. Thanks again for reporting. Happy Holidays

Thank you for the report. I'll try to replicate the issue. You're using Portuguese version of Windows 7, 8.1, and 10 -- is that correct? Regards

Hi, Thank you for reporting this. "it told me that it so successfully." the files were quarantined successfully? Can you please post the full report and/or let us know which database version you are using. Also, can you attach said files for review please? Thanks!