Jump to content

Malwarebytes Quick Scan vs. Full Scan


Recommended Posts

I use Malwarebytes free on a regular schedule for years to ensure I am malware-free.  Recently, I developed the symptoms of possible malware (problems with copy/paste) so I ran the full scan instead.  It found a malware - I don't recall which one.  I had it clean, and for a couple of days, things seemed ok.  Today, I am running the full scan again, and it has found 3 more instances since it started.  My question is - is the quick scan as good as the full scan?  I can't understand what has changed.  I always update Windows when required, keep Zone Alarm running and up-to-date, use Avast and keep it current, scan regularly for viruses and never find any.  Have I been missing these malwares because I've been only using the quick scan, or is there likely some other source?  I will come back with a report when the scan finishes (whenever that is :)   ). 

Link to post
Share on other sites

Without log extraction detailing what was found a definitive answer can't be provided.

 

A Quick Scan scans those areas that are "most likely" or "well known" to be locations of malware.  A Full Scan, which takes noticeably longer, scans the entire system disk(s).

 

Please post the excerpts of the MBAM logs showing these events.

Link to post
Share on other sites

David,

 

Thanks for responding so quickly.  Sorry it took me a while to finish the scan.  Here is the log that was generated.  I hope this is the information you are looking for.  I have a list of items to be removed, but am holding off in case you think I should do something else.  They all say PUP.Optional, which I hope means I don't have some awful thing going on.  I did install some software recently that seemed to include this SweetPaks thing.  I uninstalled the software including the SweetPaks, and ran antivirus and Malwarebytes after that.  Today is the first time these have shown up, but as I said, I ran the full scan.

 

Thanks,

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: ADAMSLT04 [administrator]

8/2/2013 12:23:35 PM
MBAM-log-2013-08-02 (14-32-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 537158
Time elapsed: 2 hour(s), 7 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data:  -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.

Files Detected: 11
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\1371868084_32799522_606_4.tmp (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\1371868117_32832344_855_6.tmp (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\hsbing_717_active.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\Shortcut_sweetpacks_632013.exe (PUP.Optional.SweetIM) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.

(end)

Link to post
Share on other sites

OK.  What I see are all "PUP.Optional".  That's new.  That could be why the full scan caught it as Malwarebytes has taken a very new aggressive stance on Potentially Unwanted Programs (PUPs).  Since this is so new, it may be when you did a Quick Scan it was prior to to the new signature implementation which was announced Monday.
 
Reference:
Malwarebytes Adopts Aggressive PUP Policy

Link to post
Share on other sites

David,

 

Sorry for the delay in responding.  Thanks to your link, I understand what's going on, and completely agree that even software like this is highly undesirable, and I'd rather know it's there and get rid of it.  I'm just glad I understand how Malwarebytes works a little better now. 

 

It is incredibly helpful to have folks like you explain all this.  This environment we are in now with all the virus/malware out there is very threatening, and people like me just don't have the knowledge to respond to it.  I am so grateful that you give your time to help us.

 

Thank you so much.  :)

Link to post
Share on other sites

  • 3 weeks later...

Hello and welcome, Joke: :)
 
Until DHL returns...
 

Same problem: already removed SweetPacks program, however, every daily Malwarebytes scan produces the PUP.Optional.SweetPacks malware. 
 
How do you find and remove this issue?

 

There is more information about PUPs here:  What are the 'PUP' detections, are they threats and should they be deleted?

 

If you aren't sure what to delete or need other help, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.
A qualified malware expert will guide you through the cleanup process.

Thanks,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.