Jump to content
eliuri

Possible False Positives? Reboot.exe and Open Candy: PUPs

Recommended Posts

Hi:

 

I have not installed anything since my last scan with Malware AntiBytes

 

I find the folllowing four entries listed as PUPs in this morning scan:

 

C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken

 

C:\Documents and Settings\(User Name) \Application Data\OpenCandy\OpenCandy_E943DCC5F2984B908E1C481EE1D4C7BC\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.

 

C:\Documents and Settings\(User Name)\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.

C:\Documents and Settings\(User Name)\Application Data\OpenCandy\OpenCandy_E943DCC5F2984B908E1C481EE1D4C7BC\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.

 

I dont know what this reboot.exe is . Nor do I know what Open Cany program is and what it does.

 

My complete scan with Avira Antivirus doesnt show these.

 

Any idea what these are?

 

Is there  a way I can quarantine these files /folders until this is clarified?

 

I'm using the free version of Malwarebytes with latest update.

 

Thanks in advance:

 

eliuri

===================

 

Windows XP Pro SP3

Avira Antivirus Premium

Share this post


Link to post
Share on other sites

Thanks. Will do when I have more time.

 

Question: If I choose Remove for these PUPs  programs are they deleted by Malwarebytes or are they placed in Quarantine until I can sort this out?

 

Thank you

Share this post


Link to post
Share on other sites

Hi,

 

By default, for anything you remove with Malwarebytes, it goes to the quarantine folder. You can see the quarantined items under the quarantine tab in Malwarebytes.

Share this post


Link to post
Share on other sites

Mb found OpenCandy on my desktop.    Each time I try to remove it, Mb locks up with a 'not responding.'     Using Free version, 1.75.0.1300.    Is there another way to remove OpenCandy?

Share this post


Link to post
Share on other sites

I have run Mb 3 times and after it finds the OpenCandy and I try to remove the three PUPs, Mb locks up and does not create a Log file.     I am re-running Mb now and will not try to remove to see if I can save a copy of the log by exiting.     Thanks for the help.

Share this post


Link to post
Share on other sites

I ran a quick scan, saved the Log.     Copied and pasted as followes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: XPS [administrator]

9/4/2013 2:36:35 PM
MBAM-log-2013-09-04 (14-47-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242711
Time elapsed: 11 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\David\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\David\AppData\Roaming\OpenCandy\4DA5A89ACC374C0386A37B3490F60DF8 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\David\AppData\Roaming\OpenCandy\OpenCandy_4DA5A89ACC374C0386A37B3490F60DF8 (PUP.Optional.OpenCandy) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)
 

Share this post


Link to post
Share on other sites

Hi,

 

I do not see any OpenCandy references on your desktop though.

Malwarebytes detects the following folder: C:\Users\David\AppData\Roaming\OpenCandy

So if mbam has problems with removing, try to remove the OpenCandy folder manually from there.

If you can't find this OpenCandy folder (since by default the appdata\roaming directory is hidden in windows), please see here how to reveal them:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

If you're still having problems to remove this OpenCandy folder, try to remove it from Windows safe mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7

Share this post


Link to post
Share on other sites

Hello, I'm detecting this roboot.exe in Malwarebytes as well.. And it is doing the same on my machine..Malwarebytes locks up after hitting the quarantine button.

Share this post


Link to post
Share on other sites

T1000:

Please reference: Please read before reporting a false positive
 
Post #2

 

If you are not a member of Staff or Experts group please do not reply to other users posts in either the File or Web Blocking forums.

 
If you want to submit a possible False Positive please start your own topic following the guidance in the above referenced URL.
 
If you need support on the product, please post in; Malwarebytes Anti-Malware Help
 
If you need help removing malware, please seek assistance in; Malware Removal Help

Thank you for understanding.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.