detections and removal or quarantine

[Peterr2]

Hello

I am new here.

I ran MBAM in safe mode and detected 2 PUPs, one a file and the other a registry key.

 

I do not want to lose a good file so am afraid to remove them.

How do you know whether to remove or just quarantine and can you leave a file or registry key in quarantine?

Thank you

Peter

[daledoc1]

Hello and welcome back:
 
In general, yes, it is perfectly safe to let MBAM Quarantine anything it finds.
Unfortunately, it's impossible to say for sure with the information provided.  We would need to see the scan logs.

Those detections sound like PUPs
 
Having said that, we cannot formally review scan logs or work on malware diagnostics and removal in this sub-section of the forum.

So,if you would like help with cleaning your system, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you with looking into your issue.

Thanks,

[Peterr2]

Hello DaleDoc1

I apologize for the ommision. They were both PUPS. So, with this in mind should I remove them and all PUPs?

Thank you for your help.

Peter

[daledoc1]

Hi:

 

Same reply as in my previous one.

 

Yes, it is generally safe to do so.

No, we cannot tell for 100% sure without seeing the scan logs.

 

If you aren't sure how to proceed, or if you have problems with the removal, then I suggest that you please follow the advice in this pinned topic: Available Assistance for Possibly Infected Computers.

It explains how to get free, one-on-one help with malware/PUP diagnosis and cleaning.

 

Thank you,

[Peterr2]

Thank you sir I will do my best.

I will have to try to figure out how to attach my logs and how and whereto attach them.

I appreciate your help and di follow all of your referrals one of which was closed.

[daledoc1]

Hi:

 

Well, let's take it one step at a time.

 

FIRST: It would help to know if you are running MBAM 1.75 or MBAM 2?

 

Once we know what version of MBAM you have, we can tell you how where and how to find the logs.

 

Then, we will tell you how to upload them to the forum for someone to review.

 

Thanks,

 

 

[Peterr2]

I am running the newest one as of this afternoon -2.0.2.1012.

This is a great help and once I grasp it I will place the notes in my folder for future reference.

Thank you

[daledoc1]

OK, so, let's now find and export the scan log that has the PUP detections.

 

Please follow these steps shown in the pictures.

When you get to the export part, just save it to your desktop with a file name you can remember, such as ScanLog PUP-05302014.txt

 

Post back when you have located the scan log and have exported/saved it somewhere on the computer, such as the desktop.

 

Then we will show you how to upload it here.

 

Thanks

 

 

[Peterr2]

I have placed the log file on desktop. as text.

[daledoc1]

Excellent!

 

Now to upload it here as an attachment:

 

1: Click the "More Reply Options" button below the message window (bottom right).

2: Click the "Browse" button near the large paper clip below the window (bottom left).

3: Navigate to the saved file on your desktop and double-click to load it.

4: Click the "Attach This File"

5: Click the "Add Reply" button.

 

Thanks!

[Peterr2]

I'll give it a try.

test 1.txt

[Peterr2]

Or is this the right one?

mbam-log-2014-05-30 (18-12-19).xml

[daledoc1]

I'll give it a try.

OK, the process worked.

Excellent job.

 

But that's not the correct file.

That is a protection log.

We are trying to get the SCAN log -- the one that has the 2 PUP detections.

 

Can you please go back into History > Application Logs and look in that window for the SCAN LOG with the date/time corresponding to the scan you originally reported.

I presume it was from earlier today, but I don't know.

Please export it as a TXT file, rather than XML, if you can.

 

>>>Mind you, all of this is pretty much a "long run for a short slide" -- I'm pretty confident that the scan log will show a couple of relatively harmless PUPs that will be perfectly fine to let MBAM quarantine.

However, it is better to be safe than sorry, and at least you are learning your way around the new program.

 

Thanks,

[Peterr2]

Is this better?

another try.txt

[daledoc1]

OK, much better!

 

Yes, the scan log shows that it detected a PUP called Conduit -- that can be a bit tricky to fully remove.

 

I also just noticed from your original post that you said you ran MBAM in Safe Mode.

That is generally not recommended.

To work best, MBAM ought to be run in Normal Windows mode.

 

Let's try this --

Please make sure you are in Normal Windows Mode, not Safe Mode.

It looks as if you have the Free version of MBAM, not the PREMIUM version, so please "Update Now" from the main dashboard.

Then, perform a Threat Scan.

Let MBAM Quarantine what it finds and reboot the computer if it asks to do so.

Post back with the new scan log.

 

Thanks.

[Peterr2]

I will be back tomorrow if ok with you. I have to go now but thank you so much. I seem to be exporting the little one liner instead of the log file.

Have to work on that.

[daledoc1]

Yes, that is fine.

Someone will be here to help you.

 

As I said, it may well turn out that MBAM just needs to be allowed to do its job of quarantining the PUPs.

 

Once we see that Threat Scan log, we should have a good idea how to proceed.

 

Post back when you are ready.

 

Thanks for your patience,

[Peterr2]

Hello

Could it be that the newest version I downloaded yesterday is a bit different than the version you are using?

I just click 'main menu' after the scan and the log file is there.

I attach that to my post. It contains date, time, and an analysis of the scan.

Is this correct?

[daledoc1]

Yes, there are multiple ways to achieve the same thing in version 2, and there are some differences between manual scans (in both the Free version & the PREMIUM version) and automated/scheduled scans (in the PREMIUM version, which run silently).

 

We really just need to see the SCAN LOG that had the detections.  As I said, it's possible that MBAM did its job and you are now free of the PUPs.

 

Is your most recent scan clean - can you please attach the scan log?

 

If this most recent scan is clean, what do you see when you open History > Quarantine?

[Peterr2]

I made a mistake and removed everything confusing the log with removal.

 

At any rate I cannot thank you enough for telling me how to get help sorting these detections out. I will come back with my first detection and the appropriate log file. I remember the older log files where you used the edit to copy and the post to paste. This is a lot easier.

[daledoc1]

OK, good.

 

But, I am still just trying to verify that MBAM now scans clean and that all traces of the PUPs have been removed?

 

If you wish to do so, can you please do the following in Normal Windows mode:

1. "Update Now" from the main dashboard.

2. Run a Threat scan.

3. Report back if the scan is clean -- if it is not, then please post the log back here so someone can review it.

 

Yes, there *are* a number of different ways to Export and Copy/Paste logs -- different strokes for different folks.  It sounds as if you are learning your way around the new program interface.

 

Cheers,

[Peterr2]

I spoke to soon.

The threat scan was negative - no detections and my process of clicking main menu did not work. I tried your way and that produced the Protection chart to export not the log file.

Apparently I have a setting that is not allowing me to get the log file to export..

[Peterr2]

Ok, View detailed log not main menu is what I should have clicked - sorry.

Attached is a log file and thank you for your patience.

log file.txt

2nd log file.txt

[Firefox]

Peterr2 those to log files show that you performed a scan with the latest version of the database and both came back clean. You should be good to go now.

[daledoc1]

@Firefox:

 

Thanks for stepping in to review the logs.

 

@Peterr2:

 

Yes, it looks good.

 

Thanks for your patience.

 

Take care,