Jump to content

detections and removal or quarantine

Recommended Posts


I am new here.

I ran MBAM in safe mode and detected 2 PUPs, one a file and the other a registry key.


I do not want to lose a good file so am afraid to remove them.

How do you know whether to remove or just quarantine and can you leave a file or registry key in quarantine?

Thank you


Link to post
Share on other sites

Hello and welcome back: :)
In general, yes, it is perfectly safe to let MBAM Quarantine anything it finds.
Unfortunately, it's impossible to say for sure with the information provided.  We would need to see the scan logs.

Those detections sound like PUPs
Having said that, we cannot formally review scan logs or work on malware diagnostics and removal in this sub-section of the forum.

So,if you would like help with cleaning your system, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you with looking into your issue.


Link to post
Share on other sites



Same reply as in my previous one. :)


Yes, it is generally safe to do so.

No, we cannot tell for 100% sure without seeing the scan logs.


If you aren't sure how to proceed, or if you have problems with the removal, then I suggest that you please follow the advice in this pinned topic: Available Assistance for Possibly Infected Computers.

It explains how to get free, one-on-one help with malware/PUP diagnosis and cleaning.


Thank you,

Link to post
Share on other sites

Thank you sir I will do my best.

I will have to try to figure out how to attach my logs and how and whereto attach them.

I appreciate your help and di follow all of your referrals one of which was closed.

Link to post
Share on other sites



Well, let's take it one step at a time.


FIRST: It would help to know if you are running MBAM 1.75 or MBAM 2?


Once we know what version of MBAM you have, we can tell you how where and how to find the logs.


Then, we will tell you how to upload them to the forum for someone to review.





Link to post
Share on other sites

OK, so, let's now find and export the scan log that has the PUP detections.


Please follow these steps shown in the pictures.

When you get to the export part, just save it to your desktop with a file name you can remember, such as ScanLog PUP-05302014.txt


Post back when you have located the scan log and have exported/saved it somewhere on the computer, such as the desktop.


Then we will show you how to upload it here.







Link to post
Share on other sites



Now to upload it here as an attachment:


1: Click the "More Reply Options" button below the message window (bottom right).

2: Click the "Browse" button near the large paper clip below the window (bottom left).

3: Navigate to the saved file on your desktop and double-click to load it.

4: Click the "Attach This File"

5: Click the "Add Reply" button.



Link to post
Share on other sites

I'll give it a try.

OK, the process worked.

Excellent job. :)


But that's not the correct file. :(

That is a protection log.

We are trying to get the SCAN log -- the one that has the 2 PUP detections.


Can you please go back into History > Application Logs and look in that window for the SCAN LOG with the date/time corresponding to the scan you originally reported.

I presume it was from earlier today, but I don't know.

Please export it as a TXT file, rather than XML, if you can.


>>>Mind you, all of this is pretty much a "long run for a short slide" -- I'm pretty confident that the scan log will show a couple of relatively harmless PUPs that will be perfectly fine to let MBAM quarantine.

However, it is better to be safe than sorry, and at least you are learning your way around the new program. :)



Link to post
Share on other sites

OK, much better!


Yes, the scan log shows that it detected a PUP called Conduit -- that can be a bit tricky to fully remove.


I also just noticed from your original post that you said you ran MBAM in Safe Mode.

That is generally not recommended.

To work best, MBAM ought to be run in Normal Windows mode.


Let's try this --

Please make sure you are in Normal Windows Mode, not Safe Mode.

It looks as if you have the Free version of MBAM, not the PREMIUM version, so please "Update Now" from the main dashboard.

Then, perform a Threat Scan.

Let MBAM Quarantine what it finds and reboot the computer if it asks to do so.

Post back with the new scan log.



Link to post
Share on other sites

Yes, that is fine.

Someone will be here to help you.


As I said, it may well turn out that MBAM just needs to be allowed to do its job of quarantining the PUPs.


Once we see that Threat Scan log, we should have a good idea how to proceed.


Post back when you are ready.


Thanks for your patience,

Link to post
Share on other sites


Could it be that the newest version I downloaded yesterday is a bit different than the version you are using?

I just click 'main menu' after the scan and the log file is there.

I attach that to my post. It contains date, time, and an analysis of the scan.

Is this correct?

Link to post
Share on other sites

Yes, there are multiple ways to achieve the same thing in version 2, and there are some differences between manual scans (in both the Free version & the PREMIUM version) and automated/scheduled scans (in the PREMIUM version, which run silently).


We really just need to see the SCAN LOG that had the detections.  As I said, it's possible that MBAM did its job and you are now free of the PUPs.


Is your most recent scan clean - can you please attach the scan log?


If this most recent scan is clean, what do you see when you open History > Quarantine?

Link to post
Share on other sites

I made a mistake and removed everything confusing the log with removal.


At any rate I cannot thank you enough for telling me how to get help sorting these detections out. I will come back with my first detection and the appropriate log file. I remember the older log files where you used the edit to copy and the post to paste. This is a lot easier.

Link to post
Share on other sites

OK, good.


But, I am still just trying to verify that MBAM now scans clean and that all traces of the PUPs have been removed?


If you wish to do so, can you please do the following in Normal Windows mode:

1. "Update Now" from the main dashboard.

2. Run a Threat scan.

3. Report back if the scan is clean -- if it is not, then please post the log back here so someone can review it.


Yes, there *are* a number of different ways to Export and Copy/Paste logs -- different strokes for different folks.  It sounds as if you are learning your way around the new program interface.



Link to post
Share on other sites

I spoke to soon.

The threat scan was negative - no detections and my process of clicking main menu did not work. I tried your way and that produced the Protection chart to export not the log file.

Apparently I have a setting that is not allowing me to get the log file to export..

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.