Jump to content

False Positive on a Google Chrome "Secure Preferences" file?

anton84

By anton84
in File Detections

 Share

Recommended Posts

anton84

anton84

Posted
Posted
Hello,
 
The following file was just flagged twice on the latest database files; Malware Database: v2015.03.17.02 and Rootkit Database: v2015.02.25.01.
 
File Detected:
PUP.Optional.ASK.A, C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: (                  "homepage": "http://www.search.ask.com/?gct=hp",),No Action By User,[fdacec36830796a0a9dced3c22e456aa]
 
I couldn't find any related information on the web, and I don't seem to have any unwanted browser extensions and/or background programs currently running.  I know Chrome tends to trip a lot of PUP warnings as of late, but better safe than sorry.  Please advise if this is accurate or not.
 

 

Thanks

Log - Secure Preferences.txt

Secure Preferences File.zip

Link to post
Share on other sites
anton84

anton84

Posted
  • Author
Posted

Apologies for the double post, but I forgot to mention that the only homepage that I currently have listed in Chrome, or any of my browsers for that matter, is google.com.  Ask.com is no where to be found on my system at the moment.

 

A general file search on "ask.com" only returned in the same log file already attached previously.

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

 

It might be possible that Chrome is reading from your normal Preferences file still instead of the Secure Preferences (introduced since Chrome build 37 if not mistaken)

If you would open the following file in notepad: C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, then you should find the ask.com reference for Homepage, as that's also what Malwarebytes reads.

Link to post
Share on other sites
nikkarad

nikkarad

Posted
Posted

I have the same problem with "mystartsearch".

 

The line is:

 

"startup_urls": [ "http://websearch.thesearchpage.info/?pid=20495&r=2015/01/22&hid=14384953613365809536&lg=EN&cc=GR&unqvl=74", "http://www.mystartsearch.com/?type=hp&ts=1422129496&from=smt&uid=3219913727_198313_EAEC1490", "http://www.mystartsearch.com/?type=hppp&ts=1422129555&from=smt&uid=3219913727_198313_EAEC1490" ]
   },
 
 
How do i adjust it so i would no longer get notifications?
Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi nikkarad,

 

This is no false positive - so in order to have this fixed, make sure you select (put a checkmark in front) the detected entry; then click the "delete" button.

Make sure your Chrome browser (or other browser) is closed before you remove.

In case it returns again, I suggest you read this thread: https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/where instructions are posted for additional help to get rid of this.

 

Thanks

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.