rtot Posted August 17, 2015 ID:983837 Share Posted August 17, 2015 Yesterday I did a fresh install of Windows 7 and it was fully patched through Windows Update before I did any searching and installing of new programs. The computer is behind a router and the Windows Firewall was active before going online to download updates. The only programs that I downloaded were downloaded from the program's official sites, so I don't see how I could have become infected. I downloaded the following: Malwarebytes Anti Exploit Free, Malwarebytes Anti Malware, Panda Internet Security Free Trial, Firefox with the add-ons NoScript and Adblock Plus. These are all reputable programs that I doubt contain any PUPs bundled. I scanned the computer with Malwarebytes and it finds two registry keys that it says are PUP.Optional.MySearchTB.A. Are these false positives? I have no faith in my fresh install now, so I appreciate any insight on these findings. Please see the Malwarebytes log below: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 8/16/2015Scan Time: 10:50 PMLogfile: pup.txtAdministrator: NoVersion: 2.1.8.1057Malware Database: v2015.08.17.02Rootkit Database: v2015.08.16.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: XXXXScan Type: Custom ScanResult: CompletedObjects Scanned: 390375Time Elapsed: 32 min, 0 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62155D33-3CE2-401E-8967-5A270628A3D5}, , [72748d7cc9c27abc1a447b582fd34ab6],PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62155D33-3CE2-401E-8967-5A270628A3D5}, , [72748d7cc9c27abc1a447b582fd34ab6],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 17, 2015 Staff ID:983839 Share Posted August 17, 2015 Can you explort this registry key and see what it says there? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}\ Link to post Share on other sites More sharing options...
rtot Posted August 17, 2015 Author ID:983843 Share Posted August 17, 2015 How do I attach the registry export file? Link to post Share on other sites More sharing options...
rtot Posted August 17, 2015 Author ID:983844 Share Posted August 17, 2015 Here is the text of the file you requested:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}]"Policy"=dword:00000003"AppPath"="C:\\Program Files (x86)\\pandasecuritytb""AppName"="ToolbarCleaner.exe""AppPathName"="C:\\Program Files (x86)\\pandasecuritytb\\ToolbarCleaner.exe" Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 17, 2015 Staff ID:983845 Share Posted August 17, 2015 Thanks. This will be fixed next update. Its a false positive indeed. Link to post Share on other sites More sharing options...
rtot Posted August 17, 2015 Author ID:983846 Share Posted August 17, 2015 Great, thank you! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now