Jump to content

MBAM Premium - Daily Scan's picked up something, need help


Recommended Posts

Hi 

I need help, please. I don't know what action to take :blush:.

My MBAM Premium has just finished its daily Threat Scan and to my surprise  found one threat and quarantined it. 

Is the found threat a real threat or has MBAM mistakenly quarantined a legit registry key? ... the reason I am asking is because I have Sony Vaio laptop, the found PUP is called "IOLO" and I have a suspicion that IOLO could be one of the components of my Sony Vaio laptop which has been there for years.

On the other hand the found threat could be a real harmful threat which just happens to share the name IOLO.

Please let me know how to tackle this problem.

Thanks

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/12/2016
Scan Time: 17:42
Logfile: 1 found.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.02.09
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MCNEELY

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321958
Time Elapsed: 30 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.IoloSC, HKU\S-1-5-21-350187361-2601025631-4004757972-1001\SOFTWARE\IOLO\System Mechanic, Quarantined, [08890ed4e4b6231315652c72bb45e51b], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

41 minutes ago, grunf said:

Reason for that can be found here:

https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/

If I were You I would've removed it completely.

I know Malwarebytes has been much tougher on PUPs for a while, which is great to see, thank you. 

Even if this flagged up IOLO registry key is legit for removal because of being undesirable PUP. The problem I have is that IOLO on my machine doesn't seem to be a standalone installed program which I could just remove from Control Panel. It seems to be ( by my super wild guess ) part of Sony Vaio Care because when I found some files in Program Data concerning IOLO the last update date of them corresponds with the Vaio Care Update which makes me believe that deletion of this registry key could potentially break the functionality of Vaio Care itself? 

 How dangerous is this PUP exactly? Is it fine to leave it in quarantine indefinitely? Wouldn't deletion of this PUP from quarantine do more harm than good because there would be remnants associated with this PUP left scattered on my hard drive?

 

Link to post
Share on other sites

Hello,

I had the same problem: over 100 pup.optional.iolosm items placed in quarantaine by MalwareBytes today!

 

The whole program System Mechanic did not work anymore, thats not good!

 

Please MalwareBytes: work on it and fix this for me and many other MalwareBytes users, in combination with System Mechanic users from IOLO.

Ruud53.

Link to post
Share on other sites

On 12/3/2016 at 4:08 PM, grunf said:

Since You cannot delete it just add it to exclusion under Settings > Malware Exclusion

Can you please guide me which file/folder to add in  "Malware Exclusions"?

 I can't find anything named "IOLO" under "Program Files".  

There is a folder in "Program Data" called " iolo " however there is nothing logged in the iolo logs, it is empty. 

Thanks

Link to post
Share on other sites

  • Staff

The most effective way to deal with PUP (Potentially Unwanted Program) detections, that you wan to keep is to do the following:

Versions 2.x:

Launch Malwarebytes and click Settings>Advanced Settings
In that window, Uncheck the box next to Automatically quarantine detected items'
Now go to 'Detection and Protection' (on the left hand side) and change the PUP and PUM settings to 'Warn user about detections'

Reinstall the detected program if  necessary, then run a Scan.  When the scan completes, uncheck the boxes next to all the detections and click the Next button. (To uncheck them all at once, check the uppermost box next to 'Threats')

In the Next pane, select 'Ignore Always'.  After this, Malwarebytes will no longer detect that program.

 

Version 3.0:

Launch Malwarebytes and click Settings>Protection
Scroll down to 'Potential Threat Protection; and change the PUP setting to 'Warn user about detections'

Reinstall the detected program if  necessary, then run a Scan.  When the scan completes, uncheck the boxes next to all the detections and click the Next button. (To uncheck them all at once, check the uppermost box next to 'Threats')

In the Next pane, select 'Ignore Always'.  After this, Malwarebytes will no longer detect that program.

Please let me know how that worked out for you.

 

 

Link to post
Share on other sites

On 12/8/2016 at 3:07 PM, Ried said:

The most effective way to deal with PUP (Potentially Unwanted Program) detections, that you wan to keep is to do the following:

Versions 2.x:

Launch Malwarebytes and click Settings>Advanced Settings
In that window, Uncheck the box next to Automatically quarantine detected items'
Now go to 'Detection and Protection' (on the left hand side) and change the PUP and PUM settings to 'Warn user about detections'

Reinstall the detected program if  necessary, then run a Scan.  When the scan completes, uncheck the boxes next to all the detections and click the Next button. (To uncheck them all at once, check the uppermost box next to 'Threats')

In the Next pane, select 'Ignore Always'.  After this, Malwarebytes will no longer detect that program.

 

Version 3.0:

Launch Malwarebytes and click Settings>Protection
Scroll down to 'Potential Threat Protection; and change the PUP setting to 'Warn user about detections'

Reinstall the detected program if  necessary, then run a Scan.  When the scan completes, uncheck the boxes next to all the detections and click the Next button. (To uncheck them all at once, check the uppermost box next to 'Threats')

In the Next pane, select 'Ignore Always'.  After this, Malwarebytes will no longer detect that program.

Please let me know how that worked out for you.

 

Hi Ried

Great instructions :). Thank you very much . After all the steps you kindly recommended I performed another Threat Scan and the detection in question was no longer being picked up. 

The only thing I am not clear about is when the item was quarantined first time when I made this post it was logged in MBAM as: PUP.Optional.IoloSC but  after restoration of the detected program whilst in the middle of following your instructions, the detected program was logged in MBAM log as PUP.Optional.IoloSM. Why was there a slight difference in the way it was named?

Registry Keys: 1
PUP.Optional.IoloSC, HKU\S-1-5-21-350187361-2601025631-4004757972-1001\SOFTWARE\IOLO\System Mechanic, Quarantined, [08890ed4e4b6231315652c72bb45e51b], 

 

Registry Keys: 1

PUP.Optional.IoloSM, HKU\S-1-5-21-350187361-2601025631-4004757972-1001\SOFTWARE\IOLO\System Mechanic, No Action By User, [064c6382f0aac86ebc21881bb14f37c9],

Thanks

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.