Jump to content

Recommended Posts

A Malwarebytes v3.2.2 Threat Scan (database v1.0.3104) flagged registry entries associated with my IE9 browser today for PUP.Optional.ASK.  I don't normally use IE9 (my default browser is currently FF ESR v52.4.0) but I suspect MB incorrectly detected registry entries for Norton Safe Search (a feature bundled with my Norton Toolbar v2015.12.0.5) as PUP.Optional.Ask, since Norton Safe Search uses the Ask.com search engine.

Here's the scan log:  MB v3_2_2 Threat Scan PUP_Optional_ASK 26 Oct 2017.txt

Registry Key: 1
PUP.Optional.ASK, HKU\S-1-5-21-3086198521-800258848-3831315664-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{104390CA-E40C-43BF-A771-26DE9E4121CC}, No Action By User, [525], [450494],1.0.3104

Registry Value: 1
PUP.Optional.ASK, HKU\S-1-5-21-3086198521-800258848-3831315664-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{104390CA-E40C-43BF-A771-26DE9E4121CC}|URL, No Action By User, [525], [450494],1.0.3104

59f273ecac0f5_IENortonSafeSearchAskdotcom.png.17ef516f38e0a391687f9ede2f5d9390.png

----------
32-bit Vista Home Premium SP2 * NS Premium v22.11.0.41 * Firefox ESR v52.4.0 * IE9 * MB Premium v3.2.2.2018-1.0.212

Edited by lmacri
Link to post
Share on other sites

Had the same thing I think . This A FP?

 

Registry Key: 1
PUP.Optional.ASK, HKU\S-1-5-21-3846363274-3381774146-412316661-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1ED1E7E6-28B7-4DD8-8C5B-9005C0ED7FAF}, Quarantined, [525], [450494],1.0.3103

Registry Value: 1
PUP.Optional.ASK, HKU\S-1-5-21-3846363274-3381774146-412316661-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1ED1E7E6-28B7-4DD8-8C5B-9005C0ED7FAF}|URL, Quarantined, [525], [450494],1.0.3103

 

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3103

 

 

Edited by Clang
Link to post
Share on other sites

3 hours ago, Clang said:

...
Registry Key: 1
PUP.Optional.ASK, HKU\S-1-5-21-3846363274-3381774146-412316661-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1ED1E7E6-28B7-4DD8-8C5B-9005C0ED7FAF}, Quarantined, [525], [450494],1.0.3103

...

Hi Clang:

I always have Norton Safe Search disabled in my Norton Security Toolbar (I'm not a fan of Ask.com and don't know why Norton chose them as a partner for their Safe Search feature in the first place) but I noticed your scan log shows that MB v3.2.2 quarantined the Safe Search registry entries.  If you use the Norton Safe Search search engine in your browser(s) and find it's not working correctly it's safe to restore these registry entries from the Quarantine tab on the right-hand menu pane of your your Malwarebytes interface since these PUP.Optional.ASK detections were confirmed as false positives.

Just FYI, I prefer to review lower-risk detections like PUP.Optional.Ask, PUP.Optional.Legacy, etc. before they are quarantined so I've change the options for PUP and PUM detections in Malwarebytes (Settings | Protection | Potential Threat Protection) from Always Detect (automatic removal) to Warn User.  That's why my scan log in post # 1 states No Action By User instead of Quarantined.
----------
32-bit Vista Home Premium SP2 * NS Premium v22.11.0.41 * Firefox ESR v52.4.0 * IE9 * MB Premium v3.2.2.2018-1.0.212

Edited by lmacri
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.