Somethreads that go into quarantine, I delete them, but never go away

[amg3]

Hi, 

Malwarabytes has detected some threads. I put them into quarantine, then deleted them, but if I scan again, it keeps coming back. 

What can I do?

 

Thanks

Amg

[Aura]

Hi amg3

Can you provide me the Malwarebytes log where I can see which threats are detected?

[amg3]

Thank you Aura

 

Here they are 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/8/17
Scan Time: 8:51 PM
Log File: 896b4f37-c46e-11e7-b425-a0481c1c038d.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3204
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: SUCCESS\adinm_000

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 502426
Threats Detected: 8
Threats Quarantined: 8
Time Elapsed: 2 hr, 1 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 8
PUP.Optional.SweetPage, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [2808], [455284],1.0.3204
PUP.Optional.Softonic, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [665], [455288],1.0.3204
PUP.Optional.Softonic, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [665], [455288],1.0.3204
PUP.Optional.Softonic, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [665], [455288],1.0.3204
PUP.Optional.Softonic, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [665], [455288],1.0.3204
PUP.Optional.WinYahoo, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [63], [454790],1.0.3204
PUP.Optional.Softonic, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [665], [455288],1.0.3204
PUP.Optional.Softonic, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [665], [455288],1.0.3204

Physical Sector: 0
(No malicious items detected)

(end)

[Aura]

Thank you. Install the latest version of Malwarebytes available (3.3):

https://forums.malwarebytes.com/topic/213935-malwarebytes-33-now-available/

Once done, follow the instructions in the thread below and let me know if that solves your issue or not.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

 

[amg3]

I tried this. The steps you asked me to follow from that thread, The "Reset Sync" button was greyed out. 

I did the rest and rerun the scan. It only finds two threads now, but I cannot delete them. 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/10/17
Scan Time: 2:26 AM
Log File: 8b13250e-c566-11e7-b08a-a0481c1c038d.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3214
License: Trial

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 497652
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 hr, 9 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.SweetPage, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [2807], [455284],1.0.3214
PUP.Optional.WinYahoo, C:\USERS\ADINM_000\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [63], [454790],1.0.3214

Physical Sector: 0
(No malicious items detected)

(end)

[Aura]

First of all, for more explanation about why this issue is occurring, read Fatdcuk's post below.

https://forums.malwarebytes.com/topic/214438-chrome-web-data-pup-wont-go-away/?do=findComment&comment=1180550

Now, if you aren't running the latest version of Malwarebytes already (which is 3.3.1 at this time), please download and install the latest (in-place upgrade) from the website directly.

https://downloads.malwarebytes.com/file/mb3/

Alternatively, you can open Malwarebytes, go to the Settings tab, and under the Application tab, click on the Install Application Updates button. This way, Malwarebytes will look for a newer version of the program and if found, asks you if you want to install it (do so).

Once done, follow the instructions in the thread below and see if that solves your issue. Please note that, as stated in the thread below, these steps will most likely have to be executed on every single computer where you are logged in Google Chrome with your Google account, and where the sync feature is enabled.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

If the guide above didn't help you, you can try to manually clean your Google Chrome settings, as to remove the threat Malwarebytes is detecting (the one(s) that keeps coming back). There are three main areas that you can clean: the New Tab page, the Search engine, and the On start-up (start page):

• On the top-right corner of Google Chrome, click on the three little dots, and then click on Settings (or simply access chrome://settings from the navigation/URL bar)
• Under Appearance and Show Home button, make sure that either New Tab page is selected, or that you know and trust the website in the second option (ex: google.com)
  
• Under Search engine, make sure that the Search engine used in the address bar is set to Google or another trusted search engine (such as DuckDuckGo)
  
• Click on the Manage search engines button, and under Default search engines, delete every other options (by clicking on the three little dots on the right, followed by Remove from list) other than Google
  
• You are also free to remove the search engines under Other search engines if wanted
• Once done, go back and under On start-up, make sure that the Open the New Tab page option is selected OR, if the Open a specific page or set of pages option is selected, make sure that only knowns and trusted websites are listed. Otherwise, delete them by clicking on the three little dots on the right and select Remove
  

Another possible solution at the moment, is to add the detected file(s) (either Web Cache, Secure Preferences or both) to Malwarebytes' scan exclusion list, so it won't get detected anymore. For more information on how to proceed, follow the instructions in the support article below.

https://forums.malwarebytes.com/topic/214438-chrome-web-data-pup-wont-go-away/

The two possible files to add are:

C:\Users\$YOUR_USERNAME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
C:\Users\$YOUR_USERNAME\AppData\Local\Google\Chrome\User Data\Default\Web Cache

For instance, the full path for these two files on my system would be:

C:\Users\Aura\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
C:\Users\Aura\AppData\Local\Google\Chrome\User Data\Default\Web Cache

Let me know if any of that worked for you. If it did, let me know which solution worked. If you need assistance with the instructions above, let me know.

 

Edited November 9, 2017 by Aura

[Aura]

Hi amg3,

Are you still with me?

[Aura]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!