Jump to content
DigiBandit

Malwarebytes vs Google Chrome

Recommended Posts

Not sure why but Malwarebytes is closing Google Chrome to clean up a PUP in my Chrome/User Data folder. This is happening at every scan (which I have run multiple times a day) and takes my workflow and shoots it in the face. 

Not sure what this pup is from (Extension, Theme File, Etc) nor if I can/how to/should I make an exception for this. 

Thanks :3

mb-check-results.zip

omgsthap.txt

Share this post


Link to post
Share on other sites

DigiBandit

All my PC's with Chrome have had the issue you've described.  I did a full uninstall of Chrome, manually removed all references from the registry, hidden folders, etc. Ran Malwarebytes Threat and viola - no more PUP.Optional.Softsonic 

Rebooted & reinstalled Chrome and the error immediately came back. Personally, I think it's something being included in the new versions of Chrome meant to be an advert bar or hook. Just my opinion...

For the time being I'm using Firefox or Edge as hardware dictates. Unless this is a False Positive I'm thinking it's an advert hook

MisterWeather 

Share this post


Link to post
Share on other sites

If a File Handle is held open by an application it can't be removed.  Thus it is best to close that application so that File Handle is no longer held open and the file(s) can then be removed.

Share this post


Link to post
Share on other sites

Hi guys :)

Can both of you .zip this file, and PM me it?

%LocalAppData%\Google\Chrome\User Data\Default\Web Data

 

Share this post


Link to post
Share on other sites
6 minutes ago, Aura said:

Hi guys :)

Can both of you .zip this file, and PM me it?


%LocalAppData%\Google\Chrome\User Data\Default\Web Data

 

There's just a bit too much personal and professional information in that database file to share. If you have an alternative method to whatever your looking for please let me know and i'll assist as much as i can :)

Share this post


Link to post
Share on other sites
3 minutes ago, Aura said:

It's all good, no worries. In that case, follow the instructions in the thread below. It should solves your issue.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

 

That's quite the "resolution," in effect I would need to sign out and disable Chrome Sync over my 17 devices, fully close down Google Chrome, Clean with MalwareBytes, pray that fixes the problem then go and set up all the devices for Sync Again. 

To clarify is this a false positive, something that can be ignored/excepted etc or is this some synced extension/tool/search setting that can simply be removed etc. 

Thanks again, 

Share this post


Link to post
Share on other sites
Quote

To clarify is this a false positive, something that can be ignored/excepted etc or is this some synced extension/tool/search setting that can simply be removed etc. 
 

This isn't a false positive. You can add that file (Web Data) to Malwarebytes' exclusion list, but it won't remove the threat, nor it is recommended. And it is a Google Chrome setting (home page, search engine, etc.) that is flagged and removed correctly by Malwarebytes, but Google Chrome sync feature keeps on adding it back to the Web Data file. Try to follow these instructions on your main computer. If you manually remove a setting from Google Chrome, the change should be sync'd to all your other devices where you are logged in Chrome.

Share this post


Link to post
Share on other sites
Just now, Aura said:

This isn't a false positive. You can add that file (Web Data) to Malwarebytes' exclusion list, but it won't remove the threat, nor it is recommended. And it is a Google Chrome setting (home page, search engine, etc.) that is flagged and removed correctly by Malwarebytes, but Google Chrome sync feature keeps on adding it back to the Web Data file. Try to follow these instructions on your main computer.

 

Ok, thanks for clearing that bit up. In response to the:

Quote

If you manually remove a setting from Google Chrome, the change should be sync'd to all your other devices where you are logged in Chrome.

1

When cleaning with MalwareBytes what is telling Google Chrome Sync to update the Web Data file across my devices. I only ask to reduce the back-and-forth of the suggested resolution.

Thanks again!

Share this post


Link to post
Share on other sites
Quote

When cleaning with MalwareBytes what is telling Google Chrome Sync to update the Web Data file across my devices. I only ask to reduce the back-and-forth of the suggested resolution.
 

If your Google Chrome sync is enabled, it'll upload it to the cloud automatically.

Share this post


Link to post
Share on other sites
15 hours ago, Aura said:

It's all good, no worries. In that case, follow the instructions in the thread below. It should solves your issue.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

 

Aura

I'd already deleted the files, folders etc. I only have the Malwarebytes logfile. I've looked at your suggested fix and will try it as soon as practical, and report back. I still have a Win10 Insider Box that has Chrome and is exhibiting this issue as well.

MisterWeather

Share this post


Link to post
Share on other sites

I received your .zip, thank you. Now, following the instructions in the thread I linked should solve your issue.

Share this post


Link to post
Share on other sites

Hi MisterWeather :)

So, did it do the trick?

Share this post


Link to post
Share on other sites

Aura

So far so good, yes. There is one box that, even after following your instructions tested positive for  PUP.Optional.Softonic A little research on my end shows Softonic is the author of, or clearing house for, some popular software; one I had installed - VLC which is available as a Desktop or Win10 app

I've uninstalled VLC and will see if the next cleaning is good.

Will keep you posted..

MisterWeather

Share this post


Link to post
Share on other sites

Was the detection for Softonic still in the Web Data file?

Share this post


Link to post
Share on other sites

It looks Like I'd sent the file after the scan & quarantine. I do have a file (attached) the Web Data from the laptop that keeps showing positive, this one for PUP.Optional.Conduit

I'll see if the .Softonic infection shows back up with the scan that is set to run soon.

Web Data.zip

Share this post


Link to post
Share on other sites

Hi MisterWeather,

So, is Malwarebytes still detecting a threat?

Share this post


Link to post
Share on other sites

Yes,

Malwarebytes is flagging a PUP.Optional.Conduit in the last Laptop I'd synced. Google Chrome is gone and so if the PUP. I'm using Firefox now.

MisterWeather

Share this post


Link to post
Share on other sites

Alright :) Since your issue has been solved, I'll be closing this thread now.

Stay safe!

Share this post


Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.