Jump to content

35,569 quarantined items - what to do?


Recommended Posts

There are 35,569 items in the quarantine folder.  That can't be right??

This is within the first 15 minutes of using Malwarebytes. Now I don't know what to do about all of those items and have no way of telling if they are really junk files and can be deleted.  I'm worried about what to do about the contents of this folder and if any of the items are important to keep.

Would appreciate guidance.

Link to post
Share on other sites

Malwarebytes doesn't find "junk files," only Malware and PUPs, but clearly 35K+ files is several orders of magnitude more than I can recall anybody reporting here.

I suspect you will need to submit some information that could contain privacy information and would best not be posted here, so I recommend you open a support ticket at Contact Us.

I'd be interested in hearing the solution after you close the ticket.

Link to post
Share on other sites

1 hour ago, stonehopper said:

There are 35,569 items in the quarantine folder.  That can't be right??

This is within the first 15 minutes of using Malwarebytes. Now I don't know what to do about all of those items and have no way of telling if they are really junk files and can be deleted.  I'm worried about what to do about the contents of this folder and if any of the items are important to keep.

Would appreciate guidance.

Are you using an antivirus???   Did your antivirus quarantine something???

Restore several items from Quarantine and check them on VirusTotal.

Link to post
Share on other sites

  • Staff
3 hours ago, stonehopper said:

There are 35,569 items in the quarantine folder.  That can't be right??

Depends on how you're counting them. Are you talking about the number of items in the folder as reported by the Finder, or some other method that actually counts all items in a folder, including items in subfolders?

A lot of the things that are removed by Malwarebytes for Mac are applications - which are really folders in disguise - or folders known to be associated with malicious or junk software. There can be many files inside such folders.

On the other hand, if we're talking about the count of items in the folder as reported by the Finder, that does seem excessive. Can you provide some screenshots of what is found in the quarantine folder? Make a screenshot by following the directions here:

http://support.apple.com/kb/HT5775

Attach the screenshot file, which will be found on the desktop, to a reply to this message.

Link to post
Share on other sites

2 minutes ago, treed said:

Depends on how you're counting them. Are you talking about the number of items in the folder as reported by the Finder, or some other method that actually counts all items in a folder, including items in subfolders?

A lot of the things that are removed by Malwarebytes for Mac are applications - which are really folders in disguise - or folders known to be associated with malicious or junk software. There can be many files inside such folders.

On the other hand, if we're talking about the count of items in the folder as reported by the Finder, that does seem excessive. Can you provide some screenshots of what is found in the quarantine folder? Make a screenshot by following the directions here:

http://support.apple.com/kb/HT5775

Attach the screenshot file, which will be found on the desktop, to a reply to this message.

I got the number from "get info" for the Quarantine Folder for which I attached a screenshot here.

Also attached are 3 screenshot samples from within the Quarantine Folder.

Quarantine Folder info.png

Sample Quaarantine folder 3.png

Sample Quaarantine folder 1.png

Sample Quaarantine folder 2.png

Link to post
Share on other sites

  • Staff

Wow... from the looks of what you've posted, you had an extremely bad VSearch infection! The good news is that it's just adware, not full malware, but definitely make sure you have restarted the computer after removing all that. Also, clear the quarantine, and run another scan to make sure that the infection didn't try to re-create itself during the removal process. (Some variants of VSearch try to do that.)

Link to post
Share on other sites

1 minute ago, treed said:

Wow... from the looks of what you've posted, you had an extremely bad VSearch infection! The good news is that it's just adware, not full malware, but definitely make sure you have restarted the computer after removing all that. Also, clear the quarantine, and run another scan to make sure that the infection didn't try to re-create itself during the removal process. (Some variants of VSearch try to do that.)

Yes, I've been having a terrible time with with all kinds of pop ups, Walmart offer taking over my email page, getting computer freezes every 15-20 minutes, etc.  Have been researching for days and then researching Malwarebytes.  I was afraid to download it too not trusting anything. I finally came across some of your writings and decided to take the leap. 

So thank you very much for this help.

MBAB has prompted me several times for a restart, which I did.  I was hesitant to clear the Q folder due to the info I read about some files that go into the Q folder that are not malicious but have been affected in some way by the bad guys.

Am going ahead with your instructions.

If I may ask another question about the settings preferences.  I'm confused about the 2 options at the bottom. The default has "ignore PUPs" turned off and "Quarantine Malware Automatically" turned on.  I felt that I didn't want to ignore the PUPs and I would rather have the Malware deleted than quarantined.  What is your advice on that?

Settings Prefernces.png

Link to post
Share on other sites

  • Staff

Malwarebytes for Mac has an extremely low incidence of false positives, due to the way its engine works. (Knock on wood... hope I didn't just jinx it! :D) Although it's always a good idea to inspect the contents of quarantine before deleting, it's not often necessary. Also, note that we don't detect legitimate files that may have been modified... like browser settings files, for example. I'd go ahead and clear it.

For the scheduled scans, the default should actually be the opposite of what's shown in your screenshot, and I'd recommending changing that. PUPs are "potentially unwanted programs," and I recommend having that setting unchecked. I also recommend having threats quarantined automatically, although if you prefer to see what's been detected before removing it, it would be reasonable to turn that one off.

Link to post
Share on other sites

34 minutes ago, treed said:

Malwarebytes for Mac has an extremely low incidence of false positives, due to the way its engine works. (Knock on wood... hope I didn't just jinx it! :D) Although it's always a good idea to inspect the contents of quarantine before deleting, it's not often necessary. Also, note that we don't detect legitimate files that may have been modified... like browser settings files, for example. I'd go ahead and clear it.

For the scheduled scans, the default should actually be the opposite of what's shown in your screenshot, and I'd recommending changing that. PUPs are "potentially unwanted programs," and I recommend having that setting unchecked. I also recommend having threats quarantined automatically, although if you prefer to see what's been detected before removing it, it would be reasonable to turn that one off.

Thanks.  All good to know. This is all new territory for me.  I signed up for your Malwarebytes Lab newsletter.

The cleansing seems to have worked.  I've been working for about 2 hours with our a screen or mouse hang.  Even did some Photoshop work without any hangs. I cleared the Q folder, rescanned.  Did another scan and then a scheduled scan kicked in.  Got 71 items in the Q folder. So will repeat the process.

Re the preference settings - I changed the options for the reasons I mentioned. I'll turn the PUPs off as per your suggestion.  May I ask why this is suggested?  Seems to me that I would not want to ignore the PUPs.

Thanks so very much for your speedy help. 

Link to post
Share on other sites

5 hours ago, alvarnell said:

Malwarebytes doesn't find "junk files," only Malware and PUPs, but clearly 35K+ files is several orders of magnitude more than I can recall anybody reporting here.

I suspect you will need to submit some information that could contain privacy information and would best not be posted here, so I recommend you open a support ticket at Contact Us.

I'd be interested in hearing the solution after you close the ticket.

Got great help from Thomas Reed.  You can see the results above. Thank you for your interest.

Link to post
Share on other sites

  • Staff
48 minutes ago, stonehopper said:

Did another scan and then a scheduled scan kicked in.  Got 71 items in the Q folder. So will repeat the process.

Re the preference settings - I changed the options for the reasons I mentioned. I'll turn the PUPs off as per your suggestion.  May I ask why this is suggested?  Seems to me that I would not want to ignore the PUPs.

I've seen cases where VSearch required a few rounds of cleaning to fully remove, because it kept recreating files as they were removed. But after scanning, removing and restarting a time or two, it should all get cleared out. Let me know if that's not the case.

For the PUPs, actually, checking that box tells the software to ignore PUPs... so turning that setting on means to stop detecting PUPs. You definitely want it unchecked rather than checked.

Link to post
Share on other sites

1 hour ago, treed said:

I've seen cases where VSearch required a few rounds of cleaning to fully remove, because it kept recreating files as they were removed. But after scanning, removing and restarting a time or two, it should all get cleared out. Let me know if that's not the case.

For the PUPs, actually, checking that box tells the software to ignore PUPs... so turning that setting on means to stop detecting PUPs. You definitely want it unchecked rather than checked.

Got it.

A scan was performed every hour since I installed.  I deleted additional items 2 times since i first cleared the folder.  At present it is empty. How do I know which item in the Q folder were created by Search?  I'll keep watch.  

I'm so pleased my computer is running smoothly again.

 

Link to post
Share on other sites

  • Staff

At this point, I'd consider everything new that's getting created there to be related to VSearch, until you get to a point where you can scan following a restart and come back clean.

After that, if you get further infections, it's from a different source. Be sure to be cautious about what you download and install on your Mac, as all this stuff at present relies on tricking you into opening something you shouldn't in order to get installed. And adware has gotten to be very good at that!

Link to post
Share on other sites

On 9/26/2018 at 4:48 PM, treed said:

At this point, I'd consider everything new that's getting created there to be related to VSearch, until you get to a point where you can scan following a restart and come back clean.

After that, if you get further infections, it's from a different source. Be sure to be cautious about what you download and install on your Mac, as all this stuff at present relies on tricking you into opening something you shouldn't in order to get installed. And adware has gotten to be very good at that!

I'm pretty sure there were some infections before, but the real trouble began a couple of weeks ago when I updated one of my programs and, yes, quickly clicked through it without  reading everyone. The screen hangs began then and the TimeWarner Walmart gift card ad took over my email page over and over. I also visited a site to view a movie and it began to pour downloads like rain into my download folder.  Couldn't stop it and had to do a force quit. Then deleted what must have been over a hundred downloads (didn't open any).

So here is the update on my scans and quarantines.  The scans are set for every hour. After a bit of delay, the quarantine folder routinely has items that number in the seventies.  I delete the contents each time.  Is this what I should be expecting as routine? attached is the most recent view of my quarantine folder.

Also wondering if I should acquire some antivirus software in addition to MBAB?

Quarantine Screen Shot 2018-09-28 at 12.44.15 PM.png

Link to post
Share on other sites

What browser or browsers are you using? It looks like you might have a "sync" function turned on that is simply re-installing those same infections every time MBAM moves them to quarantine.

Link to post
Share on other sites

System Preferences->iCloud disable Safari.

If you have any other Mac or iDevice that uses the same AppleID, do same for them. 

Clean up any other Mac with MBAM before re-enabling these settings.

Link to post
Share on other sites

Just to make sure...

  • An iCloud account is not the same as using the iCloud Drive.
  • If you entered an Apple ID when you first started your Mac, then your iCloud account was setup for you.
  • If you have a email account that ends in .mac, .me or .icloud then you have an iCloud account.

I haven't kept up on current variants of the VSearch adware, so I'm unaware of what it is using to reinstall itself these days, but a couple of other places to look:

  • System Preferences->Profiles. If you have such a preference pane, what are the names of any profiles installed there (most users will never have any).
  • System Preferences->Users & Groups->Login Items tab. Do you recognize all of the apps that are listed there that are started each time you login? If not, what are they?

There are several other possible places where a startup process could be accomplishing this re-installation, but best that the Malwarebytes staff gather that information from you outside of this Forum. That will require you to open up a support ticket as I suggested in my post #2, if you haven't already done so.

Link to post
Share on other sites

1 hour ago, alvarnell said:

Just to make sure...

  • An iCloud account is not the same as using the iCloud Drive.
  • If you entered an Apple ID when you first started your Mac, then your iCloud account was setup for you.
  • If you have a email account that ends in .mac, .me or .icloud then you have an iCloud account.

I haven't kept up on current variants of the VSearch adware, so I'm unaware of what it is using to reinstall itself these days, but a couple of other places to look:

  • System Preferences->Profiles. If you have such a preference pane, what are the names of any profiles installed there (most users will never have any).
  • System Preferences->Users & Groups->Login Items tab. Do you recognize all of the apps that are listed there that are started each time you login? If not, what are they?

There are several other possible places where a startup process could be accomplishing this re-installation, but best that the Malwarebytes staff gather that information from you outside of this Forum. That will require you to open up a support ticket as I suggested in my post #2, if you haven't already done so.

Thank you very much for your input. I did look into the system preferences before i started using Malwarebytes.

And I do have staff working with me on this. It is somewhat resolved but some things are not being picked up so the support is still in progress.

Thanks once again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.