MB Quarantine and related woes

[Hawke]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/20/19
Protection Event Time: 2:06 PM
Log File: ea42d5fa-4b3a-11e9-9289-f8b156db2181.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.9770
License: Premium

-System Information-
OS: Windows 10 (Build 17763.379)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
PUP.Optional.SysTweak, C:\Users\.......\Temp\is-UML9F.tmp\dfpsetup.exe.tmp, Quarantined, [1486], [115211],1.0.9770

(end)

------------------------------------------------------------------------------------------------------

So I do a restore; the program is no longer seen under "quarantine"

 

yet I am not able to install the program

 

is this intended?

 

and why is this widely used program a PUP?

 

and BTW if I am reading the Quarantine Log and do export to text file .. I get the idiot nag that the file, I am trying to save , does not exist.

 

Duh. Really ?

 

 

did u intend to program "Save-As" ? because "Save" is broken.

I am new to MB.

Is it all like this?

Am I accidentally in an Alpha testing Line?

would someone care to explain why a fairly wide used photograph duplicate finder is banned by u ?

 

 

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

1. Download Malwarebytes Support Tool
2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
3. Double-click mb-support-X.X.X.XXXX.exe to run the program
   • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
4. Place a checkmark next to Accept License Agreement and click Next
5. You will be presented with a page stating, "Get Started!"
6. Click the Advanced tab
   
    
7. Click the Gather Logs button
   
    
8. A progress bar will appear and the program will proceed with getting logs from your computer
   
    
9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
   
    
10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
       

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[exile360]

Greetings,

I found the information located here regarding the detection of Systweak, however that may be a different application from the one you mentioned so it may indeed be a false positive.

If you do believe this detection to be a false positive then please review the information in this pinned topic as well as this pinned topic and create a new post in the false positives area by clicking here and including the requested information in your post so that the Research team may investigate, respond and take any necessary action to correct the issue if it is a false positive.

If the item is no longer located under the Quarantine tab and you are attempting to reinstall it, then you may do any of the following to do so:

OPTION 1: Temporarily disable protection and install the program, then create exclusions:

• First, right-click on the Malwarebytes tray icon and click on Malware Protection: On and click Yes if prompted by User Account Control to temporarily disable Malware Protection to prevent the program's installer from being detected
• Install the program
• Open Malwarebytes and click the Scan Now button located on the Dashboard tab to perform a Threat scan and allow it to complete
• Once the scan completes, if any of the program in question's files, folders and/or registry entries have been detected, click the checkbox at the top of the list of detections to clear all of them and click Next
• When prompted, select the option to always ignore the remaining items from the scan and they will be added to your Exclusions (you can verify this by visiting the Exclusions tab under Settings)
  

OPTION 2: Manually exclude the program's installer and then create exclusions:

• Download the program in question again, but do not attempt to launch its installer yet
• Open Malwarebytes and navigate to Settings>Exclusions and click Add Exclusion
• Leave the Exclude a File or Folder option selected and click Next
• Click on the Select Files... button and navigate to the location where you saved the program's installer (most likely your Downloads folder by default for most web browsers) and double-click the file to select it then click OK
• Install the application and then exclude its folders/files by using the Threat scan mentioned above in OPTION 1 or you may do so manually (though be aware that some items may not be excluded and may still be detected by a future scan, especially registry items and program shortcuts so the scan method is recommended)
  

You may also change how Malwarebytes handles detections in the future.  If you would prefer that Malwarebytes not detect PUPs or prompt you on how to handle them when they are detected then you may open Malwarebytes and navigate to Settings>Protection and under the Potential Threat Protection section, use the first drop-down menu to change how Malwarebytes handles Potentially Unwanted Programs.  Warn User will have the program prompt you with an alert and options to quarantine, ignore once, or ignore always (exclude) any PUPs that are detected by real-time protection and they will be unchecked/not quarantined by default for scans (including both manual and scheduled scans), and Ignore Detections will have Malwarebytes refrain from detecting anything classified as PUP in the future by both scans and real-time protection.

You may also change how Malwarebytes handles all detections by its real-time protection, including both PUPs as well as items detected as actual threats so that it prompts you on how to handle them.  To accomplish this, open Malwarebytes and navigate to Settings>Protection and under Automatic Quarantine toggle the option to Off and from now on you will receive an alert notifying you when a threat (or PUP) has been detected by real-time protection and you will have the option to quarantine the detected item as normal, allow the item to execute once, or to ignore the item always which will add it to your exclusions (similar to the option mentioned above for PUPs).

If there is anything else we might assist you with please let us know.

Thanks

[Hawke]

 

 

Wow!, exile360, super comprehensive and useful,  understandable, reply!

hats off to you

The results on my end were however comical and I'll add just a couple screenshots.

 

The 'Cliffs  Notes'  version:  I use Revo Uninstaller-Pro.

 

After the latest MB Quarantine of the slimy addition they bundle , the ostensible Reg Cleaner, I decided to un-install using Revo ... this despite that I had done the Restart after Quarantine

Well, Revo found hundreds if not thousands of tendrils from the addition they bundled.

So, while many users have found their program to find dupe photos on my iPhone or Windows, many may not realise that that company includes "surprises"

 

I have an email to them, but then .... why would they refund? Why would they just give me a copy of Dupe-Foto-Fixer w/o the spyware?

 

again, to Exile360, thanks for the exquisitely detailed reply that me-the-newbie could follow.

 

QED

 

 

[exile360]

Ugh, yes, I hate it when companies do things like that, especially when you've actually paid for the software.  It's like paying for the privilege to have PUPs installed/be advertised to.  It's at least somewhat understandable (though not excusable or really acceptable in my opinion) when 'free' software bundles in such additional 'gifts' as a means of generating revenue from their free products, but when they do so with their paid offerings that's just messed up.  You paid for the thing once, why should you have to pay again by (potentially) harming your system's performance, risking your security/privacy etc. (depending on what they're bundling, of course), and even have to deal with any of this additional junk taking up space on your drive when you already handed them money?

I guess that explains why Malwarebytes detected it, and I suppose Revo is the variable in the mix that caused things with Malwarebytes to go awry (not that there's anything wrong with Revo; it's quite a handy tool, though obviously some caution is required when using it just in case it wants to remove anything not directly related to the software you're attempting to uninstall which does happen, though not too terribly often in my experience thankfully).

Anyway, if there is anything else that we can help with just let us know, and good luck with seeking your refund.  Hopefully they won't give you a hard time about it or make you jump through too many hoops to get it done, but if they do, as long as you paid via PayPal, credit card or ATM/debit you should be able to contact your bank/card issuer/PayPal to have the transaction charged back/refunded to you, particularly if you explain the situation as I'm sure they'd agree that this is not acceptable behavior considering you paid for the thing and all and didn't ask for this bundled registry cleaner to 'enhance' your experience.

By the way, in case you're curious as to why Malwarebytes may have detected it (aside from it being a bundled app, obviously, which is typical PUP behavior), they also aren't great fans of registry cleaners as expressed in this Malwarebytes blog article.  That particular article is actually the first part of a 3 part series on PUPs.  The second, which deals with driver updaters can be found here and part 3 which is more focused on PUPs in general and the practice of 'bundling' (very much like the situation you yourself encountered) here.  Those articles give great insight into the mindset of Malwarebytes' Researchers, and the company as a whole with regards to their aggressive policies against PUPs and why they are so zealous about it.  In my opinion it really is just another shady way for companies (as well as actual malware authors in some cases, as they'll use malware to install PUPs to generate revenue as affiliates/resellers) to turn a profit at the expense of users' systems.

[Hawke]

roger the 'blog article'... reading now ..

 

btw, is it fairly easy for one to search as u did, in the future , for me?

Would make it simpler if I could get public, or registered owner, access to be able to look up this type MB "Report" in the future.

 

[exile360]

Absolutely

Just search for any threat by name (as identified by Malwarebytes in your scan/protection log or the UI from the detection) here and there are tons more useful resources accessible from the Malwarebytes homepage (malwarebytes.com) under the Resources menu (that's where that little gem I linked to was located along with the blog that I pulled those articles from).  If you ever want to kill about a good solid week or two just reading about security, threats, scams, privacy and all sorts of other techie goodness it's a great place to dive into to learn.  They also update the blog regularly with the latest security news about scams, data breaches, threats/infections as well as many of the various goings-on at Malwarebytes.

Edited March 21, 2019 by exile360