PUP.Optional.MySearchDial - What is it?

[vitamin]

Hey all,

On two computers today with Malwarebytes installed, I received a potential threat and decided to quarantine.

I looked in Chrome settings and Windows Control Panel, and nothing of the sort (MySearchDial) exists.

The location is:

• AppData\Local\Google\Chrome\User Data\Default\Web Data
• AppData\Local\Google\Chrome\User Data\Default\SynceData.sqlite3

Any ideas on where this would come from?

-Thanks

 

 

[TwinHeadedEagle]

Hello,

It looks like a legit detection, MalwareBytes can detect and remove Chrome settings hijacked by adware which are stored inside files you can see on the image above. If you could export the scan report that would help confirming it is a legit detection.

Edited April 5, 2019 by TwinHeadedEagle

[vitamin]

Thanks for looking...following is the export.

The scan came back positive again this morning.   

Odd thing is, when I Quarantine, the Chrome browser closes.

 

-Log Details-
Scan Date: 4/5/19
Scan Time: 7:39 AM
Log File: 34761762-57a8-11e9-ac62-000000000000.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10016
License: Premium

-System Information-
OS: Windows 10 (Build 17134.648)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 284764
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 3 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.MySearchDial, C:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [128], [663899],1.0.10016
PUP.Optional.MySearchDial, C:\USERS\\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [128], [663899],1.0.10016
PUP.Optional.MySearchDial, C:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [128], [663899],1.0.10016

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[vitamin]

Anyone?  @TwinHeadedEagle  ?

I get this every morning.

[TwinHeadedEagle]

Sorry for delayed answer. Yes, it looks like a valid detection. I'll need some more logs to see what is the problem and why it keeps coming back.

I need MalwareBytes support tool logs: https://support.malwarebytes.com/docs/DOC-2387

When you open the tool, click Advanced and then Gather logs.

When it is done, you'll find a zipped archive on your desktop. Attach it in your next reply.

 

[vitamin]

Thanks @TwinHeadedEagle ....  I really appreciate it; The zip is attached.

Odd that it's coming from Chrome and happening when I open the browser every morning.

-Paul

mbst-grab-results.zip

[vitamin]

Upon further thought, I can uninstall and re-install Chrome if you think best.  I'll wait to hear back from you.

[TwinHeadedEagle]

Thank you. I've spotted a problem and we're investigating it. I'll come back to you later today with findings.

Edited April 11, 2019 by TwinHeadedEagle

[Jumpercable]

I got google chrome synced up with 3 PCS and 2 android devices.  I also get this, I keep removing it, but it keeps coming back. It only shows up on the PC devices and not the android devices. Please any help would be useful.

[TwinHeadedEagle]

@vitamin @Jumpercable

Let's try this (in this order please):

1. Enable event data logging in MalwareBytes settings, see image below:

 

2. Run one more scan and try to quarantine when MalwareBytes finds this detection.

3. Download the archive below:

Chrome_Analyzer.zip

Unpack it and then right click on analyze.bat and choose Run as Administrator

When it is done, you'll find analysis.txt in the same folder. Attach it in your next reply.

4. Run MalwareBytes support tool like you did before and attach fresh logs.

 

Thank you!

Edited April 12, 2019 by TwinHeadedEagle

[Marco1114]

Hello, I am not able to get rid of mysearchdial pup.  I have had this for several days and I keep doing quarantine and delete but it seems to come back every time I open Chrome.  Will uninstalling Chrome and reinstalling it help?    I have done a reset on the chrome settings , but there are still 2 files that have this pup.  How can I get rid of this?

thank you!

[TwinHeadedEagle]

@Marco1114

Can you follow the steps above?

[Jumpercable]

The chrome analyzer says its unavailable.

 

Also, The only way i saw to get rid of it was not using the google sync anymore and doing another full scan of malwarebytes.

[Marco1114]

What is the name of the chrome analyzer tool.  I have been looking online for it but there seems to be several different ones.   Your link does not work.  

[TwinHeadedEagle]

That is a custom made script with some System Internals tools. There's no tool under such name, it is just a folder name.

[Jumpercable]

Your chrome analyzer is a broken link. You have to fix that.

[Marco1114]

Were you able to get rid of mysearchdial pup yet?   I got rid of one of the two, but I still have one that won't go away.   For the one that I finally got rid of, I changed a few settings in chrome and then ran adwcleaner.  So I don't know which of these two things that I did that got rid of it.   

[TwinHeadedEagle]

@Jumpercable Download works fine for me.

[Marco1114]

I just tried it again and it still does not work for me either.

[Marco1114]

here is what it says:

Sorry, there is a problem

This attachment is not available. It may have been removed or the person who shared it may not have permission to share it to this location.
Error code: 2C171/1

 

[vitamin]

9 hours ago, TwinHeadedEagle said:

@vitamin @Jumpercable

Let's try this (in this order please):

1. Enable event data logging in MalwareBytes settings, see image below:

 

2. Run one more scan and try to quarantine when MalwareBytes finds this detection.

3. Download the archive below:

Chrome_Analyzer.zipUnavailable

Unpack it and then right click on analyze.bat and choose Run as Administrator

When it is done, you'll find analysis.txt in the same folder. Attach it in your next reply.

4. Run MalwareBytes support tool like you did before and attach fresh logs.

 

Thank you!

Hey @TwinHeadedEagle, the Chrome_Analyzer.zip shows unavailable so I can't accomplish step 3.

[TwinHeadedEagle]

Can you try with this link?

https://malwarebytes.app.box.com/s/06spq2584z4xnyy68ekdjuc73fvcgbwj

[vitamin]

That link worked...thanks @TwinHeadedEagle.

Attached is the analysis.txt

 

analysis.txt

[Jumpercable]

Attached is the analysis and the mbst-grab-results.

mbst-grab-results.zip analysis.txt

[TwinHeadedEagle]

I need you to do it one more time, but make sure to follow the instructions exactly as I tell you.

 

1. Let Chrome stay open.

2. Run MalwareBytes and make a scan. When mysearchdial is detected quarantine it. Do not open Chrome, MalwareBytes should close it doing a quarantine process.

3. Run Chrome analyzer script after a scan making sure you do not open chrome and attach analysis.txt

 

Thanks!