Jump to content
vitamin

PUP.Optional.MySearchDial - What is it?

Recommended Posts

Hey all,

On two computers today with Malwarebytes installed, I received a potential threat and decided to quarantine.

I looked in Chrome settings and Windows Control Panel, and nothing of the sort (MySearchDial) exists.

The location is:

  • AppData\Local\Google\Chrome\User Data\Default\Web Data
  • AppData\Local\Google\Chrome\User Data\Default\SynceData.sqlite3

Any ideas on where this would come from?

-Thanks

 

 

malwareBytes2.png

Share this post


Link to post
Share on other sites
Posted (edited)

Hello,

It looks like a legit detection, MalwareBytes can detect and remove Chrome settings hijacked by adware which are stored inside files you can see on the image above. If you could export the scan report that would help confirming it is a legit detection.

Edited by TwinHeadedEagle

Share this post


Link to post
Share on other sites

Thanks for looking...following is the export.

The scan came back positive again this morning.   

Odd thing is, when I Quarantine, the Chrome browser closes.

 

-Log Details-
Scan Date: 4/5/19
Scan Time: 7:39 AM
Log File: 34761762-57a8-11e9-ac62-000000000000.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10016
License: Premium

-System Information-
OS: Windows 10 (Build 17134.648)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 284764
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 3 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.MySearchDial, C:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [128], [663899],1.0.10016
PUP.Optional.MySearchDial, C:\USERS\\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [128], [663899],1.0.10016
PUP.Optional.MySearchDial, C:\USERS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [128], [663899],1.0.10016

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

Sorry for delayed answer. Yes, it looks like a valid detection. I'll need some more logs to see what is the problem and why it keeps coming back.

I need MalwareBytes support tool logs: https://support.malwarebytes.com/docs/DOC-2387

When you open the tool, click Advanced and then Gather logs.

When it is done, you'll find a zipped archive on your desktop. Attach it in your next reply.

 

Share this post


Link to post
Share on other sites

Upon further thought, I can uninstall and re-install Chrome if you think best.  I'll wait to hear back from you.

Share this post


Link to post
Share on other sites
Posted (edited)

Thank you. I've spotted a problem and we're investigating it. I'll come back to you later today with findings.

Edited by TwinHeadedEagle

Share this post


Link to post
Share on other sites

I got google chrome synced up with 3 PCS and 2 android devices.  I also get this, I keep removing it, but it keeps coming back. It only shows up on the PC devices and not the android devices. Please any help would be useful.

Share this post


Link to post
Share on other sites
Posted (edited)

@vitamin @Jumpercable

Let's try this (in this order please):

1. Enable event data logging in MalwareBytes settings, see image below:

picture.png.2fb3eb2c587f20e689ef57b451951e70.png

 

2. Run one more scan and try to quarantine when MalwareBytes finds this detection.

3. Download the archive below:

Chrome_Analyzer.zip

Unpack it and then right click on analyze.bat and choose Run as Administrator

When it is done, you'll find analysis.txt in the same folder. Attach it in your next reply.

4. Run MalwareBytes support tool like you did before and attach fresh logs.

 

Thank you!

Edited by TwinHeadedEagle

Share this post


Link to post
Share on other sites

Hello, I am not able to get rid of mysearchdial pup.  I have had this for several days and I keep doing quarantine and delete but it seems to come back every time I open Chrome.  Will uninstalling Chrome and reinstalling it help?    I have done a reset on the chrome settings , but there are still 2 files that have this pup.  How can I get rid of this?

thank you!

Share this post


Link to post
Share on other sites

The chrome analyzer says its unavailable.

 

Also, The only way i saw to get rid of it was not using the google sync anymore and doing another full scan of malwarebytes.

Share this post


Link to post
Share on other sites

What is the name of the chrome analyzer tool.  I have been looking online for it but there seems to be several different ones.   Your link does not work.  

Share this post


Link to post
Share on other sites

Were you able to get rid of mysearchdial pup yet?   I got rid of one of the two, but I still have one that won't go away.   For the one that I finally got rid of, I changed a few settings in chrome and then ran adwcleaner.  So I don't know which of these two things that I did that got rid of it.   

Share this post


Link to post
Share on other sites

here is what it says:

Sorry, there is a problem

This attachment is not available. It may have been removed or the person who shared it may not have permission to share it to this location.
Error code: 2C171/1

 

Share this post


Link to post
Share on other sites
9 hours ago, TwinHeadedEagle said:

@vitamin @Jumpercable

Let's try this (in this order please):

1. Enable event data logging in MalwareBytes settings, see image below:

picture.png.2fb3eb2c587f20e689ef57b451951e70.png

 

2. Run one more scan and try to quarantine when MalwareBytes finds this detection.

3. Download the archive below:

Chrome_Analyzer.zipUnavailable

Unpack it and then right click on analyze.bat and choose Run as Administrator

When it is done, you'll find analysis.txt in the same folder. Attach it in your next reply.

4. Run MalwareBytes support tool like you did before and attach fresh logs.

 

Thank you!

Hey @TwinHeadedEagle, the Chrome_Analyzer.zip shows unavailable so I can't accomplish step 3.

Share this post


Link to post
Share on other sites

I need you to do it one more time, but make sure to follow the instructions exactly as I tell you.

 

1. Let Chrome stay open.

2. Run MalwareBytes and make a scan. When mysearchdial is detected quarantine it. Do not open Chrome, MalwareBytes should close it doing a quarantine process.

3. Run Chrome analyzer script after a scan making sure you do not open chrome and attach analysis.txt

 

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.