Jump to content
JaskaTheK9

Possible false positive "PUP.Optional.SearchBoxDS"

Recommended Posts

Hello, I suspect the following to be false positive:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.3.0
# -------------------------------
# Build:    03-03-2020
# Database: 2020-03-09.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-09-2020
# Duration: 00:00:13
# OS:       Windows 10 Home
# Scanned:  32042
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SearchBoxDS        HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [146416 octets] - [18/09/2019 05:09:44]
AdwCleaner[S00].txt - [1388 octets] - [18/09/2019 05:10:11]
AdwCleaner[S01].txt - [1450 octets] - [30/09/2019 03:18:52]
AdwCleaner[S02].txt - [1511 octets] - [03/10/2019 06:03:23]
AdwCleaner[S03].txt - [1572 octets] - [06/10/2019 06:09:29]
AdwCleaner[S04].txt - [1633 octets] - [08/10/2019 02:49:48]
AdwCleaner[S05].txt - [1694 octets] - [09/10/2019 05:33:49]
AdwCleaner[S06].txt - [1755 octets] - [11/10/2019 09:41:23]
AdwCleaner[S07].txt - [1816 octets] - [12/10/2019 02:59:05]
AdwCleaner[S08].txt - [1877 octets] - [15/10/2019 03:10:07]
AdwCleaner[S09].txt - [1938 octets] - [15/10/2019 03:10:44]
AdwCleaner[S10].txt - [1999 octets] - [16/10/2019 04:13:38]
AdwCleaner[S11].txt - [2119 octets] - [17/10/2019 06:04:33]
AdwCleaner[S12].txt - [2180 octets] - [17/10/2019 06:07:19]
AdwCleaner[S13].txt - [2241 octets] - [17/10/2019 06:08:42]
AdwCleaner[S14].txt - [2302 octets] - [18/10/2019 04:42:29]
AdwCleaner[S15].txt - [2364 octets] - [19/10/2019 02:51:28]
AdwCleaner[S16].txt - [2425 octets] - [20/10/2019 06:11:40]
AdwCleaner[S17].txt - [2486 octets] - [25/10/2019 23:24:20]
AdwCleaner[S18].txt - [2547 octets] - [27/10/2019 07:32:14]
AdwCleaner[S19].txt - [2608 octets] - [02/11/2019 04:24:01]
AdwCleaner[S20].txt - [2669 octets] - [09/11/2019 03:20:32]
AdwCleaner[S21].txt - [2730 octets] - [27/11/2019 18:50:59]
AdwCleaner[S22].txt - [2791 octets] - [12/12/2019 06:00:07]
AdwCleaner[S23].txt - [2852 octets] - [27/12/2019 21:45:03]
AdwCleaner[S24].txt - [2913 octets] - [03/01/2020 22:34:04]
AdwCleaner[S25].txt - [2915 octets] - [10/01/2020 22:33:02]
AdwCleaner[S26].txt - [2976 octets] - [14/01/2020 06:35:53]
AdwCleaner[S27].txt - [3037 octets] - [26/01/2020 10:44:40]
AdwCleaner[S28].txt - [3178 octets] - [16/02/2020 16:32:07]
AdwCleaner[S29].txt - [3239 octets] - [28/02/2020 00:23:54]
AdwCleaner[S30].txt - [3389 octets] - [09/03/2020 21:40:10]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S31].txt ##########
 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the AdwCleaner Help forum.
In order to help us assist you to resolve your issue, please post or attach your latest AdwCleaner log files with your post. https://support.malwarebytes.com/hc/en-us/articles/360039021593

Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue:

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

 

 

 

notify me.jpeg

mbst_advanced_gather_logs.jpg

mbst_get_started.jpg

mbst_getting_logs.jpg

mbst_log_saved_desktop.jpg

Share this post


Link to post
Share on other sites

yes I confirm I have the same with Adwcleaner 8.0.3

 

**** [ Registry ] *****

PUP.Optional.SearchBoxDS        HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.SearchBoxDS        HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEEEC168-AD1A-46A8-B6B2-942A5F0430E6}

 

I don t use internet explorer I think it s a false positive

Share this post


Link to post
Share on other sites

I also have the same exact registry key returning as a PUP in adwcleaner's scan results. It would be nice to know if this 

should be quarantined?

Share this post


Link to post
Share on other sites

I ran a full MBAM scan, but not counting what AdwCleaner found and quarantined it came out clean, and I don't use the affected browser. Are we sure this is it?
My own log for good measure:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.3.0
# -------------------------------
# Build:    03-02-2020
# Database: 2020-03-09.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-09-2020
# Duration: 00:00:45
# OS:       Windows 7 Home Premium
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Deleted       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [50811 octets] - [04/11/2019 15:13:40]
AdwCleaner[S00].txt - [1395 octets] - [04/11/2019 15:15:46]
AdwCleaner[S01].txt - [1457 octets] - [13/11/2019 23:00:23]
AdwCleaner[S02].txt - [1518 octets] - [15/11/2019 20:17:33]
AdwCleaner[S03].txt - [1579 octets] - [17/11/2019 00:49:33]
AdwCleaner[S04].txt - [1640 octets] - [17/11/2019 00:51:10]
AdwCleaner[S05].txt - [1701 octets] - [20/11/2019 11:33:32]
AdwCleaner[S06].txt - [1762 octets] - [25/11/2019 12:12:28]
AdwCleaner[S07].txt - [1823 octets] - [27/11/2019 12:34:49]
AdwCleaner[S08].txt - [1884 octets] - [27/11/2019 17:44:17]
AdwCleaner[S09].txt - [1945 octets] - [30/11/2019 18:00:46]
AdwCleaner[S10].txt - [2006 octets] - [01/12/2019 20:14:23]
AdwCleaner[S11].txt - [2067 octets] - [05/12/2019 12:06:19]
AdwCleaner[S12].txt - [2128 octets] - [06/12/2019 10:57:58]
AdwCleaner[S13].txt - [2189 octets] - [07/12/2019 08:59:18]
AdwCleaner[S14].txt - [2250 octets] - [02/01/2020 00:38:19]
AdwCleaner[S15].txt - [2311 octets] - [03/01/2020 15:37:37]
AdwCleaner[S16].txt - [2372 octets] - [10/01/2020 22:33:10]
AdwCleaner[S17].txt - [2433 octets] - [18/01/2020 17:18:18]
AdwCleaner[S18].txt - [2494 octets] - [19/01/2020 02:57:55]
AdwCleaner[S19].txt - [2555 octets] - [27/01/2020 15:38:05]
AdwCleaner[S20].txt - [2616 octets] - [30/01/2020 02:15:41]
AdwCleaner[S21].txt - [2757 octets] - [05/02/2020 06:39:27]
AdwCleaner[S22].txt - [2818 octets] - [11/02/2020 20:09:29]
AdwCleaner[S23].txt - [2879 octets] - [15/02/2020 13:49:43]
AdwCleaner[S24].txt - [2940 octets] - [23/02/2020 01:44:11]
AdwCleaner[S25].txt - [3001 octets] - [24/02/2020 20:02:42]
AdwCleaner[S26].txt - [3062 octets] - [03/03/2020 14:45:17]
AdwCleaner[S27].txt - [3609 octets] - [09/03/2020 20:55:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C27].txt ##########
 

Share this post


Link to post
Share on other sites

I got this one too. Seems weird. I'm clean for well over a decade.

Opening the registry entry that's pointed in AdwCleaner, I don't see anything shady.

image.thumb.png.8e385d51da497e9967f9cbb48997a71a.png

Share this post


Link to post
Share on other sites

5 users who don't use internet explorer, nothing on full MBAM scan, no other symptoms, nothing weird in the actual registry (too a look myself also). I don't see how it could be anything but false positive. Though I am not an malware/adware expert so anything I write is just a guess.

Share this post


Link to post
Share on other sites
11 minutes ago, JaskaTheK9 said:

5 users who don't use internet explorer, nothing on full MBAM scan, no other symptoms, nothing weird in the actual registry (too a look myself also). I don't see how it could be anything but false positive. Though I am not an malware/adware expert so anything I write is just a guess.

Perhaps we need another trusted advisor without commenting anything, to just post a link with instructions on removing the adware where the screenshots point to Google Chrome infection even though we mentioned it's IE.

Maybe that will open our eyes.

Share this post


Link to post
Share on other sites
Posted (edited)
31 minutes ago, Beenthere said:

Perhaps we need another trusted advisor without commenting anything

We actually just need the developer to look over it and see if it a FP or not.

@jboursier

Edited by Porthos

Share this post


Link to post
Share on other sites
42 minutes ago, JaskaTheK9 said:

5 users who don't use internet explorer

Even though it is not used it is still there and actually still controlling some functions of Windows.

Share this post


Link to post
Share on other sites

Also just showed up on 3 PCs all running Windows 7 Home Premium x64. Seems to be a FP to me.

 

Share this post


Link to post
Share on other sites

Hello,

As usual, thank you for the feedbacks, be sure they are very well appreciated.

At first I wasn't convinced it was a FP since this GUID is related to an existing infection. But looking deeper at the detection rule actually showed that it had a FP effect which is now fixed (updated definitions are already published).

Thanks for your help,

Share this post


Link to post
Share on other sites
5 minutes ago, jboursier said:

Hello,

As usual, thank you for the feedbacks, be sure they are very well appreciated.

At first I wasn't convinced it was a FP since this GUID is related to an existing infection. But looking deeper at the detection rule actually showed that it had a FP effect which is now fixed (updated definitions are already published).

Thanks for your help,

Thanks sir.

Share this post


Link to post
Share on other sites

Thank you for the fix. FP has vanished. 👍

Share this post


Link to post
Share on other sites

I had it too, but deleted it in the registry and in C:\Users\User_Name\AppData\LocalLow\Microsoft\Internet Explorer by hand.

 

IE11 is a PUP in itself:rolleyes:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.