VonFlaffenHausen Posted June 1, 2020 ID:1385256 Share Posted June 1, 2020 Hi, There is something in my Chrome profile that Malwarebytes is not liking. I am fairly certain that its in my profile since I am getting the same detections even after a fresh install of windows. I have read the Blog about PUP's (https://blog.malwarebytes.com/detections/pup-optional/) But i Can't find any info on this specific PUP.Optional.IbbCo.PN So I am looking for more info about PUP.Optional.IbbCo.PN specifically and what caused it. Thanks for taking the time to read this! PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB PUP.Optional.IbbCo.PN C:\USERS\User\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000018.ldb PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000021.ldb PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000023.log PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000024.ldb PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001 PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000004.log PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000005.ldb PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\CURRENT PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOCK PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001 PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000004.log PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\000005.ldb PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\CURRENT PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOCK PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\LOG PUP.Optional.IbbCo.PN C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Sync Data\LevelDB\MANIFEST-000001 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 1, 2020 Root Admin ID:1385325 Share Posted June 1, 2020 Hello @VonFlaffenHausen and Yes it's due to Chrome. Please follow the directions from the following topic and let me know if this corrects the issue or not. https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ Thanks Link to post Share on other sites More sharing options...
VonFlaffenHausen Posted June 2, 2020 Author ID:1385374 Share Posted June 2, 2020 Hey @AdvancedSetup Thanks for taking the time to reply. What I am specifically looking for in this case is what PUP.Optional.IbbCo.PN is. What extension is causing this? I am unable to find the definition of PUP.Optional.IbbCo.PN and I am therefore unable to determine if the Potentially unwanted Program is indeed unwanted. Cheers, VonflaffenHausen Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 2, 2020 Root Admin ID:1385476 Share Posted June 2, 2020 Hello @VonFlaffenHausen I am not sure myself. I've asked our Research team. Can you please attach the actual log file showing this entry so that I can forward that to them. Thank you Link to post Share on other sites More sharing options...
VonFlaffenHausen Posted June 2, 2020 Author ID:1385499 Share Posted June 2, 2020 Hey @AdvancedSetup Thanks again for taking the time to reply to me. I have attached the log file. Have a great day! Log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 2, 2020 Root Admin ID:1385509 Share Posted June 2, 2020 I'm not sure it's due to a specific extension or not. This detection was added about a year ago due to some redirects to ibb <dot> co In most cases simply general clean up of your Chrome profile will probably correct the issue. Link to post Share on other sites More sharing options...
VonFlaffenHausen Posted June 2, 2020 Author ID:1385514 Share Posted June 2, 2020 (edited) I think I found it. There was a search engine registered under "other search engines" in chrome://settings/searchEngines thats seemed to use a subdomain of ibb.com. Besides that one, there were about 250 search enginges that got added by websites I visited over the last years is seems. I I found the following solution on superuser.com to delete all the searchengines https://superuser.com/questions/1141135/google-chrome-remove-all-other-search-engines/1154955 Afterwards I ran a scan and no more hits showed. Go to chrome://settings/searchEngines, hit F12 and paste this into the Console tab: settings.SearchEnginesBrowserProxyImpl.prototype.getSearchEnginesList() .then(function(val) { val.others.sort(function(a, b) { return b.modelIndex - a.modelIndex; }); val.others.forEach(function(engine) { settings.SearchEnginesBrowserProxyImpl.prototype.removeSearchEngine(engine.modelIndex); }); }); Thanks! Edited June 2, 2020 by AdvancedSetup removed live hyperlinks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 2, 2020 Root Admin ID:1385517 Share Posted June 2, 2020 Great, glad you were able to resolve your issue. We also have the following more detailed clean up of Google Chrome if needed. https://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/ Changing to a different browser that does not seem to have these issues quite as bad would be an even better choice. https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Cheers Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 2, 2020 Root Admin ID:1385533 Share Posted June 2, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts