Jump to content

Recommended Posts

Good day, 
everytime I perform scan with Malwarebytes it founds PUPs in Chrome files. I suspect that this is an error, however I am not sure. 
Is my computer safe? Were this files dangerous to my data or they were just false positives? 
What should I do in order to get rid of this problem? I would like to add that this is new issue - last week scanning with Malwarebytes did not revveal any traubles. 

Is it possible that my problem is described here: 

 ? 

I sincerly ask for your help! 

Addition.txt FRST.txt malware21-07-20v2.txt malware21-07-20.txt

Link to post
Share on other sites

  • Root Admin

Hello @Mizgal

I notice that you have the following notifications enabled in Chrome.

CHR Notifications: Default -> hxxp://forum.cdaction.pl; hxxps://forums.malwarebytes.com; hxxps://forums.malwarebytes.org; hxxps://tomato-timer.com

Can you try disabling that for now and see if it helps after cleaning up Google Chrome

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

 

Please follow the directions from the following topic and let us know if that corrects your issue or not.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Thank you

 

Link to post
Share on other sites

IIt has alleviated the problem: only 2 PUPs were found this time:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/22/20
Scan Time: 12:21 AM
Log File: 87e6f4c6-cba0-11ea-b598-b42e994d9793.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.27183
License: Free

-System Information-
OS: Windows 10 (Build 18362.959)
CPU: x64
File System: NTFS
User: ALEKSANDERLAND\Olek

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 367674
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.PushNotifications.Generic, C:\USERS\OLEK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 841288, 1.0.27183, , ame, 
PUP.Optional.PushNotifications.Generic, C:\USERS\OLEK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 841288, 1.0.27183, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

I was not sent any email after creating this zip file with Malwarebytes Support Tool. image.png.dfba973b8d45a700377f6487477b8254.png
Should I attach logs from this file here? 

Link to post
Share on other sites

  • Root Admin

Yes, please attach the log. I'll review it and speak with our Research Team tomorrow and see if I can find the specific cause.

 

The following brute force clean up of Google Chrome should clear it but then you'd have to reinstall all of your Extensions again and losing preferences from everything including history and passwords. So, if you can wait until tomorrow hopefully Research can help me to help you more surgically remove the detection.

 

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

  • Open Chrome and at the top right, click ellipse.png.2829aeeb2aea006bc956de077091and then More tools and then Extensions
  • Write down the list of Extensions installed.
  • Next, go to >> Google Sync << and sign in to your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the Run dialog box.
     
    • run_command.png
       
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png.00938ead26fa2bd

 

 

 

 

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/22/20
Scan Time: 2:25 AM
Log File: ce035cd6-cbb1-11ea-83e0-b42e994d9793.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.27189
License: Free

-System Information-
OS: Windows 10 (Build 18362.959)
CPU: x64
File System: NTFS
User: ALEKSANDERLAND\Olek

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 367743
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.