Jump to content

False positives at PUP.Optional.MailRu on Google Chrome


peatprey
 Share

Recommended Posts

Hello. My malwarebytes indicates that 15 PUP.Optional.MailRu viruses were found.  If you open these files in Explorer and scan, the antivirus will not swear. Other antiviruses also do not swear, as the site virustotal.com does not say that these 15 files contain a virus. I opened files and found nothing that looked like a virus. As I understand it, MailRu is listed in the file as part of the Google Chrome search engine. The files themselves are located in its folders. On a clean windows system, if you download Google Chrome and scan Malwarebytes, it will find this virus, although there is no virus.   

P.S There are no viral extensions in my browser  image.png.b461157cb7bd9ff086ddcd66764adadd.png image.thumb.png.94e682e154c05b1c4572ab12613b4952.pngimage.thumb.png.2a0ddf6d06fcd5c8bbc7af426480c1aa.png 

Link to post
Share on other sites

  • Staff

Hi,

We don't detect this as a Virus but as a PUP (Potentially Unwanted Application) which has changed some settings in your browser: https://blog.malwarebytes.com/detections/pup-optional-mailru/

This is not a false positive, but Potentially Unwanted, so if you want to keep it, you can add exclusions for it.

Thanks!

Link to post
Share on other sites

2 hours ago, miekiemoes said:

Hi,

We don't detect this as a Virus but as a PUP (Potentially Unwanted Application) which has changed some settings in your browser: https://blog.malwarebytes.com/detections/pup-optional-mailru/

This is not a false positive, but Potentially Unwanted, so if you want to keep it, you can add exclusions for it.

Thanks!

Maybe I don't understand something, but where could the program be there? Antivirus swears at files and one folder, but these are not applications. How can this be PUP?

Link to post
Share on other sites

  • Staff

It are settings in your Chrome preferences file that are pointing to mail.ru. In most cases, this is installed by bundled software (you might have had in the past), or per your choice, if you are a user of mail.ru.

Given you are probably Russian, you can ignore this detection if you are actually using it. 

You'll see in the search result below how many users see it as unwanted and want it gone:

https://www.google.com/search?q=mail.ru+chrome&ie=UTF-8&oe=

Link to post
Share on other sites

2 hours ago, miekiemoes said:

Это настройки в вашем файле настроек Chrome, которые указывают на mail.ru. В большинстве случаев это устанавливается с помощью связанного программного обеспечения (которое могло быть у вас раньше) или по вашему выбору, если вы являетесь пользователем mail.ru.

Если вы, вероятно, русский, вы можете игнорировать это обнаружение, если вы действительно его используете. 

Вы увидите в результатах поиска ниже, сколько пользователей считают его нежелательным и хотят, чтобы он исчез:

https://www.google.com/search?q=mail.ru+chrome&ie=UTF-8&oe=

I don't use mailru in any way. I even have it removed from search engines. Is there a way to clear my Google Chrome data so that the antivirus no longer swears and I never see anything related to this terrible company?

Link to post
Share on other sites

  • Staff

Hi,

First of all, let Malwarebytes remove what it found. (close Chrome). Note, Malwarebytes won't remove the preferences files, it will just "restore" it again.

In case it's still detected after malwarebytes removal, please see here: 

If that still didn't help, I suggest you start a new thread in the following forum: https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ - so someone from support can help you with this.

Thx!

Link to post
Share on other sites

2 hours ago, miekiemoes said:

Hi,

First of all, let Malwarebytes remove what it found. (close Chrome). Note, Malwarebytes won't remove the preferences files, it will just "restore" it again.

In case it's still detected after malwarebytes removal, please see here: 

If that still didn't help, I suggest you start a new thread in the following forum: https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ - so someone from support can help you with this.

Thx!

Thank you very much! It turned out that this program was really in my Google sync data, I followed the instructions and was able to get rid of it forever. I toiled with this program for several days, reinstalled windows 2 times, and now my suffering is over. All thanks to you

Link to post
Share on other sites

  • Staff

Glad to hear :)

There's a possibility it might come back though, especially Russian Chrome users, as we have noticed that some Russian sites actually re-add this to the search engine again.

Mail.ru isn't malware, it's rather annoying it adds "unwanted", so for the future, you can always add an exclusion for this detection as well, in case it comes back.

Link to post
Share on other sites

2 hours ago, miekiemoes said:

Glad to hear :)

There's a possibility it might come back though, especially Russian Chrome users, as we have noticed that some Russian sites actually re-add this to the search engine again.

Mail.ru isn't malware, it's rather annoying it adds "unwanted", so for the future, you can always add an exclusion for this detection as well, in case it comes back.

Henceforth, I will be very careful on the Internet. This unwanted program may have been supplied by Utorrent. I sometimes use it to download movies. Unfortunately, Russia is a very poor country and not everyone can afford to buy content. So, utorrent has already been caught installing viruses on its users' computers. It was 2015 and they built a bitcoin miner into their program. Then they were removed after the scandal. 

Even before reinstalling Windows, I had such an extension in my browser. Perhaps it was also put by Utorrent3_5LuXHQ3hg.thumb.jpg.c20a17580d07dd9ae9001f4d85e8e387.jpg

Link to post
Share on other sites

  • 3 months later...

I formatted the SSD and hard drive. I installed the latest version of Windows from the official site. Not logged into chrome account. Installed your antivirus and it still finds this "virus". This is complete nonsense. False alarm. I opened files marked with antivirus in notepad and all I saw there were lines with the mention of the search engine MailRu. All my friends have the same thing. Please correct your program.

Link to post
Share on other sites

On 9/23/2020 at 1:09 PM, miekiemoes said:

That's correct. The uTorrent installer is also often bundled with additional software which might change the searchengine settings as well.

In either way, good you found the culprit. :)

Marked a random message so you can see

 

 

Link to post
Share on other sites

10 minutes ago, peatprey said:

Let me decide for myself what to use and what not

Then you have to add it to exclusions at your own risk.

If any of the items being detected are registry keys or other items not directly accessible through the Allow List functions in Malwarebytes then you should perform a scan by returning to the main dashboard and clicking the Scan button, and once the scan completes either uncheck the box next to each item you wish to keep, or if they are all items belonging to the program you wish to exclude then click the empty checkbox at the top left of the list to clear all checkboxes then click Next and when prompted on what to do with the remaining items simply select the option to always ignore them and they will be added to your Allow List so that they will no longer be detected by scans or the Malware Protection component.

Add to the Allow List in Malwarebytes for Windows v4

That is all that can be said. Malwarebytes does condone piracy.

 

Edited by Porthos
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.