Jump to content

Kerish Doctor being flagged by Malwarebytes


kstev99

Recommended Posts

Popular PC tuning software being flagged as PUP by Malwareytes on two of my computers. 

This happened long ago (2019) and fixed, but it is back.....

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/21/23
Scan Time: 5:09 PM
Log File: b247171c-99e0-11ed-beb7-d8bbc14b9bc2.json

-Software Information-
Version: 4.5.21.231
Components Version: 1.0.1888
Update Package Version: 1.0.64861
License: Premium

-System Information-
OS: Windows 11 (Build 22623.1180)
CPU: x64
File System: NTFS
User: MSI-Kenny\Kenny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348499
Threats Detected: 10
Threats Quarantined: 0
Time Elapsed: 1 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, , , , , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76

Module: 1
PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, , , , , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76

Registry Key: 3
PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Kerish Doctor, No Action By User, 16282, 1116063, , , , , ,
PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{644A26D1-AF01-4565-9FCD-558206F5EF8F}, No Action By User, 16282, 1116063, , , , , ,
PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{644A26D1-AF01-4565-9FCD-558206F5EF8F}, No Action By User, 16282, 1116063, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.KerishDoctor, C:\WINDOWS\SYSTEM32\TASKS\Kerish Doctor, No Action By User, 16282, 1116063, , , , , 6333A1ED3E330D21CC4EA69200D0741B, B371F1AB14605B8104FE74E64325611232C0D75AF38447C3F2DD6E5D2E6EFE7B
PUP.Optional.KerishDoctor, C:\USERS\KSTEV\DESKTOP\Installed\Kerish Doctor 2022.lnk, No Action By User, 16282, 1116063, , , , , 51D0FB069EFB68526F70CE0E6143D86C, 0F83B4CAC404ECEBAA18C35F622F97978E2EB3714758EAF0CD42B437A7953176
PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76
PUP.Optional.KerishDoctor, C:\PROGRAMDATA\KERISH PRODUCTS\KERISH DOCTOR\BINARY\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76
PUP.Optional.KerishDoctor, C:\PROGRAMDATA\KERISH PRODUCTS\KERISH DOCTOR\UPDATE\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

To exclude these items you need to perform a scan (a Threat scan or Hyper scan should do) and then at the end when it shows the list of detections, uncheck any item that you do not want removed and click Next.  When prompted on what to do with the remaining unchecked items, select Ignore Always and they will be added to your exclusions and will no longer be detected by future scans.

Please let us know if you have any trouble or if there are any other issues we might assist you with.

Link to post
Share on other sites

  • Root Admin

First, if the program file was quarantined then you can restore the file from quarantine.

Please see the following article on how to restore

Restore or delete quarantined items in Malwarebytes for Windows
https://support.malwarebytes.com/hc/en-us/articles/360038479214-Restore-or-delete-quarantined-items-in-Malwarebytes-for-Windows


Next, please see the following article on how to add exclusions to Malwarebytes

Exclude detections in Malwarebytes for Windows
https://support.malwarebytes.com/hc/en-us/articles/360038479234-Exclude-detections-in-Malwarebytes-for-Windows

Use the Allow File of Folder. Then browse to this file entry and add it.


C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe

 

Link to post
Share on other sites

Shouldn't have to perform any of these steps if Malwarebytes would stop flagging perfectly safe programs.  How is this a valid PUP detection?  I have already added it to exclusions and unchecked the items before they were quarantined.  I was only reporting it so that you may want to check your definitions of a PUP.

Link to post
Share on other sites

  • Root Admin

I cannot speak for ESET but in the case of Malwarebytes, the program is alerting on cleaning Registry items that are a bit dubious and not recommended.

Microsoft support policy for the use of registry cleaning utilities
https://support.microsoft.com/en-us/topic/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities-0485f4df-9520-3691-2461-7b0fd54e8b3a

 

VirusTotal: https://www.virustotal.com/gui/file/85633fc1548adeffa685dee65b09d5409bc857cea55e9da4012f4740f028af76?nocache=1

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.