Eno-Scott Posted September 12 ID:1660541 Share Posted September 12 During a custom scan with the 'rootkit' option active Malwarebytes found Adware.SpecialSearchOffer for the second time (the other scan was done on August 18th, always with the same method) in the location: C:\PROGRAMDATA\MALWAREBYTES \MBAMSERVICE\TMP\UPDCENTER.EXE-K.MBAM . After the detection I had set the option to put the malware in quarantine and I restarted, after the restart checking the quarantine there was nothing, checking the Detection History under 'Actions' it indicated 'STRING-NOT-ADDED', checking the Scan Report under 'Actions' said 'Delete on reboot'. So I don't understand whether the malware has been removed or not also considering the fact that it is the second time that I have found it in the same position. My computer is a desktop with Windows 10 installed and my version of Malwarebytes (free) is 5.1.10.127 What have I to do? On your opinion the threat has been removed or not? P.S. : I've already opened a ticket with the assistance for that,but I'd like to have your opinion about Malwarebytes Report della scansione 2024-09-11 000017.txt Link to post Share on other sites More sharing options...
Staff blender Posted September 12 Staff ID:1660568 Share Posted September 12 Hello, Thank you for the report and log. Log is missing some information though so I can't look up the file or anything. Does this file still exist on your machine? C:\PROGRAMDATA\MALWAREBYTES \MBAMSERVICE\TMP\UPDCENTER.EXE-K.MBAM If so, can you zip it and attach it here? Prefer if you can add "infected" as the archive/zip password. Thanks! Link to post Share on other sites More sharing options...
Eno-Scott Posted September 14 Author ID:1660993 Share Posted September 14 On 9/12/2024 at 8:37 PM, blender said: Hello, Thank you for the report and log. Log is missing some information though so I can't look up the file or anything. Does this file still exist on your machine? C:\PROGRAMDATA\MALWAREBYTES \MBAMSERVICE\TMP\UPDCENTER.EXE-K.MBAM If so, can you zip it and attach it here? Prefer if you can add "infected" as the archive/zip password. Thanks! I looked for the file in the location where the scan found it, but it is no longer there.. Is there another way I could look for it in C? Should I perhaps do a search in File Explorer for 'Adware.SpecialSearchOffer' or for 'UPDCENTER.EXE-K.MBAM'? P.S. : I've opened a ticket with Mbam assistance for that and they've said that is a false positive..your thoughts about that? Link to post Share on other sites More sharing options...
Porthos Posted September 14 ID:1660994 Share Posted September 14 2 minutes ago, Eno-Scott said: I looked for the file in the location where the scan found it, but it is no longer there.. Is there another way I could look for it in C? Should I perhaps do a search in File Explorer for 'Adware.SpecialSearchOffer' or for 'UPDCENTER.EXE-K.MBAM'? You are not going to find it since it is a temporary file and was only detected since you have rootkit scanning on. 4 minutes ago, Eno-Scott said: 've opened a ticket with Mbam assistance for that and they've said that is a false positive..your thoughts about that? Rootkit scanning is not enabled by default. You may want to disable that unless you think you have a rootkit infection. Rootkit scanning is really aggressive and does ignore some whitelisting which can result in false positives. If you decide to keep rootkit scanning on, just be aware of the possibility of false positives. 1 Link to post Share on other sites More sharing options...
Staff blender Posted September 14 Staff ID:1661000 Share Posted September 14 Did you previously have detection for SpecialSearchOffer? I'm curious if you have a file called updcenter.exe on the pc anywhere. I just found out that the -k.mbam (and sometimes -u.mbam) is a comparison thing during rootkit scanning. So files are not persistent. I'm thinking there is a possibility you have updcenter.exe somewhere that was a false positive way back when and we whitelisted it. Quite possible however we whitelisted it, the whitelisting was ignored due to the rootkit scanning being on. (rootkit scanning does ignore some whitelisting stuff so there is always the possibility of false positives - which is why it is off by default.) 1 Link to post Share on other sites More sharing options...
Eno-Scott Posted September 15 Author ID:1661169 Share Posted September 15 23 hours ago, blender said: Did you previously have detection for SpecialSearchOffer? I'm curious if you have a file called updcenter.exe on the pc anywhere. I just found out that the -k.mbam (and sometimes -u.mbam) is a comparison thing during rootkit scanning. So files are not persistent. I'm thinking there is a possibility you have updcenter.exe somewhere that was a false positive way back when and we whitelisted it. Quite possible however we whitelisted it, the whitelisting was ignored due to the rootkit scanning being on. (rootkit scanning does ignore some whitelisting stuff so there is always the possibility of false positives - which is why it is off by default.) Yes, I have already had a result found for this false positive. And I searched updcenter.exe in file explorer finding it in two results associated with my current Bitdefender antivirus Link to post Share on other sites More sharing options...
Staff blender Posted September 17 Staff ID:1661483 Share Posted September 17 And those 2 updcenter.exe scan clean without rootkit scanner on? Link to post Share on other sites More sharing options...
Eno-Scott Posted September 17 Author ID:1661502 Share Posted September 17 1 hour ago, blender said: And those 2 updcenter.exe scan clean without rootkit scanner on? What you mean? How could I verify that ? Are you counseling me to perform a scan on this 2 .exe with MBAM ? In this case have I to scan them with rootkit option enabled or not ? Plus let me ask a question: at now I've uninstalled Bitdefender Total Security from this PC because I've had to do a system restore from a restore point saved and the av was blocking this process ( I've done that to regain some web searches opened in my Opera browser on where I was working,that I don't know why,suddenly are disappeared ). So I'm thinking ( tell me if is ok ) : it couldn't be useful about that ticket that I've created here, trying right now to perform another custom scan with rootkit option enabled considering that you've said that this Adware.SpecialSearchOffer is related to these two updcenter.exe files ( that at now,I suppose,has been removed from the system considering that I've used the Uninstalling Tool of Bitdefender to remove the av ) ? This to see if this false positive is still detected or not . Let me know your thoughts on this! Link to post Share on other sites More sharing options...
Staff blender Posted September 17 Staff ID:1661514 Share Posted September 17 Ahh ok, since you removed BitDefender, those 2 updater files are likely no longer present. So ... there shouldn't be any detections now. No biggy. Since you were able to find those updcenter.exe files in explorer before removing BD, I was hoping to be able to scan them while having 'scan for rootkits' unchecked. (because the rootkit scanner - by ignoring some whitelisting sometimes causes false positives) I wanted to make sure we were not detecting the updater file(s) while the rootkit scanner was off. Anyway - should be no longer an issue now that BD is removed. I'm guessing that they wouldn't be detected without the rootkit scanner, otherwise we'd have several posts about it already since BD is a pretty common AV. I have not done a system restore for probably more than 10 years... so not sure how it handles stuff in personal folders such as previous browser searches/tabs/etc. That info might be in your history tab. Link to post Share on other sites More sharing options...
Eno-Scott Posted September 18 Author ID:1661627 Share Posted September 18 9 hours ago, blender said: Ahh ok, since you removed BitDefender, those 2 updater files are likely no longer present. So ... there shouldn't be any detections now. No biggy. Since you were able to find those updcenter.exe files in explorer before removing BD, I was hoping to be able to scan them while having 'scan for rootkits' unchecked. (because the rootkit scanner - by ignoring some whitelisting sometimes causes false positives) I wanted to make sure we were not detecting the updater file(s) while the rootkit scanner was off. Anyway - should be no longer an issue now that BD is removed. I'm guessing that they wouldn't be detected without the rootkit scanner, otherwise we'd have several posts about it already since BD is a pretty common AV. I have not done a system restore for probably more than 10 years... so not sure how it handles stuff in personal folders such as previous browser searches/tabs/etc. That info might be in your history tab. I've done a search just to try and the two updcenter.exe are still there even after the running of Bitdefender Uninstalling Tool ... Their paths are : "C:\Programmi\Bitdefender" and "C:\Programmi\Bitdefender\Bitdefender Security". Now I'll perform a "normal" scan with rootkit option enabled just to do a test Anyway considering that I've used their tool,there isn't strange that these two files are still there ? I've checked also the folder "Programmi" and the Bitdefender folder is still there.. Instead looking in Windows Settings in App there isn't any voice about Bitdefender,the same in Control Panel's Programs and Features. Link to post Share on other sites More sharing options...
Eno-Scott Posted September 19 Author ID:1661847 Share Posted September 19 21 hours ago, Eno-Scott said: I've done a search just to try and the two updcenter.exe are still there even after the running of Bitdefender Uninstalling Tool ... Their paths are : "C:\Programmi\Bitdefender" and "C:\Programmi\Bitdefender\Bitdefender Security". Now I'll perform a "normal" scan with rootkit option enabled just to do a test Anyway considering that I've used their tool,there isn't strange that these two files are still there ? I've checked also the folder "Programmi" and the Bitdefender folder is still there.. Instead looking in Windows Settings in App there isn't any voice about Bitdefender,the same in Control Panel's Programs and Features. Normal scan with rootkit option enabled haven't founded this false positive,at this point have I to try again a custom scan? Link to post Share on other sites More sharing options...
Staff blender Posted September 20 Staff ID:1662282 Share Posted September 20 Hello, Sorry for delay. I didn't see the notification of your replies. Since you scanned again and found nothing, it should be OK. Not sure why the BitDefender remover tool failed to remove the BitDefender folder under Programmi If I had to guess, it was likely looking for "Program Files" but was not coded to understand "Programmi" means "Program Files" Sometimes too they leave bits behind in case you decide to install again so some settings are left behind there. Link to post Share on other sites More sharing options...
Eno-Scott Posted September 21 Author ID:1662342 Share Posted September 21 4 hours ago, blender said: Hello, Sorry for delay. I didn't see the notification of your replies. Since you scanned again and found nothing, it should be OK. Not sure why the BitDefender remover tool failed to remove the BitDefender folder under Programmi If I had to guess, it was likely looking for "Program Files" but was not coded to understand "Programmi" means "Program Files" Sometimes too they leave bits behind in case you decide to install again so some settings are left behind there. They've said that is normal. About the 2 updcenter.exe files,Mbam assistance asked me to scan them with Virus Total and send them the results Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now