Just completed first malwarebytes scan, is this normal?

[spwath]

It found like 16 items that were bad and quarentined them. Should i delete them? Is this a normal amount? is this bad?

[hawaiims]

It found like 16 items that were bad and quarentined them. Should i delete them? Is this a normal amount? is this bad?

probably means you were illegally torrenting stuff.

 

Generally I use avast btw (run avast manually when I think there's a virus and mse the rest of the tiem)

[LukaP]

ive done it today, since i had some weird travian redirects happening. 

had 21 of them, 9 were youtube options extension stuff that i didnt quarantene. other stuff is gone

[Altecice]

This could be normal depending on what was found. Malwarebytes tends to class Tracking Cookies as infections. not really anything to be worried about.

[spwath]

probably means you were illegally torrenting stuff.

 

Generally I use avast btw (run avast manually when I think there's a virus and mse the rest of the tiem)

COuld you tell me what torrenting is? And i dont think i did it...

[Tmh85]

COuld you tell me what torrenting is? And i dont think i did it...

Torrenting is a way of downloading software but the term "Torrenting" is usually used to refer to illegally downloading movies, games, and TV shows

[spwath]

Torrenting is a way of downloading software but the term "Torrenting" is usually used to refer to illegally downloading movies, games, and TV shows

I dont think i did. I only have 4 games, and payed for 2 of them and got 2 free with my gpu. i have no tv/movies/other videos on my computer. And i dont think i donloaded things illegaly, but i think i may have picked up some things while downloading camstudio, a free software. After i downloaded that i had random things on my computer and weird brownser extensions so i tried to delete them all by hand but could have missed some stuff.

[MegaDave91]

Anything bad is not normal.

[Sheldon_King]

@spwath

It is normal to get several false positives when russing your first malwarebytes scan.  It will show tracking cookies, Mining software, and anything used to edit system or game files as an infection. Generally the best thing to do is to run malwarebytes just after your install windows or any program you normally use and know is clean and then whitelist the found infections (I do this for Cudaminer, Cheat Engine, Dogecoin, and Litecoin wallets and have never had an issue).

 

If yo udon't know if it is good or an infection, paste the infection report and we can tell you what is not an infection.

[spwath]

@spwath

It is normal to get several false positives when russing your first malwarebytes scan.  It will show tracking cookies, Mining software, and anything used to edit system or game files as an infection. Generally the best thing to do is to run malwarebytes just after your install windows or any program you normally use and know is clean and then whitelist the found infections (I do this for Cudaminer, Cheat Engine, Dogecoin, and Litecoin wallets and have never had an issue).

 

If yo udon't know if it is good or an infection, paste the infection report and we can tell you what is not an infection.

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/5/2014

Scan Time: 5:16:00 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.05.04

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Spencer

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 248214

Time Elapsed: 8 min, 33 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 1

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe, 1556, Delete-on-Reboot, [a315b5717efdcb6b9738cd8da062e31d]

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 4

PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [72465bcb36459d99f22dc6a2936f1ae6], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1706980718-695027532-4044806176-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bbfdcb5b314a3df95ae747274db5e31d], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1706980718-695027532-4044806176-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [1c9c35f1572487af1f6095efa26154ac], 

PUP.Optional.InstallX.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InstallX Search Protect for Yahoo, Quarantined, [a315b5717efdcb6b9738cd8da062e31d], 

 

Registry Values: 2

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1706980718-695027532-4044806176-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M2P0U0F0B1O1O1G, Quarantined, [1c9c35f1572487af1f6095efa26154ac]

PUP.Optional.InstallX.A, HKU\S-1-5-21-1706980718-695027532-4044806176-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|InstallX Search Protect for Yahoo, "C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe", Quarantined, [a315b5717efdcb6b9738cd8da062e31d]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo, Delete-on-Reboot, [a315b5717efdcb6b9738cd8da062e31d], 

 

Files: 9

PUP.Optional.Installcore, C:\Users\Spencer\AppData\Local\Temp\is1108708961\134961749_stp\HomePageDLL.dll, Quarantined, [f7c145e10d6ed75f49d3c132ed16dc24], 

PUP.Optional.Crimsolite.A, C:\Users\Spencer\AppData\Local\Temp\is1108708961\135134534_stp\setup.exe, Quarantined, [1a9e28febebd57dfd8faa25b1be84bb5], 

PUP.Optional.InstallIQ, C:\Users\Spencer\Downloads\coretemp_d7632790.exe, Quarantined, [51674ed880fb53e3d72ed53ea160ee12], 

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml, Quarantined, [a315b5717efdcb6b9738cd8da062e31d], 

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe, Delete-on-Reboot, [a315b5717efdcb6b9738cd8da062e31d], 

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip, Quarantined, [a315b5717efdcb6b9738cd8da062e31d], 

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log, Delete-on-Reboot, [a315b5717efdcb6b9738cd8da062e31d], 

PUP.Optional.InstallX.A, C:\Users\Spencer\AppData\Roaming\InstallX Search Protect for Yahoo\yspversion.txt, Quarantined, [a315b5717efdcb6b9738cd8da062e31d], 

PUP.Optional.SnapDo.A, C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://feed.snap.do/?publisher=LuckyObrw&dpid=LuckyObrw&co=US&userid=98cad6bf-72be-445a-8434-a8c422c0adad&searchtype=hp&installDate=16/02/2013", "http://www.google.com", "http://mysearch.avg.com/?cid={BF66B094-05D0-47B7-BBE3-7A53346D5903}&mid=41ac8e95bdc04014916a8c0d6b8778fd-529c64fbf8847bfcfa717e55ad85a4aa067a6bf9〈=en&ds=hk018&pr=sa&d=2013-11-22 14:52:04&v=17.1.3.1&pid=safeguard&sg=0&sap=hp" ],), Replaced,[1d9ba6803f3cdc5aaac3ff41b94b9f61]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Protection, 4/5/2014 5:07:02 PM, SYSTEM, GAMINGPC, Protection, Malware Protection, Starting, 

Protection, 4/5/2014 5:07:02 PM, SYSTEM, GAMINGPC, Protection, Malware Protection, Started, 

Protection, 4/5/2014 5:07:02 PM, SYSTEM, GAMINGPC, Protection, Malicious Website Protection, Starting, 

Protection, 4/5/2014 5:07:03 PM, SYSTEM, GAMINGPC, Protection, Malicious Website Protection, Started, 

Update, 4/5/2014 5:07:06 PM, SYSTEM, GAMINGPC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 

Update, 4/5/2014 5:07:25 PM, SYSTEM, GAMINGPC, Manual, Malware Database, 2014.3.4.9, 2014.4.5.4, 

Protection, 4/5/2014 5:07:27 PM, SYSTEM, GAMINGPC, Protection, Refresh, Starting, 

Protection, 4/5/2014 5:07:27 PM, SYSTEM, GAMINGPC, Protection, Malicious Website Protection, Stopping, 

Protection, 4/5/2014 5:07:27 PM, SYSTEM, GAMINGPC, Protection, Malicious Website Protection, Stopped, 

Protection, 4/5/2014 5:07:31 PM, SYSTEM, GAMINGPC, Protection, Refresh, Success, 

Protection, 4/5/2014 5:07:31 PM, SYSTEM, GAMINGPC, Protection, Malicious Website Protection, Starting, 

Protection, 4/5/2014 5:07:31 PM, SYSTEM, GAMINGPC, Protection, Malicious Website Protection, Started, 

 

(end)

[atrash]

you can quarantine or delete them. I would do a 2nd scan after that, and probably another boot scan just to be safe.

[Sheldon_King]

output text

None of the entries there are false positives. You can safely quarantine them if you wish. (The entries look like adware from one or more installers to me)

[spwath]

None of the entries there are false positives. You can safely quarantine them if you wish. (The entries look like adware from one or more installers to me)

OK. Thanks. Probably the stupid camstudio

[Sheldon_King]

OK. Thanks. Probably the stupid camstudio

It could be anything really. A lot (a metric button) of software you can download for free comes with adware in it. It does not generally gurt your system, but it is a malware by malwarebytes standards.

[spwath]

It could be anything really. A lot (a metric button) of software you can download for free comes with adware in it. It does not generally gurt your system, but it is a malware by malwarebytes standards.

yeah when i installed camstudio a bunch of random programs were like "ooh you have a virus, ruin scan, download this" and some werid browser extension

[Sheldon_King]

yeah when i installed camstudio a bunch of random programs were like "ooh you have a virus, ruin scan, download this" and some werid browser extension

That is even worse than adware.    But it generally will not do any permanent damage as long as you say no to each.

 

*BTW: By my reasoning adware is where an installer is like "Would you like to also install xxx for free?" and you can say yes or no. Generally does no damage other than making the install longer than it needs to be.

[spwath]

That is even worse than adware. But it generally will not do any permanent damage as long as you say no to each.

*BTW: By my reasoning adware is where an installer is like "Would you like to also install xxx for free?" and you can say yes or no. Generally does no damage other than making the install longer than it needs to be.

Oh yeah no a bunch of stuff just installed without my permission

[Sheldon_King]

Oh yeah no a bunch of stuff just installed without my permission

Did you download the installer from the publisher of camstudio? If not, then you likely recieved an infected version of the software.  If you did, then it would likely be better next time to look for a safer freeware version of the software. (I am not sure what it does, but it sounds like a photoediting software, which Gimp or Picasa are available as freeware without infections)