Mindspark

Topic

New Reply

I seem to have over 300 PUPs related to Mindspark on my main Windows pc. What is the best method of eliminating them? [MalwareBytes finds them but does not provide a means for removing them.]

Reply | Quote

Replies

With that many dodgy programs who knows what else is wrong. Back the whole lot up and re-install from scratch.

cheers, Paul

Reply | Quote

With that many dodgy programs who knows what else is wrong. Back the whole lot up and re-install from scratch.

cheers, Paul

I doubt he has that many program. Malwarebytes reports each registry entry and files related to a PUP as separate detection’s. I’ve cleaned PCs with over 800 Malwarebytes items detected and the PC ran fine afterwards. It would be worth running AdwCleaner as Jwoods suggested as well.

Jerry

Reply | Quote

Check your settings in MalwareBytes for PUP and PUM detections.

If they are set to Treat detections as malware, MalwareBytes should remove them.

Additionally, you might consider downloading and running AdwCleaner and Junkware Removal Tool…

http://www.bleepingcomputer.com/download/adwcleaner/

JRT can be downloaded in the Weekly Downloads in Windows section on the right-hand side of the same page.

MalwareBytes is set to treat these as malware. All of the detections I can see in MalwareBytes history seem to be associated with Mindspark. I cannot find any of the history items in searching my hard drive. Is it possible that they are quarantined but still detected on each search? Note that there are no entries in the current search results, and yet MalwareBytes says that PUPs were detected.

Reply | Quote

HitmanPro found two items, but I could not remove them – it appears that the Windows Store people used it when they cleaned my pc 1 1/2 years ago, so my “trial” had expired long ago. AdwCleaner cleaned quite a bit, but I still have the issue with MalwareBytes where it says it detected something but does not list anything.
C’est la guerre.

Reply | Quote

I’ll have to wait a while to run anything, as my weekly backup takes a very long time.
The daily MalwareBytes scan just says that it found items, but does not list any. The logs (over 300 entries)are all related to MindSpark and are dated a long time ago – probably back when the Windows store did its cleanup.

Reply | Quote

When you’re done with the back up, download FreeFixer and then you can scroll through what it finds and you’ll probably be able to delete whatever Windows Store left on your computer, along with any other bogies.

If you aren’t sure what some of the deletable entries are, you can click on the info link, but if in doubt then leave.

http://www.freefixer.com/

Reply | Quote

I didn’t see any suspicious items in the Freefixer log.

Will try another suggestion tomorrow.

Thanks!

Reply | Quote

I’ve found Mindspark-associated programs on a number of WinXP and newer computers, usually have no problem getting Malwarebytes to remove them. In those few dire circumstances I’ve used CCleaner to finish.

Before you wonder "Am I doing things right," ask "Am I doing the right things?"

Reply | Quote

I’ve concluded that understanding this is hopeless. MalwareBytes keeps saying that there are 346 items found, but none were quarantined. Other one-time malware checkers find zero items. I installed the new (at least to me) Sophos suite and it found nothing. [Will it conflict with MalwareBytes?]

So I just conclude that MalwareBytes is finding items it has already quarantined.

Reply | Quote

Attached is the MalwareBytes log. The first two (registry entries) are relatively new; the rest have been around for quite some time.

Any insights?

Reply | Quote

Have you thought about uninstalling MBAM completely using the mbam-clean.exe, reinstall then run another scan – remembering to set it back up for PuPs and PuMs.

https://support.malwarebytes.org/customer/portal/articles/1835311?b_id=6438

Reply | Quote

I followed your suggestion, removed MalwareBytes completely, reinstalled it, and re-ran it. It found the same 326 items, and allowed me to quarantine them. Overnight tonight I’ll rerun MalwareBytes to see if it makes reference to the always-seen file folders.

Reply | Quote

Have you thought about uninstalling MBAM completely using the mbam-clean.exe, reinstall then run another scan – remembering to set it back up for PuPs and PuMs.

https://support.malwarebytes.org/customer/portal/articles/1835311?b_id=6438

As I said last night, I did remove and re-install MalwareBytes. It immediately found the same items as before, and I quarantined them. The overnight run did NOT find them again (as was happening with the former installation)! . And, going to history, I could delete them from the pc, which I could not before. :rolleyes:

MANY THANKS!

globalist

Reply | Quote

Just read the settings for MBAM in the top section of the attached MBAM log file:

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Detecting PUPs is enabled but the checkbox in the GUI to remove them hasn’t been selected.

PUP = Potentially Unwanted Program/Process = to some people they might be unwanted – but if you installed and use the software related to it and use it or find it useful, it’s not unwanted!

Registry Keys: 2
PUP.Optional.WinZipMalwareProtector, HKLMSOFTWAREWOW6432NODEMICROSOFTTRACINGWinZipMalwareProtector_RASAPI32, No Action By User, [f53cb58252474de9ba485dc5db29db25],
PUP.Optional.WinZipMalwareProtector, HKLMSOFTWAREWOW6432NODEMICROSOFTTRACINGWinZipMalwareProtector_RASMANCS, No Action By User, [a0914ee9b5e48caad032d54d9f65be42],

^ These are generally considered badware, I’d remove them without hesitation (Safe Mode > Regedit should do it, no tools required.

The remainder are all PUP.Optional.MindSpark which looks to be completely within Google Chrome – resetting Chrome to defaults should fix that.

If you want to get rid of both PUPs, simply select the checkbox mentioned above in MBAMs GUI and run it again.

Reply | Quote

I don’t know if you want to wait to see if MBAM has removed them, but you haven’t said if you ran JRT.

http://www.bleepingcomputer.com/download/junkware-removal-tool/

One other tool I’ve found that can find and remove items that both AdwCleaner and JRT had missed is the Avast Browser Cleanup Tool which you could also run.

https://www.avast.com/en-gb/browser-cleanup

The free version of CCleaner/Tools/Startup is where you can also remove these add-ons for each browser.

https://www.piriform.com/ccleaner/download

Reply | Quote

It may have been as satrow had pointed out that you didn’t have the previous version to treat PuPs as malware that it kept finding them, but glad you have gotten a result.

it won’t hurt to run the Avast Browser Cleanup Tool to confirm all is clear.

Reply | Quote