Solved

Webroot scans were coming up clean, but Malwarebytes caught something.

  • 3 February 2012
  • 10 replies
  • 89 views

Userlevel 4
I recently went to Scribd.com while searching for a movie script. I downloaded the free file viewer they offered and I immediately started having some problems with my laptop. I scanned my PC using the SecureAnywhere Complete and the scan came up clean. I then used the Malwarerbytes PRO and it came up with a PuP file that had been incorporated within the free file viewer I had downloaded. NOT compaining about anything, I'm just a little confused about why Webroot didn't catch it, but another program did? (Sorry, before you ask, I have already deleted the file and my computer is back to normal. So, I can't provide any file names for you. However, if you want to research it, that is why I gave you the site name and the product I downloaded.)
icon

Best answer by KeithH 3 February 2012, 23:04

View original

10 replies

Userlevel 7
Badge +35
Without seeing the Malwarebytes logs it is difficult to say what may have been missed. We have different criteria for detecting PUAs (PUPs) than Malwarebytes does, so there will be some applications that they consider unwanted and we do not and vice-versa. Quite often when we see Malwarebytes logs detecting something that we "missed" all that is detected are orphaned registry entries and there are no actual files present. If you want, create a support ticket and copy and paste the Malwarebytes log into the ticket and we can look it over. 
 
-Dan
I will add this, webroot found and said it removed gui pipline, I think it was called,  but did nothing to remove all the files that were added by it. It also identified the support for webroot as gui-pipeline, again i think it was called, so i exited. Even if it was in my computer before i installed webroot security plus why didnt it detect it? 
I all of a suddun had 5 computers brought to there knees and had webroot sucurity plus in 4 of them.  I couldnt believe anything had gotten in.  I downloaded malwarebytes and scanned and removed from 10 to 110 #$@%#!& files from them all and then they were alright.  whats up webroot? I THOUGHT YOU WERE THE BEST.  Guess I have to buy something else to be protected.  I read the read up in PC Magazine about how webroot pass Norton and Mc affee and how zone alarm pro was sneaking up on them and I guess they didnt do there research. I tried.
Userlevel 4
You are quite welcome!  🙂
Userlevel 4
LOL! believe it or not, I just deleted my logs yesterday. I guess I should have saved that particular one, but I had logs dating back for a couple of years and I just clicked "delete". OOPS!
Thanks for your efforts though! I will save the pertinent stuff next time. (hopefully, there won't BE a next time though.)
Userlevel 4
Hi DannyK!!
 
Alright, I downloaded the Free File Reader tool and installed it (opting out of all of the free toolbars [Yahoo], etc.).
 
Then I ran a scan with SecureAnywhere and Malwarebytes Pro and came up with nothing. Hmm ... so I uninstalled the Free File Reader tool and then reinstalled with all of the free software and toolbars to see if it made a differance in the results, however, it did not. Both of the Malwarebytes Pro scans came back PuP free.
 
From a Security Forensics point of view, it becomes challenging going forward, since I can't reproduce the issue and you have already removed the file (I don't blame you for that one, if a file even looks at me wrong it gets zapped! LOL).
 
With that said, your Malwarebytes Pro probably has a log file from that scan (it retains a log file for each scan by default). If you open the Malwarebytes Pro interface, you will see a tab marked Logs, then you will see logs from all of your scans. If you open the log in question, it should have a reference in there as to what software (PUP) it found.
 
If you can locate that and post it hear (or the entire log contents if it isn't exceedingly large) I am more than happy to run with it and see what I can determine on the backend.
 
The tough thing about Potentially Unwanted Programs is the "Potential" part ... meaning its a best guess. Sometimes valid, sometimes not.
 
I also wanted to say "Way to go!" on just remaining vigilant, that is SO cricucial to good cyber security!
 
Let me know what you find and maybe we can unravel this mystery! 😉
Userlevel 4
Thank you Keith! I will be anxious to find out what you come up with!
Userlevel 4
Yeah. After sleeping on this issue, I pretty much came to the same conclusion. I'm not sure what Malwarebytes uses as a trigger for such things. My only issue with all of this is that it was found as a rootkit in my registry. Still not quite sure what the criteria is as far as the Webroot scan for rootkits.
Userlevel 4
Hi Danny,
 
I am going to attempt to replicate this on my system to see exactly what is what!  :-)
 
More to come!
 
 
Userlevel 4
PuP= Potentially unwanted program security solutions are always different on what they consider a pup but I am not sure yet how webroot detects these things I am sure someone will let you know.

Reply