Malwarebytes and firefox profile.

[Codec]

This keeps popping up all the time.
http://i837.photobucket.com/albums/zz29 ... wj9tuu.jpg

[Daledoc1]

Hi:

Assuming you are running a valid/legit version of Firefox, that looks as if MBAM is detecting a PUP in one of your Firefox extensions.
PUPs are explained here: https://forums.malwarebytes.org/index.p ... e-deleted/
Without seeing the entire scan log, though, it's hard to tell for sure.

It also appears that you have MBAM configured only to "warn" for PUPs.
If you want MBAM to remove it, then you need to select the item by placing a check-mark in the box on the left side of the window & follow the prompts, OR
change the settings (Dashboard > Settings > Detection and Protection > Non-malware Protection and change both PUP and PUM to "Treat Detections as Malware") and then re-scan.

If you think the detection might be a "False Positive", then I suggest starting with the advice here: https://forums.malwarebytes.org/index.p ... -positive/, then posting the requested information (at least the MBAM scan log) in the FP section here: https://forums.malwarebytes.org/index.p ... etections/

OTOH, if you think you might be infected and/or want a free, expert second opinion, then I suggest starting with the advice here: https://forums.malwarebytes.org/index.p ... computers/, and then posting in the malware removal section here: https://forums.malwarebytes.org/index.p ... oval-help/. A trained expert will guide you through scanning and cleanup.

Cheers,

daledoc1

[therube]

That's prefs.js, so the file itself (simply text) is hardly going to be malicious.

Now if its objecting to something being referenced within the file.. but I would think that would be a stretch.


> If you want MBAM to remove it

Do not remove the file - unless you don't mind loosing your FF preferences.

[Daledoc1]

^^ Good points, all, @therube ^^

There is nothing similar being reported at the MBAM forum.
And without a full scan log and some other diagnostic information (e.g. basic system logs), it's not clear what's going on.

That is why I suggested it might be worth a closer look, either by reporting with the necessary data (at least the full scan log) in the FP section of their forum, OR by having a qualified malware expert assist for free with a deeper look at the system over in the malware removal section of their forum.

For the record, though, any item in quarantine can normally be restored, if such an item is later found to be a false positive.

Cheers,

daledoc1

[TheVisitor]

I believe that MBAM has hit this 'false-positive' before and was 'fixed' with an update to the database once they became aware....

[Daledoc1]

I believe that MBAM has hit this 'false-positive' before and was 'fixed' with an update to the database once they became aware....

Could very well be, but I'm not seeing anything there recently (and I am there pretty much all day/every day).
The forum would be lighting up over there, if it were...

Again, without scan logs or other diagnostic information, it's impossible to say for sure.

I am just an MBAM home user and forum volunteer there, but I would be happy to look at your SCAN log, at least to determine if you have the current malware database, etc. Instructions are below.

OR, as previously suggested, you could post over in the FP section, or the malware removal section of their forum, for more detailed help.

Without more data, and in the absence of similar reports here or there, it's pretty much speculation.

Cheers,

daledoc1
-------------

How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

• Open MBAM.
• Click on the HISTORY tab > APPLICATION LOGS.
• Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
• Click EXPORT.
• Click TEXT FILE (*.txt)
• In the "Save File" dialog box which appears, click on DESKTOP.
• In the FILE NAME box, type a name for your scan log.
• A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
• Click OK.
• Please attach the saved log to your next reply here in this thread.

[Codec]

I don't know how to attach something on here, but this is what is says.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/4/2015
Scan Time: 1:10 AM
Logfile: test.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2015.09.04.02
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Josh

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356472
Time Elapsed: 4 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Daledoc1]

Hi:

Thanks for the log.

2 things jump out:

1) It no longer detects the item reported in your original post/screenshot (so it may have been a false positive due to an outdated rules database).

2) There is something wrong either with your MBAM installation and/or the mbam-check log, because it does not properly display the MBAM version number:

Version: 0.0.0.0000
Malware Database: v2015.09.04.02
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

(As an aside, you only have MBAM set to "warn" for PUPs, rather than to automatically quarantine. That's certainly up to you, but I wouldn't want any of that crap on my own system.)

The original issue now seems to be resolved.

If you would like more help troubleshooting MBAM, then I suggest heading over to the forum and creating a new post here.
We will be happy to assist you there.

Thanks,

daledoc1