Malwarebytes Infections - Quarantine or delete or both?

Genesis

Administrator
Staff member
I've been using Malwarebytes for the last year - the free version. Alongside my Kaspersky. I've had a very positive experience with the free version. Although my Kaspersky is on a regular schedule of scanning, I do a Malwarebytes thorough scan about once a month or in six weeks. Usually I have a clean scan but with my last scan Malwarebytes found a Trojan infection:

PUP.optional.superoptimzer.c

Not sure how I got it but what then intrigued me was that Malwarebytes says it is OK to keep the infection quarantined without needing to delete it. Apparently the philosophy behind it is that it could be a false positive and if deleted when it's from the registry could create some bad malfunctions if it was a false positive. With the quarantine one gets a second chance to restore it. Only need to delete it is when there are too many infections in the quarantine. So I'm following the advice and going for the quarantine only for now but wonder what others do when they are given this choice - i.e. quarantine or delete?

What also worries me is when I was checking through the Malwarebytes help forums last night, I noticed Malwarebytes friendly staff guiding those who want to delete their trojans and advising them that the script they provide is only applicable to their specific specifications. I.e. any other way of deleting could potentially be harmful to their computer system. That also made me hesitate to delete the infection on my system last night. Better to keep it quarantined and then if I reformat the hard disk maybe in a year or two from now it would die a natural death? Or did Malwarebytes when it quarantined my infection already got it organized that if I hit the delete button that there would not be any harm done to my registry? Not sure how to trust any software that fiddles with my computer registry - either the trojan or the anti-trojan script?
 
I use MS security essentials which is basically the same program. Its free.

Now as for deleting it. I guess it depends if its attached to another file or not. Some of these things will attach itself to a system file that windows will need. Unlike some older Anti virus programs that would actually clean the files. I haven't seen anything do that in awhile. I always check to see what file its attached to first before deleting now. I deleted something without checking and lost some important files. They were windows files though.

So, if they are not attached to anything, then I would say its safe to delete them
 

Genesis

Administrator
Staff member
strokerace said:
I always check to see what file its attached to first before deleting now. I deleted something without checking and lost some important files. They were windows files though.

So, if they are not attached to anything, then I would say its safe to delete them
How does one check when a file is attached? :unknown:
 
Seeing I haven't used Malwarebytes in a few years. I know with MS program, I can go to the history and it will give me a list of files it has flagged. There it also an area that gives you details and it give you the name of the file and what its infected with. It will also give the options to delete, allow or Quarantine
 

Genesis

Administrator
Staff member
The history gives me everything you mentioned, but not the file it is linked to. Just the details of the infected file and where it can be found. That's usually the first place I look when there has been an infection. I then Google the infection so I can get to know more about it.

The first "infection" that was picked up on my computer by Malwarebytes was in April. It had to do with that service where DELL Technicians can potentially read what's going on in your system so they can help you. It wasn't really an infection, but something good that could potentially be used against the computer. That one I don't think I'll ever delete. The other two that were found a few days ago are similar in kind. I guess three in quarantine are completely OK. I'll wait until I do a hard disk formatting in a year or two and they'll probably die a natural death. Although maybe that first one could come reloaded somehow. Interesting though of course was Kaspersky didn't pick up on them as they must be internal vs external vulnerabilities. Like it took someone like Malwarebytes who specializes in internal Malware to see a vulnerability that could be used as an infection on itself. They study both threats from the outside and threats that are in the design of the software of the computer.
 
What I have found over the years is a lot of these programs give false positives. So programs flag them, some ignore them as they aren't a real threat to you, your security or the machine. I also found the most Antivirus programs are giving false warnings just to make you feel safe or to get you to upgrade to a paid service.

A few years back, I had a discussion with some old hackers and programmers. They told me how there hasn't been a real virus written since 1999. So the makers of AV's didn't want to loose customers and hired a few virus coders to make up some false files. They were a bit dangerous, but no where near as harmful as they were back in the day. Now, they are writing trojans and rootkits to access your info or just to use your machine as bot for cyber attacks. AV's knew this, but didn't want to always include them in their threats of files. So, companies like Malwarebytes decided to write a program to find the annoying pain in the ass files. Ones that can use your computer in a bot network, send your private info to a spam server etc.

There was another program that was really good for that, it was called spybot search and destroy. I now stay away from known sites that use cookies and your java settings to install little bits of code to send out your browsing history. That is also why I use ccleaner to clean up my cookies and to delete those types of files that even malware and AV's miss.
 

Genesis

Administrator
Staff member
strokerace said:
That is also why I use ccleaner to clean up my cookies and to delete those types of files that even malware and AV's miss.
I've got Firefox set up that it deletes cookies after each browsing session. Does this mean there is a deeper layer of cookies that only ccleaner can reach? I always thought that when one clicked on clear all cookies that was enough. But maybe not? :unknown:
 
It not only deletes cookies, but history and other browser data that is hanging around. It also cleans up old files that weren't removed when you deleted the program. I have cleared over a gig of old files, broken short cuts and registry files that are no longer needed.
 

rrroberts

New member
Genesis:

If I remember correctly, a reformat just clears your File Allocation Table (or whatever the current incarnation is - NTFS?). Sector virus (and rootkits I believe) will survive those. To get rid of sector virus, need to do a low-level format using something like the old MS-DOS FDISK.EXE (FORMAT.COM just resets your FAT). These MS-DOS programs were available up to WinXP.

One thing I observed with these A/V and Disk Utilities s/w companies, when they were freeware or shareware, they were good. They get bought up by a major company, their s/w turns into byte manure. Two examples - Norton Utilities and McAfee.

Wow - I remember spybot from Win98 days - that was a good piece of s/w.
 

rave

New member
i am using malwarebytes too. if u found any malware then do not delete it. u use quarantine. may be it was false postive from malwarebytes.if it is false postive then it may happen that ur computer act slow if that file related to registry or anything else.if that file is still in qurantine then u can restore back.

if you see that ur computer is acting slow or some problem it giving then u can restore that file again and see if ur computer is ok now?

i also want you to check for malware if that file is really malware or false positive. u can go to http://virustotal.com

u scan that file which detected by malwarebytes.it will show all the list of antivirus who detected if it is malware or not.

the malware detected in ur pc is PUP.optional.superoptimzer.c

it is potential unwanted program which detected by malwarebytes.it consists of adware too.