Need some advice with Malwarebytes scan results

XLR8TX · 28 Nov 2016

Recently I ran a Panda AV scan and a Malwarebytes scan. While the Panda scan found no threats; the Malwarebytes scan found 8 possible threats.

Four of the items are registry values / keys which I am wary of removing or modifying. Furthermore, I think they may be related to my Wild Tangent game app. How can I verify this?

Also, I think that these three PUPs are in fact malware and should be removed. Do you guys concur?

OpenCandy, SmartBar & StrongVault

Thanks in advance for any help.

Malwarebytes Anti-Malware

Scan Date: 11/27/2016
Scan Time: 8:38 PM
Logfile: MW Scan.txt
Administrator: No

Version: 2.2.1.1043
Malware Database: v2016.11.28.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User:

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263070
Time Elapsed: 37 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DownloadTerms, HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS, , [fda4cff64654072fbfcc33545ea450b0],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AB8BE2CF-1558-4548-9117-52234280B6D4}, , [4f52b411d9c19d99554b884b639fec14],

Registry Values: 2
PUP.Optional.DownloadTerms, HKLM\SOFTWARE\WOW6432NODE\DOWNLOADTERMS|age, 1356998400, , [fda4cff64654072fbfcc33545ea450b0]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AB8BE2CF-1558-4548-9117-52234280B6D4}|DisplayName, Snap.Do, , [4f52b411d9c19d99554b884b639fec14]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.OpenCandy, C:\Users\David\AppData\Roaming\OpenCandy, , [920f2f96306a0e28861bc8eb59a8956b],
PUP.Optional.SmartBar, c:\users\david\appdata\locallow\smartbar, , [1091cdf89efcd95d4a1befdc4ab735cb],
PUP.Optional.SmartBar, C:\Users\Eben Ezer\AppData\LocalLow\Smartbar, , [bde4f3d2f5a5de585d08438854ad59a7],
PUP.Optional.StrongVault, C:\Users\David\AppData\Roaming\Strongvault, , [bbe6a81dfaa0da5c86c34f8512ef3ec2],

Physical Sectors: 0
(No malicious items detected)

MeOnMine · 28 Nov 2016

Hi,
If you backup the registry then you can let Malwarebytes do its thing and if you find that things are not as anticipated then restore the registry and tell Malwarebytes to ignore.
The key to a PUP is the first word "Potential".

MoxieMomma · 28 Nov 2016

Hi:

Yes, it is generally safe to allow MBAM to remove what it finds.

Those detections are all PUPs (Potentially Unwanted Programs).
See here as well:
Malwarebytes gets tougher on PUPs | Malwarebytes Labs

PUPs are not malware, per se, but they are considered junk/crap and most folks do not want them on their computers.
They are typically installed either intentionally -- because the user wants the program -- or inadvertently (as some sort of bundled "freebie"along with a standard program, and the user does not opt out during installation).

Eventually, having that crap on your system can lead to more serious stuff.
I would not want any of that on my system.
(Some of them can be hard to fully remove, necessitating multiple scans with different malware removal tools or custom scripts. So I would rescan again after removal, to be sure you are clean.)

On the other hand, if you want to keep any of those (NOT recommended), you can follow the steps here.

Hope this helps,
MM