PUP.Optional.MailRu virus in Chrome?

J

jimmyjimm2020-03-13 10:25:05

Google Chrome

jimmyjimm, 2020-03-13 10:25:05

Reinstalled Windows 10, clean install. A couple of days later I check in Malwarebytes and it finds the PUP.Optional.MailRu virus located in (...)AppData\Local\Google\Chrome\User Data\Default\Web Data.
I didn’t understand at all where I had Google Chrome installed from, I didn’t install it! When I installed other programs, I always look at the checkboxes so that there is no extra.
But okay. I googled this virus and people write that this is crap from mail ru, it seems like it even steals data. And many can not remove it in any way. And I saw one comment from a person who writes that this virus blocked comments on some sites for him. And I have the same bullshit! In the Edge browser on YouTube, comments are not loaded at all, and the video quality is just disgusting, very low resolution, although it costs 720/1080. There is no issue with loading comments in Brave browser, but there is an issue with video quality. Any video in some low quality! Can you tell me what the hell is this and is it really connected with that virus? By the way, I deleted Chrome and re-checked in Malwarebytes, it no longer finds that virus, of course, but why then do browsers continue not to load comments and show videos in disgusting quality?

And another question about another virus that was found by virustotal, I scanned the installer file of the well-known Sandboxie. The check shows supposedly a Trojan "Trojan.Shelma!" and found it Yandex. All other antiviruses in the list did not find anything. Can this be considered false positive and not worry?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

asd111, 2020-03-13
@asd111

What did you put besides Windows? If you put something related to mail ru, then you will be tired of deleting it. They write their software like viruses that hide deep.
Put back chrome and make it search for malware in the settings - it's at the very bottom of the settings -> advanced. It helped me once to remove an intrusive adware that changed proxy settings and did not want to be deleted.
If it does not help, then do the usual full scan with a regular Windows antivirus and all sorts of adware removers.

F

fill-1991, 2021-10-27
@fill-1991

Using the Everything program, I found traces of Mail.Ru in the C:\Users\<username>\AppData\Local\Temp section. and when deleting, the Reg Organizer program worked, which found a shortcut (through which this crap is restored again. deleted - and yes, cleaned the Temp folder. The files stored here behave tricky: their names do not indicate that they are related to Mail.ru. Therefore it is recommended to completely delete the contents of the Temp folder. Nothing terrible will happen to other programs due to the deletion of the contents of Temp, but the temporary files of Mail.ru will be destroyed. Programs from Mail.ru can also be hidden in the Local folder itself, but they, unlike files of the Temp folder give themselves away as a name.If a folder with a distinguished name is found there, it should also be deleted.
The final touch remains: the system registry. It contains information and software settings, so sometimes Mail.ru services can be reinstalled due to this residual data. I checked - there are no traces.