MBAM and AdwCleaner
MalwareBytes Anti-Malware (MBAM) is one of my favorite go-to programs for finding the bad guys on my computer. They have a great reputation for being able to not only find, but ultimately remove, malware. Finding it is one thing; being able to remove it is quite another, and they seem to excel in that area.
Apparently, AdwCleaner is now a part of MBAM. Given my good feelings and trust regarding MBAM, and how they’ve embraced AdwCleaner, I can only expect the best from this utility.
Mixed Feelings
AdwCleaner is a free, portable utility that removes Possibly Unwanted Programs (PUPS) from your computer. It goes further in that it scans the Windows Registry and internet browser entries on your computer. Paranoia sets in and before running this little puppy, a System Restore Image was created. You know, just in case things go awry.
Note: If you’d like to learn more about System Restore, go to this System Restore – A Layman’s Guide article right here on DCT.
Running the Utility
Here are the results of the initial scan:
Incidentally, I found out that on successive runs, if it doesn’t find something in a particular category, those tabs are no longer shown. You’ll see an example of that a bit later in this post.
Anyway, Adwcleaner found 21 “bad” things on my system. That includes Registry entries, Folders, and Firefox. I found out later the Firefox problem involved an Add-on that I particularly like. Unfortunately, AdwCleaner does not tell me why it’s bad, just that it is, somehow.
At this point, I have the option of clicking the Clean button. I don’t really know what that means at this point, but I’m about to find out and it’s not all good.
You’ll notice in the above image that Auslogics is mentioned several times. So is Thunder Network. I have an Auslogics defrag program installed on the system. I don’t really need it anymore because, with one exception, my drives are all Solid State. The Thunder Network is an ominous-sounding thing and a complete mystery, and I don’t know how it got on my computer nor what it is. (I’ll have to check into that little nightmare later.)
Take note of the FreeRIP and FreeMake entries. I’ll talk about those in a minute. (I always thought they were suspect anyways, so no big deal if I lose them. They are useful, nevertheless, and I’d re-install them if ever needed again. I’m brave that way– it has to do with backups and such, and that whimsical, youthful sense of invincibility which I’ve never quite lost. And backups.)
Punching the Clean Button
OK, I got brave and hit the Clean button. AdwCleaner took a little time doing its thing, then I got a results window:
I’ll play along. I restarted my computer by clicking the overpowering, irresistible OK button.
Upon my return to the Windows environment, an on-screen report ended up being a text file showing me what it had done. You don’t really need to see that because I’m going to tell you using three short bullets:
- It deleted the Auslogics Defrag program,
- It deleted the FreeRIP program,
- And it deleted the FreeMake program
Honestly, shouldn’t a quality utility warn me before it deletes programs/utilities I happen to use? I don’t want to hear about a removal process after the fact. I want to know what and why! And I most certainly want to know about it before it happens! And have the option to change my mind! C’mon, MBAM– you’re better than this!
The Niggling Firefox Issue
There was one little thing left that bothered me and I still don’t know if it’s a good thing or a bad thing. Imagus. Imagus is a Firefox Add-on that AdwCleaner didn’t like for some reason. It never told me why, though.
That is the problem– I don’t know why AdwCleaner doesn’t like this Add-on. Sorry, but I’m going to keep it. Incidentally, this entry was in the first run of the utility and wasn’t removed– even after a re-boot. Now, why is that? Perhaps it doesn’t have the sophistication to edit the Firefox preferences file? Maybe it is written to have the common sense not to do so? I don’t know, but I’m happy it didn’t tamper with it. I really like Imagus.
For those of you who may be interested, Imagus enlarges images by simply hovering over them with the mouse. Since I use images a lot, it saves me a bunch of mouse-clicks. A simple thing really, but anything that saves me an additional click makes me happy. Look at it this way– if you save yourself 10,000 clicks over a period of 10 years, you will have that much more time for beer and/or women and the other wonderful things in life. It’s worth it… really! At my age, every click counts!
Final Thoughts
AdwCleaner seems like it means well but hasn’t matured yet. If you are going to delete programs on my computer, I want to know all the “whys” and “what-fors”. And I want to know before I click the damn “Clean” button, for sure!
I still have to look into that mysterious Thunder Network thing, though. Hmmm… it’s probably not something I would have known about had it not been for AdwCleaner, so there are positive sides to this. I didn’t have to hit the Clean button to find this out since it was in the original list of “bad things”.
Thank heaven for System Restore and backups. The strong suggestion here is that you use and abuse them,
Richard
—
Well …… not for nothing Freemake doesn’t belong on anyone’s system and ADW rightfully so removed it from your system. I have had this argument with Freemake’s developers a while back.
While in the state received with it’s download, OpenCandy may be harmless, but put it in the hands of someone malicious enough, it can be detrimental to ones system. Freemake (and there are other software developers) need to develop a way to package their software without OpenCandy.
with OpenCandy ……..sorry for the typo
Hi Ed,
I agree and don’t like OpenCandy, either.
It’s an occupational hazard for me. I have to install/uninstall lots of software. It all gets run through various AV programs before installation. And I use System Restore points and always have backups at the ready.
For those reasons I would once again install FreeMake should I need it again. Even with the OpenCandy problem.
You are right, though, to suggest it is not the best of ideas,
Richard
Richard, I hear you. Any software that wants to remove other software without informing me first, is not the software I want or need on my computers. Need to check this MBAM connection, Mindblower!
Yep, I hope MBAM works on this utility a bit. It seems to have possibilities.
Imagus is nice. Thanks for intro.
Everyone is talking like this is brand new software, it has been around quite a while, Malwarebytes just bought it from Xplode and re-branded it with their name.
I have been using it quite a while, long before Malwarebytes purchased it, now as far as I know, I haven’t used the Malwarebytes version yet, but the version(s) by Xplode would not delete or remove anything unless you gave it confirmation by placing check marks next to what you wanted removed.
I have just downloaded the Malwarebytes version, and just as I thought, you have to check mark or not check what you want and don’t want removed.
Nothing is perfect and there are times it will find false positives, just like anything else, you just have to exercise common sense. So if it is removing something you really don’t want removed, that would be the users fault for leaving it checked.
This is a good tool, even though nowadays it doesn’t find anything but the occasional registry key that needs to be removed by some cheap software I have been playing with, but in the past there was a time when it really save my butt.
Hi Ed,
The Check Boxes are nice, but I have a problem making sound decisions when I don’t have all the information.
I honestly never expected an Adware utility to uninstall entire programs. Worst case, it should have quarantined the offending library and given me the chance to undo that action.
I’ve got to stick to my guns on this one. More information is the order of the day,,
Richard
Maybe a link to MBAM showing your frustration with their lack of progress might help grease the wheels.
I tried the program and all it found were these errors.
[-] Key deleted: HKU\S-1-5-21-2092232022-2898144859-4031430584-1001\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
Since I have MBAM Pro running, I’m wondering how this was not delected and removed as are pups, since these keys are quite old, Mindblower!
Hi Mindblower,
As usual, you have nailed it. MBAM Pro should have notified you of these issues without the use of yet another Adware cleaner.
In my previous reply, I should have included Registry entries in the recoverable list.
It is difficult to understand,
Richard
Next to Malwarebytes, this is one of the main programs I run when cleaning someone’s computer and my policy is to delete what it finds. The free version of Auslogics Defrag (version 7) has a tab there called Software of the day. So it seems to be adware supported. That is what might be triggering the scanner.
A few days ago I contacted their support about this …
Q/ The program already detected folders and registry keys related to programs belong to SuperEasy and Slimware.
Since the last version (6.040), it also reports as malware traces of Auslogics and Wise.
Is this all normal, while these programs are considered by most antiviruses (via VirusTotal for example) as clean.
R/Thank you for inquiring about our PUP detection. We have flagged the programmes because they meet the standards set out in our PUP policy: http://www.malwarebytes.com/pup.
Whist we believe the detections are accurate, we understand that you may wish to use the detected programmes. If you intentionally installed and wish to keep the programmes, the associated items can be unchecked before running the Clean function – this will prevent AdwCleaner from removing the programmes.
Hi Belga,
Thank you for doing a little research on this point.
Ultimately, I must admit that I underestimated the impact of running AdwCleaner on the checked items. For whatever reason, I didn’t expect the entire program to be uninstalled without further notice. The result was a bit shocking to me at first.
It has now become clear to me that is the case and, perhaps, I should have mentioned it in the post.
Thanks again for taking the time to look into this and sharing your results with the rest of us,
Richard
Hi Richard,
I received a new message from them in answer to this question : “this way the same traces are presented again on each scan”.
R/Future versions of AdwCleaner may allow detected items to be added as permanent exclusions. For now, if you do not wish to have AdwCleaner remove the programme, unchecking the associated items is your best option.
Hi Belga,
It would be a big help if they added that feature. It’s a step in the right direction,
Richard
Not to be outdone by the newest member of the family, the newest version of Malwarebytes Pro now quarantines Auslogics and will delete it if you’re not careful.
I just ran Malwarebytes Pro 3 and it listed about 12 different keys and programs for Auslogics. What a pain. The only adware that I’ve ever noticed on my Auslogics free is for Auslogics itself.
I’m seriously considering bagging Malwarebytes Pro. No way should it be tagging a widely used, well-respected program like Auslogics.
I ran AdwCleaner a few times several months ago, and discovered very quickly that several of my installed programs were broken after running it. Reinstalling the broken programs fixed them until I ran AdwCleaner again. Not having any idea what AdwCleaner was deleting, nor when it was deleting, the simple answer was to remove AdwCleaner and run swiftly away from it. Thus done, I don’t have that problem any more. The cost of having “malware” removed that easily was not worth the price of losing some of my installed programs. I really hope Malwarebytes’ reputation doesn’t get burned by this piece of garbage. They are much too good to have that happen.
Hi Gene,
I don’t know if I’d go so far as to call it “garbage”, but I do agree it needs some interface work.
A little heads-up before a program removal would be a nice touch for starters,
Richard
I love AdwCleaner by Malwarebytes and have used it for years. Most of the time it finds nothing on my system because I run it once a month or so. I recall when I first used it, it found quite a few PUP’s. Nice tool and unobtrusive….not to mention it’s free. I also utilize (JRT), Junkware Removal Tool…also free and very good.
I’ve used it for a couple of weeks.
Today it told me I had 8 item, 8 PUP.
Most off them related to IObit Malware Fighter.
I’ve uninstalled that one earlier.
Ok – pushing the CLEAN-button.
The AdwCleaner how: Cleaning folders…but never finished…
Never is about 1 hour, no progress after about 15 seconds.
I’ve stopped using it.
I too am looking for a Feedback Forum where I can tell Malwarebytes what happened today using their purchased ADW Cleaner. That I have used a few times before. It booted back up to a blue Test Build page. That only moved after much toggling with the Mouse. Did this a few times. Certain Programs were destroyed.
My Broadband Internet Connection was totally severed. Cycling Modem and Router in order did nothing. Administration Tools/Services Restarts did nothing. Windows Firewall got shutdown. Couldn’t Restart.
Finally after trying all I knew to do, System Restore/Win7/Pro64 bit did the trick.
What happened here that clicking Clean on ADW should wipe out my Os’s function on Restart?
Hi PreachJohn,
Let’s take one thing at a time, shall we?
I don’t understand what “toggling with the mouse” means.
Honestly, I have no idea what you did to make it work, but I’m glad you found a solution, 🙂 At least, I think you did.
Richard
Since this topic is being resurrected (so to speak), decided to take another look and test it out. Just doing the registry scan revealed something interesting. Extract below
“PUP.Optional.SpyHunter, [Key] – HKLM\SOFTWARE\EnigmaSoftwareGroup”
I do have this key but nothing is set. Must be a leftover that never got uninstalled. Remember trying out SpyHunter and find it strange that AdwCleaner would be the only new software to find a tract existence of something harmless. A silly observation might be that since both detect pups, they can also spot the competition, Mindblower!