PUP.Optional.CustomSearchBar is Malwarebytes detection name for a potentially unwanted program that hijacks the search queries on Chrome and Edge.
Users will notice a browser extension that they can’t remove in the usual way.
The remove button is greyed out and they will see a notification that tells them their browser is managed.
The browser extension gets force installed by a PowerShell script that gets triggered by a Scheduled Task every 4 hours.
PUP.Optional.ActiveSearchBar is a “removal only” detection name. Malwarebytes users are protected by the web protection module that blocks the domains that host the extensions and the scripts they use.
Malwarebytes can detect and remove PUP.Optional.ActiveSearchBar without further user interaction.
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {0F47CAEB-A771-4AB6-800F-D45CD2B91582} - System32\Tasks\MicrosoftWindowsOptimizerUpdateTask_PR1 => powershell -File C:/Windows/System32/OptimizerWindows.ps1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell “ExecutionPolicy”=”REG_SZ”, “Unrestricted”
nniikbbaboifhfjjkjekiamnfpkdieng
Select your language