Related blog content
Browser push notifications: a feature asking to be abusedAdposhel adware takes over browser push notifications administration
Adware and PUPs families add push notifications as an attack vector
PUP.Optional.PushNotifications is Malwarebytes' detection name for a large collection of domains that deploy malicious or fraudulent web push notifications on Chromium based browsers.
Web push notifications are displayed in the lower right corner of the desktop even if the browser is minimized or closed. Websites use social engineering to trick users into allowing web push notificatiosn from their domain, but most of them will show a prompt similar to this one:
Once the user has allowed the notifications the settings can be reviewed and changed under Settings > Advanced > Privacy and Security > Site settings > Notifications.
PUP.Optional.PushNotifications is a detection-only rule, but both Malwarebytes Browser Guard and Malwarebytes Premium will protect you from the sites that ask you to allow these web push notifications.
Malwarebytes can detect and remove PUP.Optional.PushNotifications without further user interaction.
A Malwarebytes log of removal will look similar to this:
Malwarebytes www.malwarebytes.com-Log Details- Scan Date: 2/19/20 Scan Time: 9:09 AM Log File: 1e3656fe-52ef-11ea-9658-00ffdcc6fdfc.json
-Software Information- Version: 4.0.4.49 Components Version: 1.0.823 Update Package Version: 1.0.19438 License: Premium
-System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username}
-Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 235896 Threats Detected: 8 Threats Quarantined: 8 Time Elapsed: 3 min, 6 sec
-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect
-Scan Details- Process: 0 (No malicious items detected)
Module: 0 (No malicious items detected)
Registry Key: 0 (No malicious items detected)
Registry Value: 1 PUP.Optional.SearchYa, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hleencoclkeflkjlikhldjhafcpdgjjd, Quarantined, 411, 791984, , , ,
Registry Data: 0 (No malicious items detected)
Data Stream: 0 (No malicious items detected)
Folder: 1 PUP.Optional.SearchYa, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HLEENCOCLKEFLKJLIKHLDJHAFCPDGJJD, Quarantined, 411, 791984, 1.0.19438, , ame,
File: 6 PUP.Optional.SearchYa, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 411, 791984, , , , PUP.Optional.SearchYa, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 411, 791984, , , , PUP.Optional.SearchYa, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HLEENCOCLKEFLKJLIKHLDJHAFCPDGJJD\1.0.0_0\MANIFEST.JSON, Quarantined, 411, 791984, 1.0.19438, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 217, 789466, 1.0.19438, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 217, 789466, 1.0.19438, , ame, PUP.Optional.PushNotifications, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 217, 789466, 1.0.19438, , ame,
Physical Sector: 0 (No malicious items detected)
WMI: 0 (No malicious items detected)
(end)
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.
Select your language