IslandCountyDBA

Cautiously optimistic that this has been removed. Note that we're using Malwarebytes Enterprise edition, and I have access to the Scanner tool on each infected endpoint, not the consumer version of Malwarebytes. Here's what I did. Reset the Chrome sync settings as instructed. Next, I located the infected Google directory under the user's AppData\Local folder and removed it. Tried to uninstall Chrome (even though it wasn't running) and it told me to close any Chrome windows before uninstalling. This was puzzling so I opened Task Manager. There were several chrome.exe processes running. One by one, I terminated these processes. After terminating one instance, I got a popup in the System Tray that told me that ArcadeYum had terminated. Interesting to say the least... After shutting down chrome.exe processes, I uninstalled Chrome successfully. Our firewall blocked most downloads of RKill.exe (SonicWall). I did successfully download the RKill.zip. I ran RKill twice but it did not respond in any way. Next, I realized there was no History tab in our MB Scanner tool. I did have the Malwarebytes Anti-Rootkit scanner (Beta) so I ran that instead. After a while, it finished and indicated the system was clean. I ran the Farbar Recovery Scan Tool and was unable to find the log. There were no alerts raised on the scan. I reinstalled Chrome and ran another scan. This scan came up clean. I suspect the cleaning of Chrome data combined with the uninstall/reinstall did the trick - especially since I saw a visible indication that the ArcadeYum process terminated. I'll have the user restart her computer and watch the subsequent scans to verify that the threat is really gone.

Some of your instructions don't seem to apply to our version of Malwarebytes. We're running Malwarebytes Enterprise, and each client has an agent and we launch the Scanner app. There is no History tab. That being said, I've tried a similar procedure which involves using the Malwarebytes Anti-Rootkit tool, uninstalling/cleaning Chrome and reinstalling. Will post a reply detailing the entire procedure if the subsequent scan turns up clean. Thank you.

I have a computer in our enterprise infected with PUP.Optional.ArcadeYum. The object scanned is found in the user's Chrome extensions. The official Malwarebytes removal guide indicates that the agent will automatically clean this, however, it keeps reappearing every day. Could this be because the user synchronizes her extensions with her Google account and brings it in every day? Anyone else having this problem where the threat reappears every day on the same computer, even with daily scans/quarantine/removal?

I have 2 computers in our enterprise with the threat PUP.Optional.Babylon.ChrPRST. In both cases, Malwarebytes finds the threat in C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default\Preferences. Malwarebytes "removes" this threat with its standard scan, but it keeps coming back during the next scan. I've tried CCleaner, resetting the user's Chrome settings to no avail. Tried Malwarebytes scan in safe mode, no luck either. Has anyone else successfully removed this threat? If so, how? We're mostly a Windows 7/64 bit shop...