Do I just delete whatever Malwarebytes asks to delete every time it makes such suggestions?
<~300 entries, mostly registry-related, snipped>
This is one of those questions we never think about until someone asks.
What we’re really asking is, “Do I trust my security software to make the right recommendations?”
And the answer, as it is so many times, is: it depends.
Become a Patron of Ask Leo! and go ad-free!
The concern, of course, is that your security software might mistakenly recommend that something important be deleted. It’s not an unfounded fear. While it doesn’t happen often, it has happened.
The good news is, it’s really easy to protect yourself. You can probably already guess what action might be involved.
If there’s ever even the slightest doubt, back up first. And by “back up”, I mean a full system image backup of your entire system drive (typically C:), and ideally the entire hard disk on which it resides. If you’re doing daily image backups, as I so often recommend, you’re already ready.
The issue is, we don’t know ahead of time what might be removed, or what might be important. That’s why we’re asking the question in the first place. A system image makes no assumptions. It saves everything.
If, after allowing the anti-malware software to do its job, you find something is broken, you simply restore the image and get on with your life — nothing lost except the time to perform the operations.
Trustworthy software is worthy of trust
I realize this is a kind of chicken-and-egg statement, but there’s a reason computer folks such as myself have recommendations: we’ve come to trust the software we recommend. In the case of anti-malware and security tools, that trust encompasses at least two distinct considerations:
- The security software will prevent as much malicious software as possible from doing harm.
- The security software will itself do no harm.
It’s the second one we’re concerned about today. Security software might cause performance impacts or do things like prevent some email or files from being downloaded by intrusive scanning, but at worst, they can break the system if they delete or quarantine the wrong thing in the name of “security”.
I try not to recommend software that has a history of doing that. 🙂
And yes, Malwarebytes remains a recommendation.
“Yes” is easy when you trust
Given that I trust Malwarebytes, my default answer is easy.
Yes: when it recommends something be deleted, it’s probably safe to delete it.
In this case, the list of around 300 registry entries our questioner shared were all flagged as relating to PUPS, or “potentially unwanted programs”. There’s rarely any “potential” about it; you don’t want them, and Malwarebytes Anti-malware is a tool I often recommend for its ability to ferret out and remove exactly those types of programs.
In your shoes, I’d say “Yes”, and I’d say “Yes” to whatever Malwarebytes identifies in the future.
Why do you have so many PUPs to begin with?
First, let’s be clear about at least one thing, lest you really panic: 300 discoveries by a tool like Malwarebytes does not mean you have 300 separate PUPs, or pieces of malware. My guess is you have maybe half a dozen or so. Each PUP can be responsible for any number of traces that tools like Malwarebytes identify individually and remove.
But we’re still left with the question: why do you have even those six? And if Malwarebytes is repeatedly identifying things after having run, why are things returning?
In my opinion, once security software cleans your system, the real lesson to be learned here is to stop installing software that causes PUPs to be installed, or perhaps visiting sites that cause questionable software to be downloaded and installed.
I have no way to know what those might be in any specific case, but things like accepting the default installations of downloaded software is by far the leading cause of PUPs and other malicious software. The solution? Always choose “custom install” instead, and be careful to decline any software you didn’t ask for.
In general, be more vigilant and discerning. PUPs in particular usually install with your consent, and your consent can often be implied when you take shortcuts like a default installation, or fail to read all the installation options presented.