DoesNotBelong 10.8.2

v10.0.1 (12.06.2025)
- The tool now automatically cleans push notifications from Gecko based browsers: Floorp, Firefox, Waterfox, Mullvad, and LibreWolf. The information is appended to the #Files: section of the log file

v10.0.0 (12.06.2025)
- Database update - ShadyPanda Chrome and Edge extensions [1][2]

v9.9.4 (12.06.2025)

• The ADW.NeoBar.Gen detection has been renamed to ADW.Dotdo.Gen
• Database update - Phishing attachments

v9.9.3 (12.05.2025)
- ADW.NeoBar.Gen routine readded. Tested on Win10 / 11

v9.9.2 (12.05.2025)

• Database updates - Additional registry items
• Removed ADW.NeoBar.Gen routine, needs rework

v9.9.1 (12.05.2025)

• Database update - BrowserStart & ADW.NeoBar.Gen
• Minor bug fixes related to Profile 1 of Google Chrome browser

v9.9.1 (12.05.2025)

• Database update - BrowserStart & ADW.NeoBar.Gen
• Minor bug fixes related to Profile 1 of Google Chrome browser

v9.9.0 (12.02.2025)
- Database update - SysCleaner & TROJ.BTCMiner.GoogleUP

v9.8.9 (11.30.2025)
- Database update - Minor traces of previous cleanups

v9.8.8 (11.30.2025)
- Bug fix: Remove erroneous entries from Registry log

v9.8.7 (11.30.2025)

• Database update - MSStore App: SafeDomainGuardian + couple more folders checked for PE files
• Cache cleaning update: WinHTTPAutoProxySvc, winhttp

v9.8.6 (11.29.2025)

• Database update - MSStore Apps: SecuriGuard, PrivacyBrowse, SecurePass
• Miscellaneous logs / quarantine contents updated to the month of December 2025

v9.8.5 (11.29.2025)

• Database update - MSStore Apps: StealthGuard & SafeNetApp
• Translation update - Filipino

v9.8.4 (11.28.2025)
- Database update - Alumics

v9.8.3 (11.28.2025)
- Process whitelist updated - Crowdstrike and Kingsoft AV

v9.8.3 (11.28.2025)

• Process whitelist updated - Crowdstrike and Kingsoft AV

v9.8.2 (11.27.2025)

• Database update - Systemhost Python

v9.8.1 (11.26.2025)

• Database update
• AV Detection update: SpyHunter

v9.8.0 (11.23.2025)

• Database update - Wave Browser variant
• More fine-tuning on the quarantine procedure of some of the routines. e.g. an underscore was missing from the beginning of the filepath. Now they should all contain a similar naming scheme: quarantinedfile.exe

v9.7.9 (11.22.2025)

• Database update - RemoteAdmin, bin /u, Altrusis, TGMacroGEN
• The tool now also displays the contents of its quarantine folder in its Miscellaneous section of the log.

v9.7.8 (11.19.2025)

• Database update

v9.7.7 (11.18.2025)

• Database update - 'Search' variant of TROJ.BTCMiner.GoogleUP

v9.7.6 (11.16.2025)

• More fine-tuning of latest quarantine changes.
• Database update - New TROJ.Rugmi.Dormant.GEN

v9.7.5 (11.16.2025)

• More fine-tuning of latest quarantine changes.

The tool now prefers to quarantine instead of delete
Quarantine items are placed in C:\DNB_Quarantine

Items in quarantine are renamed as

Код:

_File_
@Folder@

v9.6.7 (11.12.2025)
- Database update - Bleeping goodies

v9.6.6 (11.11.2025)
- Database update - New Sys32 Heur

v9.6.5 (11.10.2025)
- Database update - Rugmi

v9.6.4 (11.08.2025)
- Database update

v9.6.3 (11.08.2025)
- Database update - New AIH check

v9.6.2 (11.07.2025)

• Database update - PSChecks
• Process whitelist updated - Rising AV

v9.6.1 (11.06.2025)

• Database update - Backdoors + Intel 2.0 Telemetry
• Other scan logs dates updated to month of November

v9.6.0 (11.05.2025)
- Database update

v9.5.9 (11.03.2025)
- Database update

v9.5.8 (11.03.2025)

• Database update
• Optimizations

v9.5.7 (11.02.2025)
- Database update

v9.5.6 (11.01.2025)

• Database update
• Process whitelist updated
• Miscellaneous check for Lightspeed Filter Agent added

v9.5.5 (11.01.2025)
- Resolved an issue with latest 25H2 Windows Update Repair module which was affecting 24H2 from being enabled.

v9.5.4 (11.01.2025)

• Database update - Reddit gatherings
• Windows Update Repair - Now offers support to 25H2 operating systems
• Fixed false positive - Shorcut LDMultiPlayer.lnk

v9.5.3 (10.31.2025)
- Database update - Java Stealer

v9.5.2 (10.30.2025)
- Database update - Fast! / PCAppStore

v9.5.1 (10.28.2025)
- Database update - Public ClientRuntime

v9.5.0 (10.28.2025)
- General improvements mostly tied to attrib.exe usage

v9.4.8 (10.26.2025)
- Database update - Backdoor.Remcos

v9.4.7 (10.26.2025)
- Database update - TROJ.BTCMiner.GoogleUP

v9.4.6 (10.25.2025)

• Database update - TROJ.BTCMiner.GoogleUP
• Removed Intel Graphics Experience Package detection

v9.4.5 (10.25.2025)
- Database update - TROJ.BTCMiner.GoogleUP

v9.4.4 (10.25.2025)
- Database update - TROJ.BTCMiner.GoogleUP

v9.4.3 (10.24.2025)
- Database update - New generic 'Temper'

v9.4.2 (10.23.2025)

• Database update - InfoForge, ScriptMaster
• Microsoft Performance Counter files are no longer deleted. Now using lodctr /r instead
• Removed provisioning packages that may have been out of place from detection

v9.4.1 (10.21.2025)

• Database update - Google extension, ValidateAdminCodeSignatures (ineffective)
• Fixed false positive - Roaming\afuwinX64 (most likely BIOS util)

v9.4.0 (10.19.2025)

• Database update - Backdoor.Remcos - Additional TwTmp check
• Removed the clearing of the CBSTemp folder due to potentially causing the script to have to enumerate more entries than anticipated

v9.3.9 (10.17.2025)
- Database update - Sys32 Dirs

v9.3.8 (10.14.2025)

• Database update - Zden, Intel Telemetry
• AV detection updated + Sophos Enterprise

v9.3.7 (10.12.2025)
- Large update on how deletions occur to increase the success rate against more stubborn files / folders.

v9.3.6 (10.12.2025)

• Database update PCAppStore
• Miscellaneous logs updated to month of October

v9.3.5 (10.11.2025)
- Database update PCAppStore ShiftBrowser. BrowserCore

DoesNotBelong Changelog
=====================

v9.3.2 (10.05.2025)
- Database update

v9.3.1 (10.05.2025)

• Improved Stage 1 - Process killing. Any console errors should now be gone. Tested on Windows 10 and 11 x64
• On newer systems without WMIC.exe, powershell.exe is now able to terminate suspicious processes impersonating legitimate files even if they include encoded UTF8 - UTF16 filepaths. This should alleviate all previous 'binary file matches' found in logs
• Fixed a bug that would occur during Packages scan. Wrong file read

v9.3.0 (10.04.2025)

• Improved Stage 1 - Process killing
• Added a link for reporting bugs via Github to the log header
• Added Donation Link line to footer of log. Donating helps me stay enthusiastic and motivated to continue finding improvements to the program
• Removed detection for font cache for now. It may return later

v9.2.9 (10.03.2025)
-Updated resource icon

v9.2.8 (10.01.2025)
-Updated database: BitCoinMiner. figmaUpdater

v9.2.7 (09.29.2025)
-Updated database: Rugmi & BitCoinMiner
-Bug fix: Database related

v9.2.6 (09.29.2025)
-Updated database

File can be found here: https://furtivex.net/docs/DNB_Changelog.txt

1. Database updates
2. Task whitelist updated

• Added translations: Scottish Gaelic & Filipino
• Added automatic cleanup for MountPoints2 registry keys.
• Added a network repair routine for a particular case of ReasonLabs DNS install
• Added Packages (AppXPackages) automatic clean up
• Added automatic cleanup and repair of Authentication Packages registry value (often used by ScreenConnect)

Код:

HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages value was missing -> restored
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages value contained extras -> restored

In the case of particular miner (TROJ.BTCMiner.GoogleUP) which breaks Windows Update functionality, the tool now stops the relevant services and a few others related to Windows Update before patching the registry for a greater chance of success. Afterwards, the services are restarted. This hopefully eliminates the need for the user to patch the registry in Safe Mode, where those services are already in a stopped state.