DoesNotBelong 9.4.5

v9.4.5 (10.25.2025)
- Database update - TROJ.BTCMiner.GoogleUP

v9.4.4 (10.25.2025)
- Database update - TROJ.BTCMiner.GoogleUP

v9.4.3 (10.24.2025)
- Database update - New generic 'Temper'

v9.4.2 (10.23.2025)

• Database update - InfoForge, ScriptMaster
• Microsoft Performance Counter files are no longer deleted. Now using lodctr /r instead
• Removed provisioning packages that may have been out of place from detection

v9.4.1 (10.21.2025)

• Database update - Google extension, ValidateAdminCodeSignatures (ineffective)
• Fixed false positive - Roaming\afuwinX64 (most likely BIOS util)

v9.4.0 (10.19.2025)

• Database update - Backdoor.Remcos - Additional TwTmp check
• Removed the clearing of the CBSTemp folder due to potentially causing the script to have to enumerate more entries than anticipated

v9.3.9 (10.17.2025)
- Database update - Sys32 Dirs

v9.3.8 (10.14.2025)

• Database update - Zden, Intel Telemetry
• AV detection updated + Sophos Enterprise

v9.3.7 (10.12.2025)
- Large update on how deletions occur to increase the success rate against more stubborn files / folders.

v9.3.6 (10.12.2025)

• Database update PCAppStore
• Miscellaneous logs updated to month of October

v9.3.5 (10.11.2025)
- Database update PCAppStore ShiftBrowser. BrowserCore

DoesNotBelong Changelog
=====================

v9.3.2 (10.05.2025)
- Database update

v9.3.1 (10.05.2025)

• Improved Stage 1 - Process killing. Any console errors should now be gone. Tested on Windows 10 and 11 x64
• On newer systems without WMIC.exe, powershell.exe is now able to terminate suspicious processes impersonating legitimate files even if they include encoded UTF8 - UTF16 filepaths. This should alleviate all previous 'binary file matches' found in logs
• Fixed a bug that would occur during Packages scan. Wrong file read

v9.3.0 (10.04.2025)

• Improved Stage 1 - Process killing
• Added a link for reporting bugs via Github to the log header
• Added Donation Link line to footer of log. Donating helps me stay enthusiastic and motivated to continue finding improvements to the program
• Removed detection for font cache for now. It may return later

v9.2.9 (10.03.2025)
-Updated resource icon

v9.2.8 (10.01.2025)
-Updated database: BitCoinMiner. figmaUpdater

v9.2.7 (09.29.2025)
-Updated database: Rugmi & BitCoinMiner
-Bug fix: Database related

v9.2.6 (09.29.2025)
-Updated database

File can be found here: https://furtivex.net/docs/DNB_Changelog.txt

1. Database updates
2. Task whitelist updated

• Added translations: Scottish Gaelic & Filipino
• Added automatic cleanup for MountPoints2 registry keys.
• Added a network repair routine for a particular case of ReasonLabs DNS install
• Added Packages (AppXPackages) automatic clean up
• Added automatic cleanup and repair of Authentication Packages registry value (often used by ScreenConnect)

Код:

HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages value was missing -> restored
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages value contained extras -> restored

In the case of particular miner (TROJ.BTCMiner.GoogleUP) which breaks Windows Update functionality, the tool now stops the relevant services and a few others related to Windows Update before patching the registry for a greater chance of success. Afterwards, the services are restarted. This hopefully eliminates the need for the user to patch the registry in Safe Mode, where those services are already in a stopped state.

• Updated task whitelist: Microsoft Intune related tasks
• Database update

• Database update
• Added telemetry services from HP.
• The tool no longer creates a restore point. It is recommended to create your own Restore Point or volume snapshot before running the tool if you are concerned about losing something important.

• Finished adding personalized threat names to give the user a better idea of what type of infection they have. Example:

Код:

C:\Users\owner\AppData\Roaming\Microsoft\MicrosoftWeb.{7007BCC7-3202-11D1-AAD2-00E05FC1270E} (TROJ.BTCMiner.GoogleUP)

I couldn't do this everywhere due how the tool functions, but they are added where possible.

• Fixed an issue where some folders were not being deleted
• Process whitelist updated to include Emsisoft AV
• HKLM...\Winlogon [Shell] and [Userinit] values checked and repairs made
• Clearing the event viewer logs is now logged and some other logging has been revised. Example:

Код:

# Miscellaneous:

[?] AntiVirus Software: Windows Defender
[?] Event Viewer Logs were cleared
[?] Restore Point: Does Not Belong PRESCAN - Created

• Database updated

-Database update
- Optimizations done by removing a couple of redundant searches

v7.8.2+ includes a check to ensure the user is running the latest version. Fetches the update if it's available.