DoesNotBelong Changelog ===================== v11.5.4 (06.14.2026) - Services update - Rewrite completed v11.5.3 (06.13.2026) - Critical issue regarding services found and fixed - https://github.com/furtivex/DoesNotBelong-Issues/issues/6 - Database update - +Minor various v11.5.2 (06.13.2026) - Database update - +Minor various v11.5.1 (06.08.2026) - Database update - +Minor various v11.5.0 (06.07.2026) - Database update - +Minor various - Caches update - rewrites 2/? v11.4.9 (06.06.2026) - Database update - +Minor Rugmi v11.4.8 (06.05.2026) - Database update - +Minor Rugmi - Caches update - +New Outlook v11.4.7 (06.05.2026) - Database update - Minor - Whitelists update - +Emsisoft v11.4.6 (06.04.2026) - Found and fixed a console bug - Database update - Medium v11.4.5 (06.03.2026) - Database update - +Rugmi, +SweetLabs v11.4.4 (06.03.2026) - Database update - +DcomLaunch malware tampering check v11.4.3 (06.02.2026) - Database update - Minor various & finetuning - Cache update - Roblox UniversalApp added - variant of Microsoft Edge WebView2 - Processes (Stage 1) scanner got an update. It should aid by listing the filepath particular processes were located. It will only attempt to close their processes for now. It does not quarantine their files unless it's known by the tool. This should help me add entries faster by not having to sift through as many logs. v11.4.2 (05.31.2026) - Database update - Minor various - Miscellaneous logs updated to month of June 2026 - Logs from MinerSearch by Blender are added v11.4.1 (05.29.2026) - Database update - +Rugmi, +RISK.NetSupport.Gen v11.4.0 (05.25.2026) - Improved logic: Registry startup scan v11.3.0 (05.25.2026) - New logic: Registry startup scan v11.2.9 (05.22.2026) - Database update - Minor various v11.2.8 (05.22.2026) - Database update - Minor various v11.2.7 (05.21.2026) - Database update - +TROJ.BTCMiner.GoogleUp +RISK.NetSupport.Gen +AdBlock360 v11.2.6 (05.19.2026) - Database update - Medium various - Optimization update - Caches update - Additional Temporary Internet Files folder v11.2.5 (05.17.2026) - Database update - +RISK.NetSupport.Gen, +Adware.WorldWideWeb - Miscellaneous logs update - AdwCleaner logs added v11.2.4 (05.16.2026) - Adjusting variables, removed some unused ones. v11.2.3 (05.15.2026) - Database update - +TROJ.BTCMiner.GoogleUP - Stopped using wmic.exe to gather OS details v11.2.2 (05.13.2026) - Database update - +Rugmi v11.2.1 (05.12.2026) - Database update - +OneBrowser variant, +other legit file imposters v11.2.0 (05.11.2026) - Database update - +Adware.WorldWideWeb +MysteriumVPN - Task whitelist updated - MDMMaintenenceTask. Hoping this concludes Enterprise related tasks... v11.1.9 (05.10.2026) - Database update - Heuristics for Adware.WorldWideWeb updated v11.1.8 (05.09.2026) - Improvements to Stage 3 - Task Scheduler v11.1.7 (05.09.2026) - Database update - WaveBrowser variant, TecnoPcManager, iTubeGo - Process whitelist updated - SecurityHealthHost - Task whitelist updated - Tpm-PreAttestationHealthCheck v11.1.6 (05.08.2026) - Database update - Minor various - Found and fixed a typo - Pale Moon v11.1.5 (05.07.2026) - Database update - +Rugmi - Task whitelist updated - Focus on enterprise related tasks v11.1.4 (05.06.2026) - Database update - +Rugmi v11.1.3 (05.05.2026) - Bug fixes - Found a couple that may have been preventing tool from completing successfully v11.1.2 (05.05.2026) - Database update - -RenPy v11.1.1 (05.04.2026) - Database update - Minor various - Misc logs updated to the month of May 2026. v11.1.0 (05.03.2026) - Database update - +Fake conhost and MoUsoCoreWorker malware v11.0.9 (05.03.2026) - Database update - +Rugmi, -Copilot and Cortana traces that are protected v11.0.8 (05.02.2026) - Database update - TROJ.BTCMiner.John - Browser update - Pale Moon (Firefox fork) is now also supported v11.0.7 (04.29.2026) - Database update - Minor various - Many of the Spyware.PasswordStealer.Gen detections are renamed to RISK.NetSupport.Gen. Sorry for the anxiety this may have caused... - The RISK.NetSupport.Gen heuristics have been updated to also catch .dll files. v11.0.6 (04.27.2026) - Database update - Minor various v11.0.5 (04.27.2026) - Database update - Powershell heuristic modifications, +RasManSvc - Attempting to address log file name errors by removing wmic.exe usage - Minor adjustments to keep encoding consistent v11.0.4 (04.26.2026) - Database update - +Powershell v11.0.3 (04.26.2026) - Database update - +Rugmi, +RenPy, +NetSupport, -AmneziaWG (VPN?) v11.0.2 (04.25.2026) - Database update - +Spyware.PasswordStealer.Gen - Log updates - Attempts to improve the final output log. A current issue is that the console may show ? characters. Will continue to monitor and attempt to improve the console and log. v11.0.1 (04.24.2026) - Database update - +Rugmi - Log updates - Attempts to improve the final output log. A current issue is that the console may show ? characters. Will continue to monitor and attempt to improve the console and log. v11.0.0 (04.23.2026) - Database update - +TROJ.BTCMiner.GoogleUP - Process whitelist update - +Webroot - Services repair routine updated (TROJ.BTCMiner.GoogleUP) v10.9.9 (04.22.2026) - Task whitelist updated - +Intune - Database update - +Rugmi, +uTorrentClients v10.9.8 (04.20.2026) - Database update - +Office Telemetry, GigaByte AI, new heuristics, +OneLaunch - Cache update - +Office - Process whitelist update - +Webroot - Antivirus detection update - +Webroot v10.9.7 (04.19.2026) - Database update - +Spyware.PasswordStealer.Gen, +Adware.WorldWideWeb - Packages scan slightly improved - Caches update - Prefetch folder has been included - The version of the tool now also appears in the window title v10.9.6 (04.18.2026) - Database update - +Rugmi, -CCleaner7 v10.9.5 (04.15.2026) - Database update - +Chrome extensions v10.9.4 (04.15.2026) - Database update - +Rugmi v10.9.3 (04.14.2026) - Optimization update - Files scan speed improved - Technician update - The tool now lists the present month's FRST and Addition logs and is appended to the Miscellaneous section v10.9.2 (04.14.2026) - Database update - +Rugmi v10.9.1 (04.12.2026) - Database update - +MrBeast (powershell) - Language update - Minor fixes to LanguageWord to include parenthesis v10.9.0 (04.11.2026) - Database update - +Spyware.PasswordStealer.Gen v10.8.9 (04.11.2026) - Database update - +Rugmi v10.8.8 (04.09.2026) - Browser update - Added support for Zen (Firefox fork) web browser v10.8.7 (04.08.2026) - Database update - +Rugmi, +Copilot, -CCleaner7 v10.8.6 (04.06.2026) - Database update - Adware.WorldWideWeb v10.8.5 (04.05.2026) - Database update - Rugmi - Process whitelist update - Crowdstrike - Optimization update - Stage 1 (terminate processes) improved v10.8.4 (04.03.2026) - Database update - BitcoinMiner v10.8.3 (04.03.2026) - Fixed false positive? - Anwendungsdaten (German ApplicationData within ProgramData) folder - Fixed false positive - NvContainerRecovery.bat (NVIDIA) - Database update - Adblock360, BitcoinMiner, ScreenConnect - Technician updates - New data is included to help troubleshooting sluggishness / crashes. Boot Times reworked. Warning if generic video driver and more v10.8.2 (03.31.2026) - Database update - Adware.WorldWideWeb v10.8.1 (03.31.2026) - Technician update - The tool will now report if Microsoft Basic Display Adapter was detected to the Miscellaneous section of the log - Tracking of miscellaneous log files were updated to the month of April 2026 v10.8.0 (03.31.2026) - Database update - Rugmi - Antivirus detection update - Quick Heal - False positive fixed - MacroscopConfig - Process whitelist improved - Kaspersky related process if KES is installed v10.7.9 (03.29.2026) - Database update - Bitcoinminer v10.7.8 (03.29.2026) - Database update - Bitcoinminer v10.7.7 (03.29.2026) - Database update - ScreenConnect variant, Spyware.PasswordStealer.Gen, Chromnius, Adware.WorldWideWeb v10.7.6 (03.28.2026) - Database update with a focus on WMI hijacks. v10.7.5 (03.27.2026) - Database update - The tool now also attempts to resolve issues with KB5079473. If anomalies are found, they will contain 'KB5079473 bug?'. A fairly thorough network reset is also performed if found and this portion is output to the Miscellaneous section of the log v10.7.4 (03.26.2026) - Database update: Rugmi, clearing of proxy settings v10.7.3 (03.25.2026) - Database update: Spyware.PasswordStealer.Gen v10.7.2 (03.22.2026) - Database update v10.7.1 (03.19.2026) - Database update: Rugmi v10.7.0 (03.16.2026) - Language update: Persian and Portuguese (Portugal) are added. This makes 30 languages supported - Database update: Spyware.PasswordStealer.Gen v10.6.9 (03.14.2026) - Database update: Xiansearch v10.6.8 (03.13.2026) - Removed false positive: LetsView software v10.6.7 (03.13.2026) - Database update - MinerJohn - Additional cleaning of custom proxies v10.6.6 (03.11.2026) - Database update v10.6.5 (03.07.2026) - Improvements to Services scan - Some registry scans related to Win 7 - Win 8.1 have been removed v10.6.4 (03.07.2026) - Database update v10.6.3 (03.06.2026) - Database update v10.6.2 (03.03.2026) - Database update - Rugmi, ScreenConnect variant - Removed some checks that weren't yielding many results - Sightly improved Registry Scan v10.6.1 (03.02.2026) - Miscellaneous logs gathering updated to March 2026 - Removed Sophos Scan & Clean from Miscellaneous log tracking (inactive tool) - Database update - Rugmi v10.6.0 (02.27.2026) - Database update - Rugmi v10.5.9 (02.25.2026) - Task whiteliste updated: Microsoft\Windows\WlanSvc\CDSSync v10.5.8 (02.23.2026) - Bug fix: belenaEtcher cache is now properly identified and cleared. v10.5.7 (02.23.2026) - Database update - PwdStealer from Reddit v10.5.6 (02.21.2026) - Database update v10.5.5 (02.21.2026) - Database update: Lamewslservice. Also renamed this to Spyware.PasswordStealer.Gen v10.5.4 (02.20.2026) - Database update: Lamewslservice, CoPilot package - Cache update: BelenaEtcher is now supported v10.5.3 (02.20.2026) - Database update: Lamewslservice, Rugmi - Cache update: Removed DawnCache and more v10.5.2 (02.20.2026) - Database update: Lamewslservice, EPSON Telemetry v10.5.1 (02.18.2026) - Maintenance update v10.5.0 (02.17.2026) - Database update: Adware.DotDo v10.4.9 (02.14.2026) - Database update: Python malware, Rugmi - Cache cleaning update: NVIDIA caches v10.4.8 (02.14.2026) - Database update: LOLMiner v10.4.7 (02.14.2026) - Updated antivirus detections - Database update: Chrome credential stealing extensions, RemotePC Host v10.4.6 (02.12.2026) - Bug fix: Fixed issue with tool prematurely closing during Scanning Files stage v10.4.5 (02.10.2026) - Database update - Node.js malware v10.4.4 (02.10.2026) - Database update - Rugmi, Lamewslservice v10.4.3 (02.08.2026) - Database update - WinV Miner v10.4.2 (02.07.2026) - Database update - Rugmi, NVIDIA CloudAgent v10.4.1 (02.06.2026) - Database update - Rugmi - Tool now enumerates current month's 'AutoLogger' logs by regist & Drongo and appends to Miscellaneous section of DNB. v10.4.0 (02.04.2026) - Improvements to Cache scan -- Chromium browsers are now cleaned more robustly throughout the system. Supports offline user accounts and more than 3 profiles (old method). Results are appended to the Cache portion of the log. v10.3.8 (02.03.2026) - Database update - Rugmi - False positive fixed: CoolerMaster -- A heuristic rule was incorrectly quarantining portions of the software as BKDR.ZeuS. v10.3.7 (02.01.2026) - Database update - Rugmi - Miscellaneous logs updated to Feb 2026 - Added Windows Repair services support for 20H2 (Win10) v10.3.6 (01.31.2026) - Improvements to patching Windows Update services on 25H2 PCs if impacted by TROJ.BTCMiner.GoogleUP v10.3.5 (01.28.2026) - Database update: Unknown malware hiding in NVIDIA intcache v10.3.4 (01.27.2026) - Database update: Rugmi v10.3.3 (01.27.2026) - Improvements to Internet scanner + Supported browsers: Edge, Chrome, Brave, Chromium, Yandex, Comodo Dragon, Vivaldi, Opera, Firefox, Floorp, Waterfox, LibreWolf, and Mullvad ++ In Chromium browsers, sync is disabled (you shouldn't be signed out) and exceptions related to notifications, camera, mic, popups, and geolocation are also restored to defaults (none). ++ In Gecko browsers, only push notifications are removed. - Bug fix: ShadyPanda extensions were not being scanned in Google Chrome - Database update: Rugmi & Tsunami Injector - All translations updated to support latest Internet scan updates - Removed 'Drivers' section of log and replaced it with a 'Browsers' section. This section lists the filepaths of the browsers found on the system. v10.3.2 (01.26.2026) - Database update - Tsunami Injector v10.3.1 (01.25.2026) - Database update: LimeRAT - The tool will now also clear the cache from Overwatch game - New heuristic: Python malware v10.3.0 (01.24.2026) - Database update: Additional directories checked for executables v10.2.9 (01.23.2026) - Database update: Rugmi v10.2.8 (01.19.2026) - Database update: RedLine v10.2.7 (01.18.2026) - Database update: BitCoinMiner, AUPStartup directory v10.2.6 (01.17.2026) - Database update - IObit, CCleaner 7, BitCoinMiners v10.2.5 (01.13.2026) - Database update - IObit's Driver Booster, Toward Chromium v10.2.4 (01.11.2026) - Database update - Meta Horizon / Oculus RemoteDesktopCompanion. IObit's Advanced SystemCare v10.2.3 (01.10.2026) - Database update - Discord Game Stealer v10.2.2 (01.09.2026) - Database update - PremierOpinion v10.2.1 (01.08.2026) - Database update - Various - Removed Kingsoft and Crowdstrike from processes whitelist v10.2.0 (01.04.2026) - Database update - TROJ.BTCMiner.GoogleUP, Alructisit v10.1.9 (12.30.2025) - Database update - TROJ.BTCMiner.GoogleUP, Lavasoft - Process whitelist updated - May resolve some issues for Windows 7 users -- untested. - Miscellaneous logs updated to track January 2026 logs of interest v10.1.8 (12.25.2025) - Database update - Hoster miner - Bug fix: The tool wasn't being translated for Polish users due to minor typo in code. This has been fixed v10.1.7 (12.21.2025) - Database update - Backdoor.Quasar v10.1.6 (12.21.2025) - Database update - Backdoor.Remcos, Copilot v10.1.5 (12.20.2025) - Database update - Adware.WorldWideWeb v10.1.4 (12.19.2025) - Database update - Backdoor.Remcos v10.1.3 (12.19.2025) - Process whitelist updated - Sophos HitmanPro Alert - General improvements to processes scan to reduce friction between different configurations. v10.1.2 (12.19.2025) - Database update: TROJ.BTCMiner.GoogleUP new variant + Adware - Bug fix: Output related. In certain areas of the log, Firefox and Yandex were identified as Brave. These have been corrected - New information appended to Miscellaneous section: Boot Duration - last 3 events v10.1.1 (12.17.2025) - Database update: TROJ.BTCMiner.GoogleUP new variant v10.1.0 (12.16.2025) - New heuristic: LocalNetSolutions v10.0.9 (12.15.2025) - Database update - OneBrowser++ v10.0.8 (12.13.2025) - Database update - PUPs - Pulled some of Microsoft telemetry services / sys32 files. Files seem protected, at least on 25H2. v10.0.7 (12.12.2025) - Database update v10.0.6 (12.09.2025) - Removed bitsadmin.exe usage as per Issue #3: https://github.com/furtivex/DoesNotBelong-Issues/issues/3 v10.0.5 (12.09.2025) - Corrections to some of the languages: Dutch (Thanks to Maxstar), German (Thanks to M-K-D-B), Polish (Thanks to Picasso), and Russian (Thanks to Dragokas) - Database update: MBAM goodies v10.0.4 (12.08.2025) - Support for these languages have been added: Basque, Hungarian, Indonesian, Romanian, Ukrainian, Vietnamese v10.0.3 (12.07.2025) - Database update - AmdUpdaterLegacy (reddit) v10.0.2 (12.07.2025) - Database update - Reddit goodies - The Windows Update Repair routine has been enhanced and updated to include support for Windows 10 21H2 - Minor adjustments to the new Gecko browser cleanup v10.0.1 (12.06.2025) - The tool now automatically cleans push notifications from Gecko based browsers: Floorp, Firefox, Waterfox, Mullvad, and LibreWolf. The information is appended to the #Files: section of the log file v10.0.0 (12.06.2025) - Database update - ShadyPanda extensions v9.9.4 (12.06.2025) - The ADW.NeoBar.Gen detection has been renamed to ADW.Dotdo.Gen - Database update - Phishing attachments v9.9.3 (12.05.2025) - ADW.NeoBar.Gen routine readded. Tested on Win10 / 11 v9.9.2 (12.05.2025) - Database updates - Additional registry items - Removed ADW.NeoBar.Gen routine, needs rework v9.9.1 (12.05.2025) - Database update - BrowserStart & ADW.NeoBar.Gen - Minor bug fixes related to Profile 1 of Google Chrome browser v9.9.0 (12.02.2025) - Database update - SysCleaner & TROJ.BTCMiner.GoogleUP v9.8.9 (11.30.2025) - Database update - Minor traces of previous cleanups v9.8.8 (11.30.2025) - Bug fix: Remove erroneous entries from Registry log v9.8.7 (11.30.2025) - Database update - MSStore App: SafeDomainGuardian + couple more folders checked for PE files - Cache cleaning update: WinHTTPAutoProxySvc, winhttp v9.8.6 (11.29.2025) - Database update - MSStore Apps: SecuriGuard, PrivacyBrowse, SecurePass - Miscellaneous logs / quarantine contents updated to the month of December 2025 v9.8.5 (11.29.2025) - Database update - MSStore Apps: StealthGuard & SafeNetApp - Translation update - Filipino v9.8.4 (11.28.2025) - Database update - Alumics v9.8.3 (11.28.2025) - Process whitelist updated - Crowdstrike and Kingsoft AV v9.8.2 (11.27.2025) - Database update - Systemhost Python v9.8.1 (11.26.2025) - Database update - AV Detection update: SpyHunter v9.8.0 (11.23.2025) - Database update - Wave Browser variant - More finetuning on the quarantine procedure of some of the routines. e.g. an underscore was missing from the beginning of the filepath. Now they should all contain a similar naming scheme: _quarantinedfile.exe_ v9.7.9 (11.22.2025) - Database update - RemoteAdmin, bin /u, Altrusis, TGMacroGEN - The tool now also displays the contents of its quarantine folder in its Miscellaneous section of the log. v9.7.8 (11.19.2025) - Database update v9.7.7 (11.18.2025) - Database update - Search variant of TROJ.BTCMiner.GoogleUP v9.7.6 (11.16.2025) - More finetuning of latest quarantine changes. - Database update - New TROJ.Rugmi.Dormant.GEN v9.7.5 (11.16.2025) - More finetuning of latest quarantine changes. v9.7.4 (11.16.2025) - More finetuning of latest quarantine changes. Fixed most MOVE quirks as of this release - Database update v9.7.3 (11.16.2025) - More finetuning of latest quarantine changes. - Database update v9.7.2 (11.16.2025) - More finetuning of latest quarantine changes. - Database update - Removed the checks of Google Drive Desktop, 7zip, SamuatraPDF, UniGetUI. Lightspeed Internet Filter remains. v9.7.1 (11.15.2025) - More finetuning of latest quarantine changes. v9.7.0 (11.15.2025) - Major rewrite. A lot of the core functions were rewritten to increase performance and simplicity - The tool now quarantines items it finds and places them into C:\DNB_Quarantine folder. - Removed some icacls usage v9.6.7 (11.12.2025) - Database update - Bleeping goodies v9.6.6 (11.11.2025) - Database update - New Sys32 Heur v9.6.5 (11.10.2025) - Database update - Rugmi v9.6.4 (11.08.2025) - Database update v9.6.3 (11.08.2025) - Database update - New AIH check v9.6.2 (11.07.2025) - Database update - PSChecks - Process whitelist updated - Rising AV v9.6.1 (11.06.2025) - Database update - Backdoors + Intel 2.0 Telemetry - Other scan logs dates updated to month of November v9.6.0 (11.05.2025) - Database update v9.5.9 (11.03.2025) - Database update v9.5.8 (11.03.2025) - Database update - Optimizations v9.5.7 (11.02.2025) - Database update v9.5.6 (11.01.2025) - Database update - Process whitelist updated - Miscellaneous check for Lightspeed Filter Agent added v9.5.5 (11.01.2025) - Resolved an issue with latest 25H2 Windows Update Repair module which was affecting 24H2 from being enabled. v9.5.4 (11.01.2025) - Database update - Reddit gatherings - Windows Update Repair - Now offers support to 25H2 operating systems - Fixed false positive - Shorcut LDMultiPlayer.lnk v9.5.3 (10.31.2025) - Database update - Java Stealer v9.5.2 (10.30.2025) - Database update - Fast! / PCAppStore v9.5.1 (10.28.2025) - Database update - Public ClientRuntime v9.5.0 (10.28.2025) - General improvements mostly tied to attrib.exe usage v9.4.8 (10.26.2025) - Database update - Backdoor.Remcos v9.4.7 (10.26.2025) - Database update - TROJ.BTCMiner.GoogleUP v9.4.6 (10.25.2025) - Database update - TROJ.BTCMiner.GoogleUP - Removed Intel Graphics Experience Package detection v9.4.5 (10.25.2025) - Database update - TROJ.BTCMiner.GoogleUP v9.4.4 (10.25.2025) - Database update - TROJ.BTCMiner.GoogleUP v9.4.3 (10.24.2025) - Database update - New generic 'Temper' v9.4.2 (10.23.2025) - Database update - InfoForge, ScriptMaster - Microsoft Performance Counter files are no longer deleted. Now using lodctr /r instead - Removed provisioning packages that may have been out of place from detection v9.4.1 (10.21.2025) - Database update - Google extension, ValidateAdminCodeSignatures (ineffective) - Fixed false positive - Roaming\afuwinX64 (most likely BIOS util) v9.4.0 (10.19.2025) - Database update - Backdoor.Remcos - Additional TwTmp check - Removed the clearing of the CBSTemp folder due to potentially causing the script to have to enumerate more entries than anticipated v9.3.9 (10.17.2025) - Database update - Sys32 Dirs v9.3.8 (10.14.2025) - Database update - Zden, Intel Telemetry - AV detection updated + Sophos Enterprise v9.3.7 (10.12.2025) - Large update on how deletions occur to increase the success rate against more stubborn files / folders. v9.3.6 (10.12.2025) - Database update PCAppStore - Miscellaneous logs updated to month of October v9.3.5 (10.11.2025) - Database update PCAppStore ShiftBrowser. BrowserCore v9.3.4 (10.09.2025) - Database update - secure\QtWebKit4.dll v9.3.3 (10.07.2025) - Database update v9.3.2 (10.05.2025) - Database update v9.3.1 (10.05.2025) - Improved Stage 1 - Process killing. Any console errors should now be gone. Tested on Windows 10 and 11 x64 - On newer systems without WMIC.exe, powershell.exe is now able to terminate suspicious processes impersonating legitimate files even if they include encoded UTF8 - UTF16 filepaths. This should alleviate all previous 'binary file matches' found in logs - Fixed a bug that would occur during Packages scan. Wrong file read v9.3.0 (10.04.2025) - Improved Stage 1 - Process killing - Added a link for reporting bugs via Github to the log header - Added Donation Link line to footer of log. Donating helps me stay enthusiastic and motivated to continue finding improvements to the program - Removed detection for font cache for now. It may return later v9.2.9 (10.03.2025) -Updated resource icon v9.2.8 (10.01.2025) -Updated database: BitCoinMiner. figmaUpdater v9.2.7 (09.29.2025) -Updated database: Rugmi & BitCoinMiner -Bug fix: Database related v9.2.6 (09.29.2025) -Updated database