DoesNotBelong Changelog ===================== v10.4.5 (02.10.2026) - Database update - Node.js malware v10.4.4 (02.10.2026) - Database update - Rugmi, Lamewslservice v10.4.3 (02.08.2026) - Database update - WinV Miner v10.4.2 (02.07.2026) - Database update - Rugmi, NVIDIA CloudAgent v10.4.1 (02.06.2026) - Database update - Rugmi - Tool now enumerates current month's 'AutoLogger' logs by regist & Drongo and appends to Miscellaneous section of DNB. v10.4.0 (02.04.2026) - Improvements to Cache scan -- Chromium browsers are now cleaned more robustly throughout the system. Supports offline user accounts and more than 3 profiles (old method). Results are appended to the Cache portion of the log. v10.3.8 (02.03.2026) - Database update - Rugmi - False positive fixed: CoolerMaster -- A heuristic rule was incorrectly quarantining portions of the software as BKDR.ZeuS. v10.3.7 (02.01.2026) - Database update - Rugmi - Miscellaneous logs updated to Feb 2026 - Added Windows Repair services support for 20H2 (Win10) v10.3.6 (01.31.2026) - Improvements to patching Windows Update services on 25H2 PCs if impacted by TROJ.BTCMiner.GoogleUP v10.3.5 (01.28.2026) - Database update: Unknown malware hiding in NVIDIA intcache v10.3.4 (01.27.2026) - Database update: Rugmi v10.3.3 (01.27.2026) - Improvements to Internet scanner + Supported browsers: Edge, Chrome, Brave, Chromium, Yandex, Comodo Dragon, Vivaldi, Opera, Firefox, Floorp, Waterfox, LibreWolf, and Mullvad ++ In Chromium browsers, sync is disabled (you shouldn't be signed out) and exceptions related to notifications, camera, mic, popups, and geolocation are also restored to defaults (none). ++ In Gecko browsers, only push notifications are removed. - Bug fix: ShadyPanda extensions were not being scanned in Google Chrome - Database update: Rugmi & Tsunami Injector - All translations updated to support latest Internet scan updates - Removed 'Drivers' section of log and replaced it with a 'Browsers' section. This section lists the filepaths of the browsers found on the system. v10.3.2 (01.26.2026) - Database update - Tsunami Injector v10.3.1 (01.25.2026) - Database update: LimeRAT - The tool will now also clear the cache from Overwatch game - New heuristic: Python malware v10.3.0 (01.24.2026) - Database update: Additional directories checked for executables v10.2.9 (01.23.2026) - Database update: Rugmi v10.2.8 (01.19.2026) - Database update: RedLine v10.2.7 (01.18.2026) - Database update: BitCoinMiner, AUPStartup directory v10.2.6 (01.17.2026) - Database update - IObit, CCleaner 7, BitCoinMiners v10.2.5 (01.13.2026) - Database update - IObit's Driver Booster, Toward Chromium v10.2.4 (01.11.2026) - Database update - Meta Horizon / Oculus RemoteDesktopCompanion. IObit's Advanced SystemCare v10.2.3 (01.10.2026) - Database update - Discord Game Stealer v10.2.2 (01.09.2026) - Database update - PremierOpinion v10.2.1 (01.08.2026) - Database update - Various - Removed Kingsoft and Crowdstrike from processes whitelist v10.2.0 (01.04.2026) - Database update - TROJ.BTCMiner.GoogleUP, Alructisit v10.1.9 (12.30.2025) - Database update - TROJ.BTCMiner.GoogleUP, Lavasoft - Process whitelist updated - May resolve some issues for Windows 7 users -- untested. - Miscellaneous logs updated to track January 2026 logs of interest v10.1.8 (12.25.2025) - Database update - Hoster miner - Bug fix: The tool wasn't being translated for Polish users due to minor typo in code. This has been fixed v10.1.7 (12.21.2025) - Database update - Backdoor.Quasar v10.1.6 (12.21.2025) - Database update - Backdoor.Remcos, Copilot v10.1.5 (12.20.2025) - Database update - Adware.WorldWideWeb v10.1.4 (12.19.2025) - Database update - Backdoor.Remcos v10.1.3 (12.19.2025) - Process whitelist updated - Sophos HitmanPro Alert - General improvements to processes scan to reduce friction between different configurations. v10.1.2 (12.19.2025) - Database update: TROJ.BTCMiner.GoogleUP new variant + Adware - Bug fix: Output related. In certain areas of the log, Firefox and Yandex were identified as Brave. These have been corrected - New information appended to Miscellaneous section: Boot Duration - last 3 events v10.1.1 (12.17.2025) - Database update: TROJ.BTCMiner.GoogleUP new variant v10.1.0 (12.16.2025) - New heuristic: LocalNetSolutions v10.0.9 (12.15.2025) - Database update - OneBrowser++ v10.0.8 (12.13.2025) - Database update - PUPs - Pulled some of Microsoft telemetry services / sys32 files. Files seem protected, at least on 25H2. v10.0.7 (12.12.2025) - Database update v10.0.6 (12.09.2025) - Removed bitsadmin.exe usage as per Issue #3: https://github.com/furtivex/DoesNotBelong-Issues/issues/3 v10.0.5 (12.09.2025) - Corrections to some of the languages: Dutch (Thanks to Maxstar), German (Thanks to M-K-D-B), Polish (Thanks to Picasso), and Russian (Thanks to Dragokas) - Database update: MBAM goodies v10.0.4 (12.08.2025) - Support for these languages have been added: Basque, Hungarian, Indonesian, Romanian, Ukrainian, Vietnamese v10.0.3 (12.07.2025) - Database update - AmdUpdaterLegacy (reddit) v10.0.2 (12.07.2025) - Database update - Reddit goodies - The Windows Update Repair routine has been enhanced and updated to include support for Windows 10 21H2 - Minor adjustments to the new Gecko browser cleanup v10.0.1 (12.06.2025) - The tool now automatically cleans push notifications from Gecko based browsers: Floorp, Firefox, Waterfox, Mullvad, and LibreWolf. The information is appended to the #Files: section of the log file v10.0.0 (12.06.2025) - Database update - ShadyPanda extensions v9.9.4 (12.06.2025) - The ADW.NeoBar.Gen detection has been renamed to ADW.Dotdo.Gen - Database update - Phishing attachments v9.9.3 (12.05.2025) - ADW.NeoBar.Gen routine readded. Tested on Win10 / 11 v9.9.2 (12.05.2025) - Database updates - Additional registry items - Removed ADW.NeoBar.Gen routine, needs rework v9.9.1 (12.05.2025) - Database update - BrowserStart & ADW.NeoBar.Gen - Minor bug fixes related to Profile 1 of Google Chrome browser v9.9.0 (12.02.2025) - Database update - SysCleaner & TROJ.BTCMiner.GoogleUP v9.8.9 (11.30.2025) - Database update - Minor traces of previous cleanups v9.8.8 (11.30.2025) - Bug fix: Remove erroneous entries from Registry log v9.8.7 (11.30.2025) - Database update - MSStore App: SafeDomainGuardian + couple more folders checked for PE files - Cache cleaning update: WinHTTPAutoProxySvc, winhttp v9.8.6 (11.29.2025) - Database update - MSStore Apps: SecuriGuard, PrivacyBrowse, SecurePass - Miscellaneous logs / quarantine contents updated to the month of December 2025 v9.8.5 (11.29.2025) - Database update - MSStore Apps: StealthGuard & SafeNetApp - Translation update - Filipino v9.8.4 (11.28.2025) - Database update - Alumics v9.8.3 (11.28.2025) - Process whitelist updated - Crowdstrike and Kingsoft AV v9.8.2 (11.27.2025) - Database update - Systemhost Python v9.8.1 (11.26.2025) - Database update - AV Detection update: SpyHunter v9.8.0 (11.23.2025) - Database update - Wave Browser variant - More finetuning on the quarantine procedure of some of the routines. e.g. an underscore was missing from the beginning of the filepath. Now they should all contain a similar naming scheme: _quarantinedfile.exe_ v9.7.9 (11.22.2025) - Database update - RemoteAdmin, bin /u, Altrusis, TGMacroGEN - The tool now also displays the contents of its quarantine folder in its Miscellaneous section of the log. v9.7.8 (11.19.2025) - Database update v9.7.7 (11.18.2025) - Database update - Search variant of TROJ.BTCMiner.GoogleUP v9.7.6 (11.16.2025) - More finetuning of latest quarantine changes. - Database update - New TROJ.Rugmi.Dormant.GEN v9.7.5 (11.16.2025) - More finetuning of latest quarantine changes. v9.7.4 (11.16.2025) - More finetuning of latest quarantine changes. Fixed most MOVE quirks as of this release - Database update v9.7.3 (11.16.2025) - More finetuning of latest quarantine changes. - Database update v9.7.2 (11.16.2025) - More finetuning of latest quarantine changes. - Database update - Removed the checks of Google Drive Desktop, 7zip, SamuatraPDF, UniGetUI. Lightspeed Internet Filter remains. v9.7.1 (11.15.2025) - More finetuning of latest quarantine changes. v9.7.0 (11.15.2025) - Major rewrite. A lot of the core functions were rewritten to increase performance and simplicity - The tool now quarantines items it finds and places them into C:\DNB_Quarantine folder. - Removed some icacls usage v9.6.7 (11.12.2025) - Database update - Bleeping goodies v9.6.6 (11.11.2025) - Database update - New Sys32 Heur v9.6.5 (11.10.2025) - Database update - Rugmi v9.6.4 (11.08.2025) - Database update v9.6.3 (11.08.2025) - Database update - New AIH check v9.6.2 (11.07.2025) - Database update - PSChecks - Process whitelist updated - Rising AV v9.6.1 (11.06.2025) - Database update - Backdoors + Intel 2.0 Telemetry - Other scan logs dates updated to month of November v9.6.0 (11.05.2025) - Database update v9.5.9 (11.03.2025) - Database update v9.5.8 (11.03.2025) - Database update - Optimizations v9.5.7 (11.02.2025) - Database update v9.5.6 (11.01.2025) - Database update - Process whitelist updated - Miscellaneous check for Lightspeed Filter Agent added v9.5.5 (11.01.2025) - Resolved an issue with latest 25H2 Windows Update Repair module which was affecting 24H2 from being enabled. v9.5.4 (11.01.2025) - Database update - Reddit gatherings - Windows Update Repair - Now offers support to 25H2 operating systems - Fixed false positive - Shorcut LDMultiPlayer.lnk v9.5.3 (10.31.2025) - Database update - Java Stealer v9.5.2 (10.30.2025) - Database update - Fast! / PCAppStore v9.5.1 (10.28.2025) - Database update - Public ClientRuntime v9.5.0 (10.28.2025) - General improvements mostly tied to attrib.exe usage v9.4.8 (10.26.2025) - Database update - Backdoor.Remcos v9.4.7 (10.26.2025) - Database update - TROJ.BTCMiner.GoogleUP v9.4.6 (10.25.2025) - Database update - TROJ.BTCMiner.GoogleUP - Removed Intel Graphics Experience Package detection v9.4.5 (10.25.2025) - Database update - TROJ.BTCMiner.GoogleUP v9.4.4 (10.25.2025) - Database update - TROJ.BTCMiner.GoogleUP v9.4.3 (10.24.2025) - Database update - New generic 'Temper' v9.4.2 (10.23.2025) - Database update - InfoForge, ScriptMaster - Microsoft Performance Counter files are no longer deleted. Now using lodctr /r instead - Removed provisioning packages that may have been out of place from detection v9.4.1 (10.21.2025) - Database update - Google extension, ValidateAdminCodeSignatures (ineffective) - Fixed false positive - Roaming\afuwinX64 (most likely BIOS util) v9.4.0 (10.19.2025) - Database update - Backdoor.Remcos - Additional TwTmp check - Removed the clearing of the CBSTemp folder due to potentially causing the script to have to enumerate more entries than anticipated v9.3.9 (10.17.2025) - Database update - Sys32 Dirs v9.3.8 (10.14.2025) - Database update - Zden, Intel Telemetry - AV detection updated + Sophos Enterprise v9.3.7 (10.12.2025) - Large update on how deletions occur to increase the success rate against more stubborn files / folders. v9.3.6 (10.12.2025) - Database update PCAppStore - Miscellaneous logs updated to month of October v9.3.5 (10.11.2025) - Database update PCAppStore ShiftBrowser. BrowserCore v9.3.4 (10.09.2025) - Database update - secure\QtWebKit4.dll v9.3.3 (10.07.2025) - Database update v9.3.2 (10.05.2025) - Database update v9.3.1 (10.05.2025) - Improved Stage 1 - Process killing. Any console errors should now be gone. Tested on Windows 10 and 11 x64 - On newer systems without WMIC.exe, powershell.exe is now able to terminate suspicious processes impersonating legitimate files even if they include encoded UTF8 - UTF16 filepaths. This should alleviate all previous 'binary file matches' found in logs - Fixed a bug that would occur during Packages scan. Wrong file read v9.3.0 (10.04.2025) - Improved Stage 1 - Process killing - Added a link for reporting bugs via Github to the log header - Added Donation Link line to footer of log. Donating helps me stay enthusiastic and motivated to continue finding improvements to the program - Removed detection for font cache for now. It may return later v9.2.9 (10.03.2025) -Updated resource icon v9.2.8 (10.01.2025) -Updated database: BitCoinMiner. figmaUpdater v9.2.7 (09.29.2025) -Updated database: Rugmi & BitCoinMiner -Bug fix: Database related v9.2.6 (09.29.2025) -Updated database