Jump to content

PUP Removed or Not

thais
 Share

Recommended Posts

thais

thais

Posted
Posted

I am a new user of this forum.  Yesterday I posted a query "PUP Removed or Not" and for some reason it is not showing up in the list of topics.  So I am trying again.

I got a new computer last week with Windows 8.1 on it.  One of the first things I did was to download Malwarebytes onto it.  Ran a number of full and quick scans, which all showed "no malicious items detected".  Ran a quick scan yesterday and it found one PUP (PUP.Optional.Co...) and it said it was in C\Windows\Temp\file_to_run55154.exe . After Malwarebytes removed it, I looked in  the location it said it was in and it was still there.  So, I turned off the computer, then turned it back on, went to the location (C:\Windows\Temp.......) and the darn thing was still there.  So can someone explain how it can still be there if Malwarebytes removed it?

Thanks..................thais

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi, thais:

 

EDIT: OOPS! Sorry, Firefox! I didn't notice that you were posting a reply.
 
Welcome.
 
PUP = Potentially Unwanted Program
This KB topic explains what they are AND how to decide whether to delete them or keep/ignore them: What are the 'PUP' detections, are they threats and should they be deleted?
 
We can't say for sure about your specific question without seeing the log.
(If it was Conduit, then some additional steps for complete removal might be needed.)
 
Please post back with the scan log attached to your next reply.
Here is where to find the logs:

  • Windows Vista & Win7/8:
    C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Thanks,

 

daledoc1

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

Until Firefox returns....

 

The scan log is clean, but it appears to be nearly 2 weeks old (02/15/2014)?
 
Are you posting about a more recent problem and a more recent scan/log?
 
Also, it sounds as if you are experiencing other computer issues?

Let's get some basic system info to try to determine what might be going on.

Please run the FRST tool and send back both logs as attachments to your next reply - the staff/experts will review them and advise you further.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. The one that runs will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.

 

Thanks,

 

daledoc1

Link to post
Share on other sites
thais

thais

Posted
  • Author
Posted

I am sorry.  I didn't realize what I was doing and did, indeed, upload the wrong log file.  I had run several scans (full and quick) prior to the 2/25 one and all were clean , including the full one on 2/24.  Am attaching the 2/25/14 one which found the PUP that I am concerned about.

 

I'll start trying to do the FRST thing you mentioned.  I'm beginning to wish I had kept my old XP machine which worked flawlessly for years with no viruses or bad guys ever.

 

I appreciate your help...............Thais

mbam-log-2014-02-25 (19-13-46).txt

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi, thais:
 
Please refer to my earlier reply with the link that explains PUPs.

 

Your log shows that you did not tell MBAM to remove the detections.

If you want to remove all of them, you can follow the steps in this blog post: http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/
 
Having said that, under the circumstances, with so many detections, it might be advisable to please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

 

>>>NOTE: That pinned topic will take you to a link asking you to run the "DDS" tool. DDS won't run on Windows 8.1.

So, if you can, please follow the steps mentioned in my last reply to run the FRST tool.

Then please post those FRST logs in your NEW POST in the malware removal section.

A malware analyst will guide you through the scanning and cleanup process.

Thanks,

daledoc1

Link to post
Share on other sites
thais

thais

Posted
  • Author
Posted

I am embarrassed to admit it but I have figured out what I did wrong with these scans.  After both the first scan which found one PUP and the later scan that found 108 PUPs, I clicked on the "remove this item", thinking that was all I had to do to be rid of them.  But after reading daledoc1's message about removing detections, I realized that I had not checked the individual items so I ran the scan again, again finding 108 detections but this time I checked all of the items before clicking "remove items".  I immediately rebooted and ran the scan again, this time finding NONE.  I checked at C:\Windows\Temp\file_to_run551542.exe and it was GONE !

 

I feel like a dunce about this but perhaps it will alert a reader to a similar mistake.

 

Incidentally, I also ran a full scan of Windows Defender and it found "no threats detected"

 

Thanks for your help with this. 

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

OK.

Good job. :)

 

Curious, though:  what anti-virus are you running on this system?

MBAM is not an anti-virus and is not a substitute for one.

(Windows Defender is not an anti-virus, either (and it's not a very robust anti-malware program, either).)

EDIT:  OOPS! I forgot that you are running 8.1. "Defender" is the rebranded "MSE" antivirus.  Having said that, it's not a very robust one and is no longer recommended. Thanks for catching the typo, Firefox!

 

If you would like one of the malware experts to help you run some additional scans to be sure everything is gone, then please follow the advice already provided.

The help is free.

 

It's up to you, of course.

 

Cheers,

 

daledoc1

Link to post
Share on other sites
thais

thais

Posted
  • Author
Posted

Thanks for replying daledoc.  You guys really are on top of everything. 

 

On my old XP computer, I had used MSE for years and never had a problem so when I got the 8.1, and was told that Defender was the same as MSE,  I figured it would be ok.  I'm sorta wondering, though.  Avast(free) had been recommended to me by someone.  Thoughts?

 

I will do the FRST tool and post in Malware Removal Section but not till tomorrow.  My brain is frazzled and worn out today.  This 8.1 is another whole galaxy from XP. 

 

Thanks again for your help..............thais

Link to post
Share on other sites
thais

thais

Posted
  • Author
Posted

OK - Chicken-Paranoid-Thais here.  I went to download FRST and a message appeared at some point saying "FRST64.exe is not commonly downloaded and could harm your computer" so I didn't download it.  Should I really be concerned about downloading it to my computer?

 

Thanks for the links about anti-virus.  Am mulling it over. 

 

.................Thais

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.