I installed this extension from chrome a week ago after hearing about it on the PAX subreddit, its an extension to check for when PAX tickets are to go on sale, google store URL is https://chrome.google.com/webstore/detail/pax-ticket-site-auto-laun/baidlhgloneedeeibiiflohiifbaophh
I am getting warnings in malware bytes that this is the PUP Web disco.
Here's an excerpt of the log files from my app data directory:
Folder: 6
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webimages, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\_metadata, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webaudio, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\web, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAIDLHGLONEEDEEIBIIFLOHIIFBAOPHH, No Action By User, [12157], [302033],1.0.3015
File: 15
PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Preferences, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAIDLHGLONEEDEEIBIIFLOHIIFBAOPHH\1.0.5_0\MANIFEST.JSON, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\web\connectedPopup.html, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\web\disconnectedPopup.html, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webaudio\master_sword.mp3, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webimages\connectedIcon.png, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\webimages\disconnectedIcon.png, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\_metadata\verified_contents.json, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\background.js, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\jquery.min.js, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\jquery.signalR-2.2.0.min.js, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\PaxTicketSaleCheckerSignalR.js, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\popup.js, No Action By User, [12157], [302033],1.0.3015
PUP.Optional.WebDisco, \AppData\Local\Google\Chrome\User Data\Default\Extensions\baidlhgloneedeeibiiflohiifbaophh\1.0.5_0\signalRClient.js, No Action By User, [12157], [302033],1.0.3015
Is this legit and this extension is the PUP malware or is this a false positive? Thanks. Uninstalling the extension fixes the problem and the scan yields no other problems.