Jump to content

PUP Found in Foxit Installer.


Recommended Posts

I did a scan today with Malwarebytes and it found a PUP in the Foxit Reader installer. This is a new Windows 7 Computer I got last week. I used Foxit on an old XP machine for around 3 years and Malwarebytes had never picked up anything before from Foxit. Has anyone else reported this? I let Malwarebytes remove the installer and I have also uninstalled Foxit from the Computer. Is there anything else I need to do?

 

This is what it picked up.

 

Files Detected: 1
C:\Downloaded Setup Files\foxit reader setup.exe (PUP.Soft32Downloader) -> Quarantined and deleted successfully.

 

 

Thanks for any help!

Link to post
Share on other sites

Hi: :)

 

PUP = Potentially Unwanted Program
This KB topic explains what they are AND how to decide whether to delete them or keep/ignore them: What are the 'PUP' detections, are they threats and should they be deleted?

 

Has anyone else reported this?


I don't see any similar reports here on the forum, but the staff may have more information on this specific detection. ;)
 

I let Malwarebytes remove the installer and I have also uninstalled Foxit from the Computer. Is there anything else I need to do?


Probably not.
But, without the full scan logs (before and after removing it), it's a bit hard to say.
 
If you want an expert to have a look under the hood to be sure all PUP/malware traces are gone, please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you for free through scanning and any needed cleanup.

Thanks,

daledoc1

Link to post
Share on other sites

Thank you Daledoc1, I'll check that out.

 

Here's the scan before I removed it.

 

I did run a scan with my Anti-Virus and it came up with nothing.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Miller :: MILLER-PC [administrator]

10/31/2013 7:21:02 PM
mbam-log-2013-10-31 (19-21-02).txt

Scan type: Custom scan (C:\Downloaded Setup Files\foxit reader setup.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Downloaded Setup Files\foxit reader setup.exe (PUP.Soft32Downloader) -> Quarantined and deleted successfully.

(end)
 

 

And here is the scan after removing it.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Miller :: MILLER-PC [administrator]

10/31/2013 8:16:34 PM
mbam-log-2013-10-31 (20-16-34).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285172
Time elapsed: 16 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

  • Root Admin

Actually it should be in our Quarantine.  If you can or want to you could restore it and then upload it to http://www.virustotal.com and have them scan it and then post back a link to that scan please.

 

My guess is that it is inside a wrapper installer and why it was flagged.

 

Thanks

Link to post
Share on other sites

The site said it had already been analysed, but I went ahead and had it reanalysed. The first link is of the scan before and the second is the one I did. It looks to be ok. If so, does that mean it's safe to use Foxit?

 

https://www.virustotal.com/en/file/ad1e0bab388ebf363aa554420d1c7623e06371cbbc8049cc1f8f2bae1a9ae7a4/analysis/

 

 

https://www.virustotal.com/en/file/ad1e0bab388ebf363aa554420d1c7623e06371cbbc8049cc1f8f2bae1a9ae7a4/analysis/1383279213/

Link to post
Share on other sites

  • Root Admin

Yes it should be safe.  Can you do me a favor and put the file in the same location as it used to be.

Then check for updates for MBAM and run a Quick Scan using the /developer switch as shown in this post.

 

Please read before reporting a false positive

 

Then post back that log so that I can have the Research Team check on it to confirm if it is a PUP or not.

 

Thank you again.

Link to post
Share on other sites

Well, I don't know what happened when I installed Foxit last week, but I've redownloaded it and installed it and I'm not getting the PUP files from the scan now. In my first post I mentioned that I had uninstalled Foxit, well at that time I had already deleted the PUP files from Malwarebytes.

 

When I install a program, I always download the file and save it in a folder on the Computer. That way if something happens and I have to uninstall one I don't have to redownload it. Last week when I downloaded Foxit, there was another file (I don't know what it was) besides the Foxit Application (.exe) file that showed up in my folder that I save them in. I had never seen that file when I used Foxit on the old XP Computer. That other file is where the (PUP.Soft32Downloader) came from. When I deleted it out of Malwarebytes, it deleted that file out of the Computer. This time when I downloaded Foxit, I didn't get the other file. All I have now is the Application (.exe) file like I had in the XP machine. Wished I hadn't deleted it now.

 

Sorry for the long post, but here's the scan using the developer switch. As you can see it didn't pick up anything.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Miller :: MILLER-PC [administrator]

11/1/2013 4:07:31 PM
mbam-log-2013-11-01 (16-07-31).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286638
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Ok, thank you very much!

 

I sure wished that I would have kept that file that came in with the Foxit Application (.exe) install file, but when the scan picked up the PUP, I got a little scared and deleted it out real quick. If I happen to get it again, I will leave it and post in here. At least everything is ok now.

 

Again, thank you very much for your help!!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.