Jump to content
KiryuuHime

PUP.Optional.Spigot.A and PUP.Optional.MyEmoticons.A

Recommended Posts

Recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer. 

Free trial Avast comes up clean.

Free Trial Malwarebytes is a bit different:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d], 
 
Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtection, "C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart, , [062bb5a0b3c82412a25f003c31cf629e]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, , [062bb5a0b3c82412a25f003c31cf629e], 
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Local\Temp\~sp8AD9.tmp, , [cd640451a0dbd26443bf2a1232ceb24e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


I haven't removed any of these detection, because to be frank, I'm pretty computer stupid. I know that PUPs aren't always necessarily dangerous, but a quick Google search has pulled up many sites stating that "Spigot" can be pretty dangerous. I know nothing about "MyEmoticons," but I'd rather not have it on my computer if I don't need it (to be honest, it sounds kinda spammy). I'll admit, I'm kinda freaking out.

In terms of performance, I could say my computer is a bit slower than I remember, taking time to load web pages and such, but that may just be placebo. I'm not sure.  

Should I just remove these via Malwarebytes and call it a day, or do you think this calls for a more thorough cleanse?

Share this post


Link to post
Share on other sites

Minor Update: I now have all of these in Quarantine. I am to believe that that are much safer for me there than just leaving them be.

Share this post


Link to post
Share on other sites

Another minor update:

Rescanned my computer several times, and each came up with similar detections:

First Time-
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 12:44:56 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267922
Time Elapsed: 9 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, Delete-on-Reboot, [b37eb79e1d5e2115a45d3705f30db24e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [b37eb79e1d5e2115a45d3705f30db24e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

~~~~~~~

Second Time-

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 1:01:16 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267875
Time Elapsed: 10 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, Delete-on-Reboot, [46eb1144cfac1521308d5055887aca36]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [46eb1144cfac1521308d5055887aca36], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

~~~~~

Third Time-

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 1:12:19 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267983
Time Elapsed: 9 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, Delete-on-Reboot, [ba77124391eaf4425766d3d2639f2ed2]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [ba77124391eaf4425766d3d2639f2ed2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


Further research has discovered that "PUP.Optional.SearchProtection.A" is comping from Spigot, but please, correct me if I'm wrong. 

It is blatantly obvious that this program will keep sending out those PUPs no matter how many times I scan, so I'm going to stop doing so. 

Share this post


Link to post
Share on other sites

Welcome to the forum.

 

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Quick Scan with Malwarebytes (if possible)

 

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

 

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

 

Then......

 

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

 

To attach a log:

 

Bottom right corner of this page.

reply1.jpg

 

New window that comes up.

replyer1.jpg

 

 

Last................

 

Please download and run RogueKiller 32 bit to your desktop.

 

RogueKiller<---use this one for 64 bit systems

 

Which system am I using?

 

Quit all running programs.

 

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

 

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

 

Don't run any other options, they're not all bad!!!!!!!

 

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

 

 

Note:

Please read all of my instructions completely including these.

 

Make sure system restore is turned on and running. Create a new restore point

 

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.