Jump to content

PUP'S keep coming back after quarantine


Recommended Posts

A couple of days ago Search Protect A, Trovi A ,Open Candy  and Conduit A was found in 20 folders and 81 files during a routine scan with Malwarebytes

 

I quarantined everything and did another scan and everything was clear.

 

The next day Trovi A was found in one file only during another scan. I quarantined it and then used AdwCleaner  to clean everything it found. I then ran Malwarebytes and AdwCleaner again to ensure they gave me clean scans.

 

This morning Conduit A came back in 7 files. I have quarantined them. AdwCleaner scan was clear.

 

No doubt they will return so is there any way I can stop them. I am prepared to do clean reinstall of Win7 but I think the infection may be on four machines as they were used to back up files! 

 

 

Link to post
Share on other sites

Hello and :welcome: , joe67:

 

Some of the infections you report can be a bit tricky and stubborn to remove.

 

We can't work on malware diagnostics and removal in this sub-section of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you through the cleanup process.

Thanks,

Link to post
Share on other sites

Hello Joe67

 

I am attaching a sample picture of the Detection and protection screen ( module) of the Anti-Malware.
Use that as a guide.
Look at yours and make some changes if needed, to get more like my sample.

Especially look at the **Non-Malware protection**
For each of the lines marked
**PUP**
**PUM**

be sure your setting is made to **Treat detections as malware**

When done with the changes, then click the Scan icon and then do a new Threat scan.

If any items are detected, then look over the list.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
 

post-2622-0-15754000-1401544461_thumb.pn

Link to post
Share on other sites

Thank you for your advice . I had already followed daledoc1's  advice and reposted on the other forum so this is now a duplicate thread. Sorry.

 

 Should I adjust the  Detection and Protection settings as you advise or wait for a reply on the other forum?

Link to post
Share on other sites

Hi:
 
You wrote:
 

I quarantined everything and did another scan and everything was clear.

So, I may have misunderstood that you already had the correct PUP/PUM settings to "Treat as Malware" (they are both actually set that way by default with the current version of MBAM 2).

 

So, if you had not done so, yes, please do configure your settings as Maurice has suggested and then rescan and follow the rest of the steps he advised.

 

(The malware removal section is quite busy -- it could be a while before a helper picks up your other topic there.  We don't normally perform malware removal work here in this section of the forum.  But, under the circumstances, we might be able to get you cleaned up and on your way before your other topic is picked up.  Having said that, some PUPs are a bit more stubborn than others and they might require the use of additional tools, besides MBAM, for complete removal.)

 

Please post back with an update after changing the settings and rescanning -- it would help if you could post back with the scan log.

(Let us know if you need help with that.)

 

Thanks,

 

Link to post
Share on other sites

Thank you for your reply daledoc1.

 

I have just done  a scan using the settings advised and it has come up clean as below. However I am almost certain the PUP's will return tomorrow because that is what has happened on all four computers I am using. I can post the last couple of days logs if required or do you want me to wait until the PUP's return?

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/05/2014
Scan Time: 17:40:02
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.31.07
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Terry
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261704
Time Elapsed: 6 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Set all your computers settings for PUP / PUM same as I had you do.

 

Flush all temporary internet files in your internet-browser programs  ( for housekeeping).

 

Tighten up on your internet browsing behaviors.  Really slow down on your clicks especially if accepting any sort of browser add-on.

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet.

 

If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.

Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

 

Tighten up the security for all your browsers.

 

You show as using the free program.  I'd recommend you buy a license for the Anti-Malware so that you would have the benefits of real-time protections.

 

Link to post
Share on other sites

Many thanks for your reply.

 

It appears that Malwarebytes has flushed out the remnants of the PUP's because I have had clean scans on all four machines for the last couple of days.

 

I was not as convinced as you they had gone because Trovi A, Search Protect and Conduit A had all returned in different locations even after Malwarebytes had produced clean logs.

 

Your points about prevention before cure are good. I regularly scan with Malwarebytes and very rarely get any nasties so this has been a real eye opener especially when I read some of the threads about Search Protect and Conduit!

 

I have started a trail of 'real time protection' and will upgrade at the end of the trail period.

 

Thanks again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.