Jump to content


Recommended Posts

This morning at work I found that our Malwarebytes found 11 potential threats associated with 'PUPOptional.FrostwireTB.A' as a potential threat.  The files associated with this threat is from a program file 'Ask.com'.  I am unable to remove Ask.com from the uninstall programs in the control panel as I do not have administrator rights to install or uninstall any programs as this is a office computer (administrator is away on holidays).  I have a few questions that hopefully someone may be able to answer for me:


1)  From the control panel in programs I see that Ask.com was installed on a Sunday February 19, 2012, I have never worked on a sunday and as I indicated do not have administrator rights to install programs, this may have been done by admin while running other updates such as QuickBooks, java, adobe and AVG.   I run Malwarebytes often and admin as recent as 2 weeks ago updated Malwarebytes and have not received notice of this threat until now, is this because Malwarebytes has recently included this in the program as a threat and just detected now? I understand Java may be the culprit when doing updates?


2)  Would any of the program updates for either QuickBooks, java, adobe or AVG have the option to install the Ask.com toolbar upon doing updates and without notice the admin did not click off the box that gives the option not to install ask.com?  I am trying to narrow this down to how we even acquired the ask.com toolbar.


3)  I understand a open candy adware is associated with ask.com toolbar (comes bundled as part of various other applications) which is the cause for this potential threat being PUPOptional.FrostWireTB.A, would this be right?


4)  If the above is correct are there any threats at this time to our computer system at the office? as I mentioned the admin is away on holidays.


5)  I have quarantined the files associated with the threat but when I run a scan they show up again, why would this be?


6)  Would removing the ask.com toolbar fix this threat?


Someone please help?  I really do not wish to lose my job and be appointed the culprit of this threat detected.


Thank you



Link to post
Share on other sites

Hello and :welcome:


Being that this is a business, this needs to be addressed to the business section of the forum located HERE.


I suspect someone from staff will probably move your topic there...


But to answer your question, if you do not have admin rights to the system, there is probably not much you can do at the moment until your admin returns.


Also, yes Java updates are notorious for installing the Ask Toolbar.

Link to post
Share on other sites

After countless hours of searching for information I am sharing some of what I found my own, hopefully this will be of some help to other members who cannot seem to find a answer.


In my case quarantined files indicate the PUP file is Ask.com toolbar, all the others are files are associated with the registry key.  The PUP is a indication that there is a POSSIBLE threat and referred to as malware, which is why malware bytes is picking these files up as a possible threat.


During updates or installations of some programs you have a option to opt-out to install the ask toolbar and also to change the user's default browser, this is a add-on and if one does not unclick these boxes during updates or during the full installation process then the toolbar will be downloaded and added onto your browser.  If you do not even see the add on in your browser it is still there, in my case I have the ask.com clicked off and not using it in my browser, it does not matter again the file is still in your system, see for users using IE the add-on will show if you have it in  your IE browser tools section (manage add-on's), even by disabling the add on ask.com will not remove the threat that Malwarebytes is picking up.  You will need to uninstall the toolbar via from your control panel and uninstall the toolbar (Ask.com).  In my situation I have to wait as I do not have access to uninstall programs but I am sure this will remove the threat.  Once the browser add-on ask.com is removed and I will recommend any other add-on that you are not sure about be removed as well, then restart your system and run Malwarebytes again.


My question was why did Malwarebytes not pick this up before?  There are a few reasons I am suspecting and more than likely due to a update of Java which was done two weeks ago, beyond that there does not seem to be any other answers here at the forum. 


On another note:  After my research of this PUP file it comes from FrostWire and also is indicated in my quarantined files.  This is a peer to peer program that is offered and obviously is tied in with the Ask.com toolbar and in turn is a optional program offered during updates that your system will ask you do do, typically Java, there are probably others that I am not sure about.  Wikipedia has some information regarding the Ask toolbar controversy indicating it is often referred to as malware.



Link to post
Share on other sites

  • Root Admin

Hello Deb


As this is a Business you really need to post in the Business Section as Firefox has explained. Now that said since you've also already stated that you do not have Admin rights on the computer there really is not anything anyone can do to assist you. Please have your IT Staff assist you or contact us and we'll work with them to resolve any issues.



If you simply want information about the AVG Search Toolbar then here are some articles. Bottom line for me personally is that I do not like or want ANY TOOLBAR period from ANY company.
Insecure AVG search tool
Vulnerability Note VU#960193 - AVG Safeguard and Secure Search ActiveX controls provides insecure methods



Thank you.

Link to post
Share on other sites

Actually we are a small office of (2) which is probably why the business edition was not purchased and originally the post was going to be moved to the business area, anyway a little confused about the setup here and only trying to gain some factual information regarding the files Malwarebytes had detected as a potential threat.   Because I am the sole person who uses this computer for accounting purposes it is my responsibility to make sure there is no threat at this time to our system until the administrator comes back, yes backups are done but in anycase a little inquiring never hurts to have on hand.  I have put a ticket with our explanation to technical support and with hopes we may have some direction. 


Thank you for your feedback and help.



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.