PUP.Optional.ConduitTB.Gen Detected

[JerseyGirl10]

Greetings Everyone,

I'm new to the Forum and kindly request assistance to resolve a recently discovered PUP detection in 2 Registry Keys.
On March 15th, the MBAM Threat Scan returned the following result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2016
Scan Time: 10:19 AM
Logfile: MBAM PUPs Found 160315.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.15.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454690
Time Elapsed: 31 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, , [7c94ccbcb0e956e094a4612728dcb64a],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1000205722-994604624-1204801306-1000\SOFTWARE\Conduit, , [45cb85032b6e5adc4bec5a2ee0247090],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

As indicated below, the affected Registry Keys were quarantined:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2016
Scan Time: 10:19 AM
Logfile: MBAM ScanLog PUPs Quarantined 160315.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.15.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454690
Time Elapsed: 31 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, Quarantined, [7c94ccbcb0e956e094a4612728dcb64a],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1000205722-994604624-1204801306-1000\SOFTWARE\Conduit, Quarantined, [45cb85032b6e5adc4bec5a2ee0247090],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

As of 2016,0317 the MBAM Threat Scan returned the following result without any mention of the previously detected Reg Key PUPs:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/17/2016
Scan Time: 6:24 PM
Logfile: MBAM Scan History Log 060317.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.17.05
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455440
Time Elapsed: 31 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

A subsequent search of the MBAM Forums returned the following link to a very similar comprehensive Topic & Resolution:
https://forums.malwarebytes.org/topic/179634-pupoptionalconduittbgen/

As of this writing, I'm not certain if I've taken the necessary actions to correct the Reg Key PUPs mentioned previously. The resolution instructions described in the above link seem to be specific for that Topic Author's PC and may not apply to my situation. Any assistance provided to help resolve my current situation will be greatly appreciated.  Thank you, Jenna.

[TwinHeadedEagle]

Hello and

Yes, you can certainly remove found threats. After that run another scan and let me know if it is clean.

[JerseyGirl10]

Greetings TwinHeadedEagle,

Thank you for your prompt response to my post. Got home from work a few hours ago and ran 2 scans, (i) MBAM and (ii) ESET Online. MBAM results

indicated Zero Threats Detected; same as yesterdays' scan.  However, ESET results indicated 9 Threats Found. I've also attached an image file of the

ESET Scanner Result GUI. Both scan logs are included below. Can you provide an opinion regarding the severity of the 9 Threats ESET found and

recommendations as to how I can remove them from my system.

I have not deleted the ESET program or any files used or created during the scan of my PC. Also, I have not closed the ESET Scan GUI.

Any assistance you may provide will be greatly appreciated.

Cheers,  Jenna.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ESET Scan Result 160318,1355:

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll,  a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe,  a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\CCleaner\CCleaner_DownLoad\ccsetup514,5493.exe,  Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Program Files (x86)\CCleaner\CCleaner_DownLoad\ccsetup515,5513.exe,  Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\f79c39.msi,  a variant of Win32/Systweak.L potentially unwanted application
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

MBAM Scan Result 160318,1410 provided for reference only:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/18/2016
Scan Time: 2:10 PM
Logfile: MBAM Scan Result 160318,1410.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.18.05
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455963
Time Elapsed: 35 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[TwinHeadedEagle]

ESET detections are not necessarily malware. They are detected as potentially unwanted application meaning they came bundled with some installer or have one or more components that are considered as unwanted (installing without user notice).

If you don't need WinZip, you can uninstall it and delete the other detected files manually.

[JerseyGirl10]

Hello TwinHeadedEagle,

Upon further investigation, I've concluded that the WINZIPSS.* files ESET detected were bundled with the original online purchase of WINZIP Pro several years ago. I never gave it much thought, but during the WINZIP installation, I elected not to install the WINZIPSS package as I had no use for it. It seems these files have remained dormant and unknown to me for the past several years until disclosed earlier today by ESET. I've moved the entire WzSysScan Folder off the system drive and onto a external USB Drive. WINZIP.exe seems to function as before without any issue. I will monitor WINZIP functions & PC stability over the weekend and report back to this thread early next week.

Thank you for your time & expertise thus far in assisting my resolution of this matter.

Cheers,   Jenna.

[Maurice Naggar]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!