Jump to content

Infected with PUPS and PUMS


Recommended Posts

I have the free version of Malwarebytes. It did a scan on it's own and came up with 28 Threats detected. They are all PUPS or PUMS. When I viewed the scan, it's advise was to Quarantine all 28. The first time I used this Malware I had a similar scan and again advised to Quarantine all. I did and my computer was in very bad shape (prior to the scan it was running a bit slow, that's why I chose to try it). After taking all the quarantined items and turning them back on my computer worked by ran so slow that it was basically unusable. I finally spent $125 with tech support and was informed that "most" PUP and PUM items do not need to be quarantied (uurrrrg). So now today I have 28 PUP and PUM malware that the system is recommending to quarantee. I have saved all the information but have no idea what to do with it. Obviously I can't safely Quarantee all 28 items but have no idea if maybe 3 or 4 of them should? Please help me. I feel like the Malware is holding me hostage. Again, I would appreciate anyone who van help me before Monday morning (if that's even possible).

Link to post
Share on other sites

Hi larry964 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Can you provide me the scan log where we can see these 28 detection, so I can review them? Also, who did you pay $125 to?

Edited by Aura
Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/9/17
Scan Time: 12:36 PM
Log File: malware.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2326
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427190
Threats Detected: 28
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 11 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.DriverUpdatePlus, HKU\S-1-5-21-241640233-930504031-2761799423-1000\SOFTWARE\SPEEDBIT TECHNOLOGY\DriverUpdate Plus, No Action By User, [13091], [261555],1.0.2326
PUP.Optional.DriverUpdatePlus, HKLM\SOFTWARE\WOW6432NODE\SPEEDBIT TECHNOLOGY\DRIVER UPDATE PLUS, No Action By User, [13091], [261529],1.0.2326

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\_locales\en, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\html\popup, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\_metadata, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\js\popup, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\_locales, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\newtab, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\html, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\css, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\js, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGODPPNCNMCGKCECHEOPOPPELLMHECFJ, No Action By User, [2068], [362981],1.0.2326

File: 15
PUP.Optional.AdvancedSystemCare, C:\USERS\OWNER\DOCUMENTS\DOWNLOADS\ASC-SETUP.EXE, No Action By User, [1238], [396386],1.0.2326
PUP.Optional.Spigot.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PGODPPNCNMCGKCECHEOPOPPELLMHECFJ\2.1_0\BACKGROUND.JS, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\css\description.css, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\css\popup.css, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\html\popup\description.html, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\html\popup\popup.html, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\js\popup\popup.js, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\js\userNewTab.js, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\newtab\newtab.html, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\_locales\en\messages.json, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\_metadata\computed_hashes.json, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\_metadata\verified_contents.json, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\contentscript.js, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\icon.png, No Action By User, [2068], [362981],1.0.2326
PUP.Optional.Spigot.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgodppncnmcgkcecheopoppellmhecfj\2.1_0\manifest.json, No Action By User, [2068], [362981],1.0.2326

Physical Sector: 0
(No malicious items detected)


(end)

This is   . Thank you for contacting me. These came up on my last scan and I already have some that are in my Quarantine as well (not many). These are 28 files and I have no idea if I delete them or use malwares advise and quarantee all. I appreciate any and all help. I use my computer for work so having possible malware on it makes me a bit apprehensive to use it with work files (which basically means I cannot work). I look forward to hearing back from you.

Jon

Edited by AdvancedSetup
removed email address
Link to post
Share on other sites

WOW. Thank you so much very the speedy response. I can't thank you enough. Just one thing, the last time I quaranteed all I needed to go back and unquarantee because my

computer was completely out of whack. How can you be sure that the same thing will not happen? I'm very sorry if this is a stupid question but I have limited computer experience.

Either way, thank you for your prompt attention to my issue. Is there anywhere I can go to let someone know how happy I was with the response?

Jon

Link to post
Share on other sites

Quote

because my

computer was completely out of whack.

Can you give me a more detailed explanation, or the symptoms that were occurring? :) From what I can see, the threats detected shouldn't affect your system if they were to be quarantined. One of your extension (Google Chrome) will get deleted, but it's a malicious one, so nothing to worry about.

Quote

Is there anywhere I can go to let someone know how happy I was with the response?

You're more than welcome to leave a comment in the Forums Announcements and Feedback section below :) 

 https://forums.malwarebytes.com/forum/175-forums-announcements-feedback/

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.