Jump to content

Recommended Posts

Two stubborn PUP's refuse to be deleted.

Cleaner procedure followed exactly including reboot.

On resumption a panel shows that the PUP's have been deleted, but on

running the cleaner again, the two PUP's are still detected.

This means the two PUP's are installed at start-up.

How can I possibly get rid of them when AdwCleaner cannot do it ?

A normal Malwarebytes scan using the normal program does NOT detect these PUP's.

See -

g1nWJlM.jpg  

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the AdwCleaner Help forum.

Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue:

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Please ignore the Auslogics PUP, it is the other two that are the subject of this post.

Share this post


Link to post
Share on other sites

Here is the latest log file -

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-02-2019
# Duration: 00:00:28
# OS:       Windows 10 Home
# Scanned:  35810
# Detected: 34


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.AuslogicsDiskDefrag C:\Users\Username\Desktop\Auslogics Disk Defrag.lnk  <--- IGNORE THIS
PUP.Optional.Legacy             C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch      
Preinstalled.HPJumpStartApps    
Preinstalled.HPJumpStartBridge  
Preinstalled.HPJumpStartLaunch  
Preinstalled.HPRegistrationService 
Preinstalled.HPSupportAssistant 
Preinstalled.HPSureConnect      


AdwCleaner[S00].txt - [1479 octets] - [13/04/2019 19:06:53]
AdwCleaner[S01].txt - [1540 octets] - [13/04/2019 19:16:07]
AdwCleaner[C01].txt - [1574 octets] - [13/04/2019 19:21:16]
AdwCleaner[S02].txt - [1585 octets] - [14/04/2019 14:26:43]
AdwCleaner[C02].txt - [1666 octets] - [14/04/2019 14:27:31]
AdwCleaner[S03].txt - [1697 octets] - [14/04/2019 14:31:27]
AdwCleaner[S04].txt - [1768 octets] - [14/04/2019 14:43:59]
AdwCleaner[C04].txt - [2047 octets] - [14/04/2019 14:44:29]
AdwCleaner[S05].txt - [1825 octets] - [14/04/2019 14:50:27]
AdwCleaner[C05].txt - [1971 octets] - [14/04/2019 14:51:00]
AdwCleaner[S06].txt - [1937 octets] - [14/04/2019 14:54:42]
AdwCleaner[S07].txt - [2073 octets] - [14/04/2019 15:13:05]
AdwCleaner[C07].txt - [2154 octets] - [14/04/2019 15:14:47]
AdwCleaner[S08].txt - [2185 octets] - [14/04/2019 15:24:03]
AdwCleaner[C08].txt - [2286 octets] - [14/04/2019 15:24:29]
AdwCleaner[S09].txt - [2307 octets] - [14/04/2019 15:29:38]
AdwCleaner[S10].txt - [2378 octets] - [14/04/2019 15:49:17]
AdwCleaner[C10].txt - [2459 octets] - [14/04/2019 15:49:37]
AdwCleaner[S11].txt - [2490 octets] - [14/04/2019 15:56:16]
AdwCleaner[S12].txt - [2561 octets] - [14/04/2019 16:07:46]
AdwCleaner[S13].txt - [2622 octets] - [14/04/2019 17:36:39]
AdwCleaner[S14].txt - [2606 octets] - [14/04/2019 17:51:23]
AdwCleaner[S15].txt - [2667 octets] - [14/04/2019 18:12:10]
AdwCleaner[S16].txt - [2728 octets] - [14/04/2019 18:36:02]
AdwCleaner[C16].txt - [2829 octets] - [14/04/2019 18:36:45]
AdwCleaner[S17].txt - [2850 octets] - [14/04/2019 18:47:34]
AdwCleaner[C17].txt - [2951 octets] - [14/04/2019 18:48:10]
AdwCleaner[S18].txt - [2962 octets] - [14/04/2019 19:40:50]
AdwCleaner[S19].txt - [3063 octets] - [14/04/2019 19:41:36]
AdwCleaner[S20].txt - [3094 octets] - [14/04/2019 19:45:41]
AdwCleaner[S21].txt - [3155 octets] - [14/04/2019 20:23:46]
AdwCleaner[S22].txt - [3305 octets] - [14/04/2019 22:35:33]
AdwCleaner[S23].txt - [3277 octets] - [15/04/2019 01:00:12]
AdwCleaner[S24].txt - [3338 octets] - [15/04/2019 01:08:38]
AdwCleaner[C24].txt - [3439 octets] - [15/04/2019 01:08:59]
AdwCleaner[S25].txt - [3450 octets] - [15/04/2019 01:15:10]
AdwCleaner[S26].txt - [3521 octets] - [15/04/2019 01:19:07]
AdwCleaner[S27].txt - [3582 octets] - [15/04/2019 02:26:55]
AdwCleaner[C27].txt - [3683 octets] - [15/04/2019 02:27:26]
AdwCleaner[S28].txt - [3694 octets] - [15/04/2019 02:33:42]
AdwCleaner[S29].txt - [3755 octets] - [15/04/2019 02:36:14]
AdwCleaner[S30].txt - [3816 octets] - [15/04/2019 02:41:20]
AdwCleaner[S31].txt - [3877 octets] - [15/04/2019 02:42:36]
AdwCleaner[S32].txt - [3948 octets] - [15/04/2019 03:01:55]
AdwCleaner[S33].txt - [4009 octets] - [15/04/2019 17:07:30]
AdwCleaner[C33].txt - [4110 octets] - [15/04/2019 17:07:59]
AdwCleaner[S34].txt - [4131 octets] - [15/04/2019 17:17:22]
AdwCleaner[S35].txt - [4192 octets] - [15/04/2019 19:02:56]
AdwCleaner[C35].txt - [4293 octets] - [15/04/2019 19:03:17]
AdwCleaner[S36].txt - [4304 octets] - [15/04/2019 19:08:41]
AdwCleaner[S37].txt - [4365 octets] - [15/04/2019 19:10:30]
AdwCleaner[S38].txt - [4426 octets] - [15/04/2019 19:14:57]
AdwCleaner[S39].txt - [4487 octets] - [15/04/2019 19:19:56]
AdwCleaner[S40].txt - [4548 octets] - [15/04/2019 20:59:26]
AdwCleaner[S41].txt - [4609 octets] - [16/04/2019 11:59:32]
AdwCleaner[S42].txt - [4670 octets] - [18/04/2019 00:39:43]
AdwCleaner[S43].txt - [4731 octets] - [19/04/2019 14:20:25]
AdwCleaner[S44].txt - [4792 octets] - [21/04/2019 23:52:30]
AdwCleaner[S45].txt - [4853 octets] - [22/04/2019 23:46:06]
AdwCleaner[S46].txt - [4914 octets] - [24/04/2019 12:37:56]
AdwCleaner[S47].txt - [4975 octets] - [02/05/2019 15:26:30]
AdwCleaner[S48].txt - [5036 octets] - [06/05/2019 19:53:23]
AdwCleaner[S49].txt - [5097 octets] - [10/05/2019 20:37:46]
AdwCleaner[S50].txt - [5158 octets] - [17/05/2019 11:43:15]
AdwCleaner[S51].txt - [5219 octets] - [21/05/2019 20:41:22]
AdwCleaner[S52].txt - [5280 octets] - [30/05/2019 21:11:34]
AdwCleaner[S53].txt - [5341 octets] - [10/06/2019 19:03:01]
AdwCleaner[S54].txt - [5402 octets] - [20/06/2019 19:05:07]
AdwCleaner[S55].txt - [5463 octets] - [26/06/2019 23:00:40]
AdwCleaner[S56].txt - [5524 octets] - [09/07/2019 20:56:27]
AdwCleaner[S57].txt - [5585 octets] - [23/07/2019 19:57:36]
AdwCleaner[S58].txt - [5931 octets] - [26/07/2019 16:03:42]
AdwCleaner[S59].txt - [5992 octets] - [26/07/2019 16:06:44]
AdwCleaner[S60].txt - [6222 octets] - [01/08/2019 11:41:55]
AdwCleaner[S61].txt - [6283 octets] - [01/08/2019 12:36:48]
AdwCleaner[C61].txt - [6110 octets] - [01/08/2019 12:38:05]
AdwCleaner[S62].txt - [6236 octets] - [01/08/2019 12:41:30]
AdwCleaner[S63].txt - [6297 octets] - [01/08/2019 12:42:37]
AdwCleaner[S64].txt - [6358 octets] - [01/08/2019 13:09:38]
AdwCleaner[S65].txt - [6536 octets] - [01/08/2019 13:34:23]
AdwCleaner[C65].txt - [6383 octets] - [01/08/2019 13:35:19]
AdwCleaner[S66].txt - [6658 octets] - [01/08/2019 13:39:58]
AdwCleaner[S67].txt - [6719 octets] - [01/08/2019 13:41:33]
AdwCleaner[S68].txt - [6780 octets] - [01/08/2019 14:41:07]
AdwCleaner[C68].txt - [6627 octets] - [01/08/2019 14:41:28]
AdwCleaner[S69].txt - [6902 octets] - [01/08/2019 14:45:40]
AdwCleaner[S70].txt - [6963 octets] - [01/08/2019 14:52:33]
AdwCleaner[C70].txt - [7037 octets] - [01/08/2019 14:53:21]
AdwCleaner[S71].txt - [6993 octets] - [01/08/2019 14:58:30]
AdwCleaner[C71].txt - [6932 octets] - [01/08/2019 14:58:54]
AdwCleaner[S72].txt - [7115 octets] - [01/08/2019 15:02:57]
AdwCleaner[S73].txt - [7176 octets] - [01/08/2019 15:08:46]
AdwCleaner[C73].txt - [7115 octets] - [01/08/2019 15:09:04]
AdwCleaner[S74].txt - [7298 octets] - [01/08/2019 15:12:19]
AdwCleaner[S75].txt - [7359 octets] - [01/08/2019 15:24:25]
AdwCleaner[C75].txt - [7298 octets] - [01/08/2019 15:24:40]
AdwCleaner[S76].txt - [7481 octets] - [01/08/2019 15:30:21]
AdwCleaner[S77].txt - [7634 octets] - [01/08/2019 16:38:14]
AdwCleaner[S78].txt - [7695 octets] - [02/08/2019 11:20:29]
AdwCleaner[C78].txt - [7542 octets] - [02/08/2019 11:22:41]
AdwCleaner[S79].txt - [7817 octets] - [02/08/2019 11:26:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S80].txt ##########
 

Share this post


Link to post
Share on other sites

If I follow the registry path = PUP.Optional.Legacy      =       C:\Windows\System32\drivers\swdumon.sys 

I can delete the  driver. A scan after that and PUP Legacy is gone !

But on restart it comes back.

I cannot find the other PUP file.

Share this post


Link to post
Share on other sites

Only AdwCleaner is picking these two PUP's up as being "threats".

None of my other AV/Malware programs list them -

SuperAntiSpyware, Emsisoft Emergency Kit, Hitman Pro, Avast or Malwarebytes all disregard them.

Share this post


Link to post
Share on other sites
Posted (edited)

Greetings,

Based on a quick search it appears that the file is a component of a Slimware Utilities application; likely the same one detected in the other entry (SlimCleaner Plus from the look of it).  It is up to you whether or not to keep it installed, however the following should prove informative with regards to what Malwarebytes detects as PUP and why:

https://www.malwarebytes.com/pup/
https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/
https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/
https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/
https://blog.malwarebytes.com/cybercrime/2015/07/pup-makers-digital-snake-oil-part-3/
https://blog.malwarebytes.com/threats/registry-cleaner/
https://blog.malwarebytes.com/puppum/2016/12/why-malwarebytes-detects-pc-pitstop-as-potentially-unwanted/
https://blog.malwarebytes.com/malwarebytes-news/2017/11/winning-the-battle-against-pups-on-your-computer-and-in-u-s-district-court/
https://blog.malwarebytes.com/puppum/2016/07/pup-friday-cleaning-up-with-5-star-awards/
https://blog.malwarebytes.com/puppum/2016/08/systweak-redux-our-response/


Regarding legal precedent, please refer to the following articles which cite two cases involving Malwarebytes and vendors blocked as PUP:

https://blog.ericgoldman.org/archives/2017/11/section-230c2-protects-anti-malware-vendor-enigma-v-malwarebytes.htm
https://blog.ericgoldman.org/archives/2018/09/section-230-helps-malware-vendor-avoid-liability-for-blocking-decision-pc-drivers-v-malwarebytes.htm

The following links should also prove informative as to why many items are classified as PUP by Malwarebytes:

https://decentsecurity.com/#/registry-cleaners/
https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053
https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/
https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/
https://lifehacker.com/5482701/whats-the-registry-should-i-clean-it-and-whats-the-point
https://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths
https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/
http://www.howtogeek.com/98465/htg-explains-when-do-you-need-to-update-your-drivers/
https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/
http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html
http://www.tomshardware.com/answers/id-1974868/trusted-driver-updater.html
https://www.howtogeek.com/172839/10-types-of-system-tools-and-optimization-programs-you-dont-need-on-windows/
https://computer.howstuffworks.com/question1751.htm
https://lifehacker.com/5415355/do-you-really-need-more-than-4gb-of-ram
https://www.tomshardware.com/reviews/memory-module-upgrade,2264.html
https://www.howtogeek.com/128130/htg-explains-why-its-good-that-your-computers-ram-is-full/
https://techlogon.com/2011/03/28/will-more-ram-memory-make-my-computer-faster/

In all likelihood uninstalling the Slimware Utilities application would eliminate the detection for good, however if you wish to keep it then please right-click on the detections at the end of the next scan and use the option to ignore the item and it will be added to your exclusions so that it is no longer detected in the future.

I hope this helps, and if there is anything else we might assist you with please let us know.

Thanks

Edited by exile360

Share this post


Link to post
Share on other sites

exile360

Thank you for that comprehensive reply.

I have looked at my installed programs and Slimware Utilities or anything like it

does not exist on my programs installed list.

Share this post


Link to post
Share on other sites

LATEST

I uninstalled Avast Driver Updater using Revo Uninstaller for a clean deletion and following a new scan with AdwCleaner and reboot,

these two Pup's are now gone.

Thanks for your help. Problem solved.

Share this post


Link to post
Share on other sites

Excellent, I'm glad to hear it :)

I be Avast's driver updating utility was based on Slimware's (probably a white-label/re-skinned version of it) which would explain the duplicate drivers and registry entries shared between them.

Nice detective work!

If there is anything else we might be able to help you with please don't hesitate to let us know.

Thanks

Share this post


Link to post
Share on other sites

For general information concerning these two Pup's, it was Avast Driver Updater that implanted

them in my system. Since uninstalling the program,  AdwCleaner has been run many times and

they are now gone !

My advice - steer clear of Avast Driver Updater.

Share this post


Link to post
Share on other sites

Note - I have posted this unpleasant incident on the Avast Driver Updater Forum. Out of 50 views so far, nobody has made a comment.

Share this post


Link to post
Share on other sites

Yes, ever since Avast acquired CCleaner (and a bit before as I recall) they've been expanding their portfolio of products in an attempt to generate more money (I guess offering a free AV with the option to pay to get more features wasn't doing well enough for them) and that includes things like system optimizers, registry cleaners and driver updaters; tools which are of questionable benefit to say the least, especially on modern Windows operating systems where the vast majority of performance related maintenance tasks are actually handled by the OS itself out of the box automatically (ever since Vista, Windows has been MUCH better at taking care of itself compared to XP and older Windows versions) so most of the time such tools end up at best not really doing anything to improve how the system runs, and at worst potentially making things worse.

In the case of driver updaters it's actually pretty common for them to recommend/download the wrong drivers for some components because of the different models of hardware that are based on the same base model that manufacturers create for the big system vendors like HP, Acer, Dell etc. that use their own specifically tuned drivers for their individual systems/models, and while there is usually no harm in using the generic of the shelf driver for the base component from the component manufacturer like Intel or Realtek etc., there are cases where that generic driver isn't optimized for that specific component and you'd be better off with the driver direct from the computer manufacturer (i.e. HP if you have an HP computer for example) as it may have special tuning to provide better battery life, or better sound with the particular speakers built into your system if it's a laptop and it's drivers for the soundcard/onboard sound, or the driver may be tuned to get the best performance out of the particular graphics chip in your system based on how many watts of power it is being provided by the power supply for your system (which may be less than the default/off-the-shelf version of that same graphics card; again, to save battery life or to make the system more thin and light).  It's the same reason I try to avoid getting drivers from Windows Update, because they usually only offer the generic drivers rather than the ones from specific system manufacturers for individual components.  It's usually not going to cause any major issue like a BSOD (though I have experienced that when testing some driver updater applications in the past personally), but it's generally a lot easier and much safer just to get the right drivers direct from the system builder and many systems even come with utilities for this purpose that will check the manufacturer's database for any available driver updates and BIOS updates and the like, which means you get the right software and drivers for your system directly from the system manufacturer which leaves you much better off, at least in my opinion.

Share this post


Link to post
Share on other sites

To follow that excellent post by exile360, I have an HP desktop PC and HP Support Assistant.

HP supplied the set and I accept and install all the updates they provide, including drivers.

I would not accept driver update recommendations from any other source.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.