Jump to content

"Win32:PUP-Gen [PUP]" ???


Recommended Posts

Hi there,

after downloading Malwarebytes I started the first scan that detected a couple of bugs. To my surprise it didn’t include the one I expected. The virus-scanner I used before (AVG) detected a ile which I unfortunately couldn’t put into quarantine or get rid of it by deleting it. So it should still remain on my Mac. But it wasn’t detected by the Malwerarebytes-scan. Is my Mac safe? What is required to do?

Screenshot 2019-12-10 18.21.54.png

Link to post
Share on other sites

From the infection name and the file extension ".exe", I can see that it's a Windows PUP, so not surprising that Malwarebytes for Mac would not be looking for it.

As long as you are not running Windows on your Mac or sending that file to friends who run Windows, you can safely ignore it.

I can't really tell exactly where it's located, but if that's a backup drive of any kind, you won't be able to delete it without compromising the backup unless the backup software you are using allows that sort of thing.

Link to post
Share on other sites

  • Malwarebytes software for MS Windows does not target nor detect Apple MAC or Android malware.
  • Malwarebytes software for MAC OS does not target nor detect Windows or Android malware.
  • Malwarebytes software for Android devices does not target nor detect Windows or Apple MAC malware.

The Malwarebytes' Engine and Signatures on Virus Total only target MS Windows malware and is a subset of what MBAM for Windows will detect on a PC.

Link to post
Share on other sites

Thank you, alvarnell! I already thougt it might be a windows PUP.  But I couldn't imagine how a windows PUP could infect my Mac. And indeed, I installed a bootcamp section which - on the other hand - I didn't use for once a while.  For backup I use timemachine and an external drive. Is there no way to get rid of that nasty bug? I don't want to infect my friends using Windows.

By the way, greetings to California

Link to post
Share on other sites

11 hours ago, Hardyjan said:

For backup I use timemachine and an external drive. Is there no way to get rid of that nasty bug? I don't want to infect my friends using Windows.

It's unlikely that you would infect your friends unless you restored that file from Time Machine and sent it to them, but there is a way to get rid of it.

  • First make note of the exact path to $R57EQOT.exe so you can find it.
  • Enter Time Machine and navigate to $R57EQOT.exe, then single click on it to highlight.
  • In the toolbar at the top of the window you will see a gear icon labeled "Action". From the pop-down menu select Delete All Copies of "$R57EQOT.exe".

That should do it.

Link to post
Share on other sites

  • Staff

From the initial screenshot, I can assume that the file already in recycle bin ($R...)

image.png.a8be76976f7ea8b952321d098a72918f.png

 

One thing you should be aware of: if it's a Time Machine backup, you should never allow anything to scan or modify it. Time Machine backups are very fragile under that kind of treatment and can be destroyed entirely if a you or third-party app removes even a single file. Even when we do scan external drives, under no circumstances will we scan Time Machine backups.

If a Time Machine backup has malicious files in it, the best thing to do is:
1) Clean the Mac in question
2) Perform another backup
3) Eventually, Time Machine will prune the old files that have been gone for a while, including the malicious ones.
 

Link to post
Share on other sites

  • Staff
On 12/21/2019 at 8:17 AM, Hardyjan said:

I don't want to infect my friends using Windows.

Unless you go searching for this .exe file, find it, and then attach it to e-mail messages to your friends - which seems like a pretty unlikely scenario - it wouldn't be able to infect your friends.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.