Avast WEBforum

Other => Viruses and worms => Topic started by: Damstas on May 25, 2011, 07:46:39 PM

Title: What can Win32:Pup-gen do?
Post by: Damstas on May 25, 2011, 07:46:39 PM

Win32:Pup-gen [PUP] was found on my computer and Avast deleted it.
Have it done something on my computer?
Or when i have logged previously can it transport my passwords to somewhere..?

EDIT: What viruses can even send your login info somewhere?

Title: Re: What can Win32:Pup-gen do?
Post by: Left123 on May 25, 2011, 08:09:17 PM

PUP=potentially unwanted program.It doesn't belong to keyloggers,backdoors,spyware family etc.

Title: Re: What can Win32:Pup-gen do?
Post by: Damstas on May 25, 2011, 08:13:33 PM

Ok.. but.. What can it do on computer?

Title: Re: What can Win32:Pup-gen do?
Post by: DavidR on May 25, 2011, 08:46:23 PM

First you have to ask avast to scan for PUPs in the on-demand scan and second it doesn't delete it unless you say it should ?

Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

We can't say what it might or might not do to your system as we have no information to work with.

PUPs are generally programs that can have a dual purpose, malicious or a tool. Like any tool it could be used for good or evil and intent is hard to determine, hence the PUP category as it is only the user that can determine intent.
e.g. did you install it and do you know what it does.
Because you need to have some knowledge of what is on your system to be able to answer this PUP question, I feel that is why it isn't enabled by default.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
For detection on on demand scans, check C:\Documents And Settings\All Users\Application Data\Alwil Software\Avast5\Log  (Windows 2000, Windows XP). Or C:\ProgramData\Alwil Software\Avast5\log (windows Vista, windows 7).

Title: Re: What can Win32:Pup-gen do?
Post by: Damstas on May 25, 2011, 10:04:19 PM

Thanks David for a big answer. The file came from some download that i did. It was on desktop, and is now gone, so there shouldn´t be any threats anymore?

Title: Re: What can Win32:Pup-gen do?
Post by: DavidR on May 25, 2011, 11:15:02 PM

There shouldn't be a problem provided it hasn't been run, but it is important to state what the file name was, so those locations arrowed and also the file system shield file if it wasn't found on the on-demand scan.

With this information we can get a better understanding of what it was and any associated risk.

Title: Re: What can Win32:Pup-gen do?
Post by: polonus on May 26, 2011, 12:41:12 AM

There was a similar thread on this subject here: http://forum.avast.com/index.php?topic=74135.0
Potentially Unwanted Programs are potentially unwanted as the user of the computer did not install it willfully and knowingly. If that isn't the case the program can be considered a risktool.
Had the program been installed, then a System restore to a point before the infection occured in Safe Mode also had been a secure way of removing a Win32:Pup-gen infection. A full avast bootscan should then follow this procedure,

polonus