Author Topic: Win32:IBryte-U [PUP] is it thread???  (Read 8127 times)

Offline decider

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Win32:IBryte-U [PUP] is it thread???
« on: July 05, 2012, 06:47:42 AM »
I performed a scan during the boot time with Avast and it found a thread called Win32:IBryte-U [PUP], is this a virys or something like that??? . I pressed to delete it. Shall i do anything else?? No one really knows???
« Last Edit: July 05, 2012, 11:39:56 AM by decider »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #1 on: July 05, 2012, 12:32:15 PM »
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned of by default (an exception being the boot-time scan).

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline decider

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #2 on: July 05, 2012, 01:28:38 PM »
The infected file name was C:\Users\decider\Downloads\Setup.exe, severity:low. Also i performed another boot scan, and a full system scan but nothing came up both times.
« Last Edit: July 05, 2012, 01:30:26 PM by decider »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #3 on: July 05, 2012, 02:09:33 PM »
That is it, when it comes to PUPs as I mentioned in the on-demand scans PUPs aren't checked for so you won't get any alert on the regular on-demand scan.

The biggest problem when PUPs are enabled is that most users don't understand what a PUP is and aren't able to make an informed decision on what to do.

Given its location downloads and setup.exe, it isn't a file that would cause any problem by your deletion, but it isn't a good habit to get into.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20121
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #4 on: July 05, 2012, 02:23:21 PM »
A PUP is being flagged at start up of a particular  program/tool or at download to alert the user to the fact that if he has not willfully chosen to use it or if it has landed on his computer through a third party (malcreation)  the program could have certain security risks. Whenever the user knows what the program does, knows what the risks are, a PUP alert has lost its significance and is no longer a PUP for that particular user.
That is why DavidR says deletion is not a very good option to begin with. And who is to disagree with this view?
First establish what you have there, when in doubt and after additional scanning you can come here and ask for a second op and then make a final decision what you want to do with this particular PUP. If it is not a PUP in your view and opinion and you whenever you are well aware of the eventual risks, you could exclude the program to no longer throw up a PUP warning the next time around.
So always remember. "First establish and then" live up to your name", that is decide  ;D ",

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline decider

  • Newbie
  • *
  • Posts: 3
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #5 on: July 05, 2012, 02:27:17 PM »
So you think it didn't caused any infection on the pc??

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #6 on: July 05, 2012, 02:44:20 PM »
No one can tell you that with certainty as we don't know if A) you ever ran it, setup.exe will generally be installing 'something' and B) what that 'something' might be isn't known.

The nature of it being a PUP doesn't necessarily mean it is malicious/infected, but having deleted it there is little else that can be done to investigate it further.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline clarerose

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
re PUP:Win32:Ibryte-BE [PUP]
« Reply #7 on: April 06, 2013, 10:07:25 AM »
I ran Avast which detected this threat - i actioned 'move to chest' is there anything else I should do?? My PC is still sluggish and Im a novice

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69208
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Win32:IBryte-U [PUP] is it thread???
« Reply #8 on: April 06, 2013, 10:45:15 AM »
No one can say in isolation, e.g. file name and location of the detection as asked in the first reply ?

What were you doing when this was detected ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now