Author Topic: PUP Virus  (Read 960 times)

Offline SuzyRSopham

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
PUP Virus
« on: August 13, 2013, 08:42:13 AM »
Hi
I seem to have a PUP virus.  I've been pretty good at clearing other ones but this one just keeps coming back!

I've read through your instructions and here are the first logs.

Any help appreciated.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #1 on: August 13, 2013, 08:55:01 AM »
what is the file name and full location of the detected file...


PUP = not a virus / Possible Unwanted Program.  a program that can be good or bad if abused
many legit programs are classed as PUP because of what they can do, so you need to know what it is before you take any action. that is one of the reason why PUP scan is default off.....exept in boot scan

many annoying toolbars and crap that comes bundled with other downloads are also classed as PUP



« Last Edit: August 13, 2013, 09:01:12 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #2 on: August 13, 2013, 08:58:52 AM »
also attach Malwarebytes quick scan log

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SuzyRSopham

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: PUP Virus
« Reply #3 on: August 13, 2013, 09:34:29 AM »
Hi

Every time I reboot a load of them come back.  Last time, I had only been onto this site and had 71 ad tracking items on running SAS.

It seems to be something to do with a Babylon toolbar.

MBAM log attached.

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #4 on: August 13, 2013, 09:39:06 AM »
Hi SuzyRSopham



Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"



Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #5 on: August 13, 2013, 09:40:32 AM »
you had a ton of crap in your computer that AdwCleaner and Malwarebytes now have removed.  ;)

argus will continue to help you so follow his advice...

and trcking cookies that SAS detect are not malware.....

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SuzyRSopham

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: PUP Virus
« Reply #6 on: August 13, 2013, 10:04:47 AM »
Here is the last scan log.  About to do the Zoek one.

I do know that tracking stuff is different to a virus.  My point is, that I'm getting over 70 of these when the only place I have been since clearing it all is this website which I'm sure doesn't have such stuff.

There is something on here that is putting them all straight back as soon as I reboot.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21726
  • Gender: Male
    • Personal Message (Offline)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SuzyRSopham

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: PUP Virus
« Reply #8 on: August 13, 2013, 11:00:15 AM »
Here is the Zoek scan log.

It was all clean according to SAS, rebooted, ran another scan and there already 75 items.  I haven't even visited a web page.
Something seems to be letting them all in on start up which is very slow.

Offline craigb

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 8068
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #9 on: August 13, 2013, 11:17:39 AM »
What are the 75 detected items, are these cookies that SAS is finding ? cookies are not viruses.

Slow system startups can be due to third party programs automatically running at system start, you can use CCleaner to look at what is automatically running at startup and disable "ITunes " is one obvious program that doesn't need to start everytime you boot you system.

You also seem to have part of McAfee running at startup along with your AV (AVG ) which can be an issue and McAfee should be uninstalled immediately, the McAfee removal tool can be found here http://singularlabs.com/uninstallers/security-software/ 22a in the list
Windows 8.1 Pro X64/ IE 11/ Avast 9.0.2018/ MBAM Premium 2

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #10 on: August 13, 2013, 11:29:54 AM »
  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

emptyclsid;
emptyrecycle.bin;
FFdefaults;
chrdefaults;
iedefaults;
emptyalltemp;
autoclean;

  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.




Here we finished, clean system.

Offline SuzyRSopham

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: PUP Virus
« Reply #11 on: August 13, 2013, 12:28:31 PM »
Hi Argus

Thank you very much for your help.

I've run the above and here is the Zoek log.

I'll reboot now and hopefully it will be clean this time.

Thanks again.

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #12 on: August 13, 2013, 12:39:17 PM »
Good looks Zoek log  :)

cheers...

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1342
  • Gender: Male
    • Personal Message (Offline)
Re: PUP Virus
« Reply #13 on: August 13, 2013, 01:07:26 PM »
I forgot  ;D

Make sure all your applications and browsers are up-to-date by visiting Secunia Online Software Inspector here:

Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
http://secunia.com/vulnerability_scanning/online/

Click 'Start Scanner'
Wait for Status/Currently Processing: at the lower left to say 'Java Applet loaded successfully. Press "Start" to begin.'
Click 'Start'.
The scan should take less than a minute or so.
When done, download and install all the recommended updates.
This will help ensure the malware writers cannot use exploits(bugs) in older versions of your applications to infect your computer in the future.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now