Avast WEBforum

Other => Viruses and worms => Topic started by: decider on July 05, 2012, 08:47:42 AM

Title: Win32:IBryte-U [PUP] is it thread???
Post by: decider on July 05, 2012, 08:47:42 AM
I performed a scan during the boot time with Avast and it found a thread called Win32:IBryte-U [PUP], is this a virys or something like that??? . I pressed to delete it. Shall i do anything else?? No one really knows???
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: DavidR on July 05, 2012, 02:32:15 PM
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

PUP = Potentially Unwanted Program - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html (http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html). Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
Not all antivirus programs scan for PUPs and avast has it turned of by default (an exception being the boot-time scan).

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: decider on July 05, 2012, 03:28:38 PM
The infected file name was C:\Users\decider\Downloads\Setup.exe, severity:low. Also i performed another boot scan, and a full system scan but nothing came up both times.
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: DavidR on July 05, 2012, 04:09:33 PM
That is it, when it comes to PUPs as I mentioned in the on-demand scans PUPs aren't checked for so you won't get any alert on the regular on-demand scan.

The biggest problem when PUPs are enabled is that most users don't understand what a PUP is and aren't able to make an informed decision on what to do.

Given its location downloads and setup.exe, it isn't a file that would cause any problem by your deletion, but it isn't a good habit to get into.
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: polonus on July 05, 2012, 04:23:21 PM
A PUP is being flagged at start up of a particular  program/tool or at download to alert the user to the fact that if he has not willfully chosen to use it or if it has landed on his computer through a third party (malcreation)  the program could have certain security risks. Whenever the user knows what the program does, knows what the risks are, a PUP alert has lost its significance and is no longer a PUP for that particular user.
That is why DavidR says deletion is not a very good option to begin with. And who is to disagree with this view?
First establish what you have there, when in doubt and after additional scanning you can come here and ask for a second op and then make a final decision what you want to do with this particular PUP. If it is not a PUP in your view and opinion and you whenever you are well aware of the eventual risks, you could exclude the program to no longer throw up a PUP warning the next time around.
So always remember. "First establish and then" live up to your name", that is decide  ;D ",

polonus
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: decider on July 05, 2012, 04:27:17 PM
So you think it didn't caused any infection on the pc??
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: DavidR on July 05, 2012, 04:44:20 PM
No one can tell you that with certainty as we don't know if A) you ever ran it, setup.exe will generally be installing 'something' and B) what that 'something' might be isn't known.

The nature of it being a PUP doesn't necessarily mean it is malicious/infected, but having deleted it there is little else that can be done to investigate it further.
Title: re PUP:Win32:Ibryte-BE [PUP]
Post by: clarerose on April 06, 2013, 12:07:25 PM
I ran Avast which detected this threat - i actioned 'move to chest' is there anything else I should do?? My PC is still sluggish and Im a novice
Title: Re: Win32:IBryte-U [PUP] is it thread???
Post by: DavidR on April 06, 2013, 12:45:15 PM
No one can say in isolation, e.g. file name and location of the detection as asked in the first reply ?

What were you doing when this was detected ?