Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Ellissa on June 18, 2010, 01:03:24 AM
-
Okay, so I noticed when I do a full system scan with my free avast home edition there was the option to scan Pups, I was like, "Hmn, well I don't know what that is but I'll do it anyway and see what happens." Well, I scanned it and 12 low severity threats were detected. I tried moving it to the chest, wouldn't let. It said access denied to every option I tried to do, deleting it, moving it, repairing it, etc. Can someone please help me cause I hate knowing that there's something potentionally threating to my comp there. ): Plus, I'm kind of a newb when it comes to these things so try explaining as best as possible. Thanks! (Btw, I have a screenshot of it if you need it, with the names of the threats, etc.)
(Btw, I posted this topic in another section. I'm not sure if this is where it should be or shouldn't, if so I'm sorry.)
-
Can you post/attach the log of your scan or the files that is detected.
That will be helpfull.
Thank.
-
Lets start with PUP = Potentially Unwanted Program, so we need to establish what this is and if it is unwanted.
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Some tools, etc. can be used for good or evil (and an anti-virus can't determine that), if what is on your system is there by design, either you installed or the computer manufacturer installed it, etc. then it is likely to be there for good. If it were installed without your knowledge then it could be there for evil/malicious purposes.
So you can see why we need more information and why you should not delete it without having fully investigated it.
It should really go in the Viruses and Worms forum, but not it is here leave it, the other topic you started can be removed.
-
Yeah, I figured deleting them wouldn't be a good idea anyway, I just just giving an example of the things it wouldn't let me do- which is anything. :D I usually just move things to the chest if there is anything. But anywho, thanks for replying and attempting to help, I hope we can get this resolved. I really appreciate it. <3 Here's a picture of the names of 'em and where they're located. I think this is the kind of info you want, if you want anymore or in depth info you may have to explain to me where the locate it. Otherwise I hope this helps. ;)
(http://i46.tinypic.com/2llil5f.png)
-
In this case anything to do with MyWebSearch in must instances is considered spyware as any supposed help in searching is collated for marketing purposes.
So I don't know how you got this browser toolbar, but I would look to removing it from your browser toolbar options. It may well have an add remove programs entry given it is in the program files folder, but I don't know that for certain.
You could also try this tool - ToolbarCop http://www.snapfiles.com/get/toolbarcop.html (http://www.snapfiles.com/get/toolbarcop.html)
-
Weird. Cause the thing is, is that I use Opera so and I don't have any toolbars that I use, that I know. Cause there's nothing there? Is there any more of a simpler way of removing it? Cause I have no idea even where it would be. :l Sorry if I seem difficult.
-
Wait, could this be it? Should I just uninstall that program? You think that would kind'a solve the issue? Lol.
(http://i49.tinypic.com/j7xgfq.png)
-
Go ahead, uninstall it...
-
Thanks, lol. Kind'a a dumb question but I wanted to double check. ;D
-
Thanks, lol. Kind'a a dumb question but I wanted to double check. ;D
Ok, better safe then sorry ;)
-
Not dumb at all. It's a far better idea to ask before deleting stuff than regret it afterward.
You'll probably need your browser closed to uninstall it, then reboot, then scan again. There might be traces left over, these can be quarantined.
I see that going by the install date, Opera was installed (or maybe just updated) before this toolbar. So it may have been associated with the browser you mainly used before Opera.
-
Weird. Cause the thing is, is that I use Opera so and I don't have any toolbars that I use, that I know. Cause there's nothing there? Is there any more of a simpler way of removing it? Cause I have no idea even where it would be. :l Sorry if I seem difficult.
Generally these will be targeted at IE, which for most people still have as their default browser, not to mention until very recently was the default browser as it is fully integrated into the OS also.
Yes, as has been mentioned, go ahead an uninstall it.
-
Thanks for all the help so far, I appreciate it. I uninstalled that, rebooted and scanned again- the previous ones were gone thank goodness but yet again, one more shows up. Of course. I just want everything GONE, lol. I don't wanna have to keep continue dealing with these in the future. ); Is there a way to make sure my antivirus blocks future PuP's? Or is that totally separate? But yeah, I guess once again I ask if you have any suggestions on what to do with this new PuP? I looked around for it like the other but couldn't come up on it.
Kind of bugs me too, cause I don't where this stuff comes from, I hardly do anything on the web- especially not with these fun game type stuff. lol
(http://i50.tinypic.com/2ntydyw.png)
-
Hi,
To block PUP's you can set the real-time shields to do that.
- Click the real-time shields tab
- Select the shield(s) you want to block PUPs and click Expert Settings
- On the left hand side, find sensitivity and click on it
- Under PUP and suspicious files, check the box that says scan for potentially unwanted programs
Hope this helps :)
-
Oh, sweet! Thank you so much! <3 Would you reccomend me doing that for all shields? (Cause I did anyways, lol.)
I'm still wondering what I should do about that last unwanted PuP, cause I didn't renew my fourty dollar norton because Avast was free, now I'm wondering if I should take that up as well. I'm just paranoid. But I don't wanna waste fourty dollars either, lol. I do love Avast, I just wanna keep my computer risk free. >.>
-
The remaining PUP entry is (as indicated) low risk, especially since it relates to the uninstaller. A boot time scan of just the folder indicated should get rid of it. Or you could restart into safe mode, navigate to the folder and manually delete it.
-
The thing is though, (And again, I don't wanna sound annoying or completely clueless, lol) I don't know how to do either of those. I know how run in safe mode and stuff, but then again I'm not sure on how to navigate the folder and manually delete it- cause I have no idea where it is, lol. I searched around a little for it and found nothing. And I know you guys can only help me so much, because you're not here and you don't know what yer dealing with. lol But if you have any further detailed instructions that could help would be GREAT. <3
-
Have you tried the boot-time scan yet?
Open Avast!, its should be 1 of the selections in the scan section.
-
It says it can only run in a 32 bit operating system. I'm running 64 apparently. I looked it up.
-
I'm not acquainted at all well with Windows 7, but the navigation can't be that different (he said, hopefully.)
Try finding the folder in normal mode first. It won't then seem so weird finding it in safe.
There are two ways to locate the file.
First way (probably more straightforward):
- click "start" then "search" and type in the file name to search for "Uninstall Fun Web Products.dll" (without the quotes). Look in the C drive, search hidden and system files.
-When it is found, right click the entry in the search assistant window, and select "open containing folder". An explorer window/folder will open. The .dll concerned should be highlighted. Try to manually delete it. (right-click>delete).
-If it resists, restart into safe mode, locate the file again, and delete it.
Second Way:
-Go to the control panel, and locate folder options. In XP the window looks like the one I picture below. In "view", set it to show hidden files, and system files. (two separate things to tick/untick.)
-Double-click the "my computer" icon. It will open to an explorer window.
-Using the path listed 7 posts up, try to find the folder listed under "File name" in the Avast scan result. (C:\Program Files (x86)\Uninstall Fun Web Products.dll) I'm not sure the "x86" will be present in the title of that folder, but it may well be. If you can find it, and the .dll so named above, attempt to manually delete it. (Right click>delete.) It may resist. If so, reboot into safe and delete it.
It would be interesting to right-click the file and select "properties", and report on the file size before deleting it.
Hope that helps.
There is probably an easier way to do this, maybe someone else with a few more tricks in their baskets will post it.
-
@ Ellissa
I use Windows 7 64-bit and boot-time scan is not available yet.
I recommend Malwarebytes Anti-Malware (MBAM) as it will detect and remove those infections:
http://www.malwarebytes.org/mbam.php
Download the free version then install it and update its definitions then run a Quick scan and have it remove all it finds.
-
Thanks, YoKenny. I decided to take the easier route and download the Ani-Malware you suggested, it found 19 threats, and I had it removed 'em all. ;) I hope this fixed things. (Btw, how often do you suggest I run this malware program for future reference?)
-
@ Ellissa
I purchased MBAM and for a one time licence it is well worth the purchase.
I have it set for hourly updates with a Quick scan dailly but with the paid version it runs a Flash scan at update.
-
Ellissa,
to answer your question..........if you intend to use malwarebytes as a on demand scanner(free version, like you just did) as alot of people do, once a week is fine, just be sure to do a update before scanning.
hope this helps.
Sat
-
I'm on dial-up and the MBAM updates are a pain in the rear as it download the complete database again and that is why I only do a weekly scan and update prior to that scan. That is one of the reasons why I wouldn't buy it as I wouldn't be using the resident protection, allowing auto updating of the database.
-
@DavidR
You do not need to set it to update hourly or even daily.
How To Use The New Scheduler
http://forums.malwarebytes.org/index.php?showtopic=45177
The Website Blocking feature is great.
-
Thanks guys, you have been really helpful. I may purchase it, but I think I'll stick with the free version for now. I was actually debating on renewing my norton again for further protection, but if you all feel having avast and the MBAM program should protect me enough, I'll take your word for it. ;D Thanks again!
-
@DavidR
You do not need to set it to update hourly or even daily.
How To Use The New Scheduler
http://forums.malwarebytes.org/index.php?showtopic=45177
The Website Blocking feature is great.
I know I'm not forced to do anything, but I simply won't support them if they can't implement an incremental update, rather than download the full database every time. Perhaps I'm spoilt with avasts incremental update process, if MBAM could implement something similar then it would be so much of a chore updating taking 15-20 minutes.
They have talked about it for long enough, surely it can't be beyond their collective wit, it has to be to their benefit too as they wouldn't be using anywhere near the same bandwidth, which presumably they have to pay for.
-
The Website Blocking feature is great.
Apparently not for everyone. See http://forums.malwarebytes.org/index.php?showtopic=54301 (http://forums.malwarebytes.org/index.php?showtopic=54301)
-
The Website Blocking feature is great.
Apparently not for everyone. See http://forums.malwarebytes.org/index.php?showtopic=54301 (http://forums.malwarebytes.org/index.php?showtopic=54301)
No issue for TeMerc
http://forums.malwarebytes.org/index.php?s=edee597d4201a802a7b777ae81bf4962&showtopic=54301&view=findpost&p=268918
@ DavidR
Having to use dial-up is a hindrence in using the Internet these days. :(
-
I'm not having any problems with SpywareBlaster updating. As the MalwareBytes forum thread states, this is affecting those people that, because of their geographic areas and the CDN loading, are routed to the blacklisted distributed IPs. This shouldn't happen.