MBAM removed PUP.OptionalCrossRider.A

[polonus]

I did a MBAM scan and it flagged two instances of this PUP in Google Chrome/AppData.

polonus

[Pondus]

I did a MBAM scan and it flagged two instances of this PUP in Google Chrome/AppData.

polonus

wooow ..... you really have to watch your surfing habits, have you not learned anything from us.   


seems it could be a new one .... this one is two days old
https://www.virustotal.com/en/file/27486023beac19af97ff13795818c13e8f95ec2398811a7dfe1f073d1d27d97a/analysis/

http://deletemalware.blogspot.no/2014/01/what-is-pupoptionalcrossridera-and-how.html

[abruptum]

CrossRider can be legitimate part of some addons usually in addons for IE, like Ghostery for IE.
Also it can be total crap.

[Michael (alan1998)]

Polonus infected!?!?! No way!! Sarcasm aside, we all get hit. You know the drill attach MbAM plus OTl

[polonus]

Hi Michael and Pondus,

Sure must  bring a smile to your faces - polonus ran into a PUP detection now he hase banned the tracking cookies from his browser. 
I think it is gone and according to the experts I should be good to go after an additional reboot.
I just do a MBAM scan again after reboot to see the generic PUP detection has left me for good.
I also will perform a fresh  AdwCleaner scan.

PUPs and generic PUPs as this one are landing on computers through downloading or updating programs
(I did not get it via mail or an infested page)).
The updater I used lately was the avast! software updater to get the latest 7zip update.
Here we see a PUP detection for 7-zip.exe: http://www.herdprotect.com/7-zip.exe-7add1cc1bd332859946298369ba82b909b93d34d.aspx
But that is not the one that I had flagged.
For FoxIt reader I used the developer site. to download and install the reader in Fx.
This reader was found to have PUP finds in the past, flagged by MBAM.

I think with all the bundling etc. now we have to grow more and more aware of potential unwanted goodies coming trickling down.
I more or less know what download sites to shun, but this is proof the best can be unwittingly targeted and stung.

Stay safe and secure with avast!

polonus

[Michael (alan1998)]

Hi Michael and Pondus,

Sure must  bring a smile to your faces - polonus ran into a PUP detection now he hase banned the tracking cookies from his browser. 

Tehehe. Sorry, I smiled when I saw this. I really did. Hopefully it was just those 2 PUP's. My prognoises. You'll live

[polonus]

Hi Michael,

You are a good sport.
And I just reported it here,
because  I wanted to admit to the fact,
that the best can get hit by suspicious code 

Damian

[Michael (alan1998)]

Hi Michael,

You are a good sport.
And I just reported it here,
because  I wanted to admit to the fact,
that the best can get hit by suspicious code 

Damian

Even Essexboy I think has had a few rounds with malware/PUP/viruses himself. Although I don't know.

[Pondus]

a couple of years ago when playing with malware samples, i did a mistake and managed to run a Trojan Ransome file.    .

[Secondmineboy]

I almost ran some ransomware accidently, cause system hung up for a few seconds...............Damn Windows

And my grandpa had some files from the GVU Trojan on his PC with only being on banking sites, i dont
know how that happened.

[Michael (alan1998)]

a couple of years ago when playing with malware samples, i did a mistake and managed to run a Trojan Ransome file.    .

Ahaha, that doesn't beat stupidly infecting windows on purpose (Host machine). That was a total mistake.... Hahaha. Good thing I know how to remove the run key and where to main file was located /

Also, try having ZBot on your computer. That sucks too.

[polonus]

I think the occasional pre-bundled download is the biggest risk of all to meet a potentional unwanted program to-day. Clicking through without paying attention on a download install is almost like playing Russian Roulette.
Pre-scanning sites you never ventured onto cannot be a bad practice either, if you can find the time for it.

The amount of websites with excessive header information, outdated CMS and vullnerable themes and plug-ins etc. is almost endless. Given the fact that hopefully the malcode is shortlived before either being taken down or closed, could easily lead to some user getting infested (use the avast! software updater and keep all of your OS and third party software fully updated and patched). Block ads that could also be occasionally malware infested. Block third party requests and scripts.
Safehex and use of the braincells sitting between the machine and the chair should do it, Still you could be the odd one out that becomes the PUPcode prize winner.of the day, as I have been demonstrating in this thread.

Keep the avast! shields up and running together with DrWeb and TrafficLight extensions up and active.and use a good Adblocker.

pol

[magna86]

a couple of years ago when playing with malware samples, i did a mistake and managed to run a Trojan Ransome file.    .

That was happent to me two times, all accidentally. A mouse is guilty, made a double click instead of one.
As I examined the active malware specimen (*.exe as executive file) on my own host system and I was lazy to start virtual mashine, I got infected with one time Virut on Windows XP and later some replicate worm variant on Windows 7. 

[Michael (alan1998)]

a couple of years ago when playing with malware samples, i did a mistake and managed to run a Trojan Ransome file.    .

That was happent to me two times, all accidentally. A mouse is guilty, made a double click instead of one.
As I examined the active malware specimen (*.exe as executive file) on my own host system and I was lazy to start virtual mashine, I got infected with one time Virut on Windows XP and later some replicate worm variant on Windows 7. 

Virut? Youch! THat's going to hurt and the self replicating worm would also very much so suck. Did it spread via the network?

[polonus]

update:
The MBAM scan after the reboot came up clean. So that junk seems to have gone to digital oblivion.
AdwCleaner cleansed: C:\Users\pol\AppData\Roaming\SpeedTestAnalysis (remainder)
and C:\Users\mysz\AppData\Roaming\Mozilla\Firefox\Profiles\6XXXXxuoo.default-1375793921214\prefs.js ]

pol