WIN 32 PUP files

[Stick]

Ok..I'm a NOOB..
Did full scan..the whole nine yards..
In the CHEST I have...if I can read my scribbles:
12....WIN 32:PUP-gen[PUP]
 2....WIN 32:VB-QUG [Trj]
 1....JS:111 redir DK[Trj]
Do I delete these with no issues or do I need to put up more info

[Lisandro]

Chest is safe to be keep these files. They won't harm there.
Better is wait some days before rescaning them within Chest (right click) and then delete them

[Tarq57]

I would also suggest running a "second opinion" scan with the free (or paid, if you prefer) version of MBAM. Have it remove anything found. (Removal places the infected files into MBAM's quarantine.)

Quarantine, chest, etc, it is a protected vault. Malicious files are safe there. No rush to delete them at all.

Get MBAM here: http://www.malwarebytes.org/

[Stick]

Any reason why I would be getting pop ups.I didn't get them before I loaded Avast...I have  the PAID version
Popup blocker doesn't stop em either

[Tarq57]

The text within the popups?
A screenshot would be good.

[Stick]

Here's 2...so far these are the only sites where I get popups...every day..











Before I installed AVAST...I never got any popups..all I ran was MSE

Yesterday I downloaded MAMB...ran full scan and had @ 30 issues...

So far I've scanned individual files..found nothing..even the hard drive and found nothing


I've had 1 issue with an aparrent virus but got it deleted before it could load

[Stick]

I've even talked to Tech Support on both those sites...sent screen shots...they've tried to replicate but can' get anything to pop up

[Stick]

When you scan in the Virus Chest how will I know when to delete the files

[Tarq57]

Can you please post the log from MBAM here, as an attachment. (See Additional Options at the lower left of the reply pane.) The MBAM log/s can be located by opening MBAM and looking in the centre tab.

It looks like something that may have installed with a rogue toolbar, or similar. It could be the "PUP" (potentially unwanted program - adware) that Avast quarantined. I'll have a better idea after seeing the log.

[Stick]

Sure...lemmee see

[Stick]

This it...?

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5602

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/25/2011 4:39:35 PM
mbam-log-2011-01-25 (16-39-35).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 229807
Time elapsed: 55 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

[Stick]

Don't know if this relevent..but it's in the VIRUS CHEST @ 9 times

174_137_146_170 [2] C:\Documents and Settings HP Administrator
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Nevermind just had a popup it's a TROJAN...it's now in the CHEST

Like I said...Imma NOOB...know some stuff but don't know it all

[Tarq57]

Please update MBAM and run another scan. Close all browsers (Internet explorer) while doing so.
Have it remove anything found. If it prompts to reboot to complete removal, do so promptly.

If this doesn't work, follow the directions in the first post by essexboy here and post the most recent MBAM log and the OTL logs to this topic. (Not the thread I linked to.)

[Stick]

OTL logs??

[Tarq57]

Read the post I linked to, and follow the directions.