what to do with win32:PUP-gen file in windows folder

[avekigara]

Hi,
I'm new here and I'm not that hi-tech so really could use some good advice on what to do. I just did a boot scan and found an infected file in this directory
C:\windows\setup\SCRYPT\RemoveWAT.exe, win32:PUP-gen. (i hope i remember the names correctly)

I'm not sure what to do with it since it's in windows setup folder. this is the only one avast detected and this is the first time also. would really appreciate you help with this problem(should i move it to chest n my system will not be affected?). thanks in advance >,<

(i did read : Logs to assist in cleaning malware post. does this mean i should download OTL?)

[Pondus]

win32:PUP-gen.

PUP = Possibel Unwanted Program  

This is a little tool to remove WAT (Windows Activation Technologies) completely from the OS, whilst still retaining genuine status and receiving all updates (optional as-well). You can also pass the genuine check in things like Windows Defender.

so it is up to you...do you want it or not  

[avekigara]

if it's a virus, i'm sure i'd rather chested it. would it bother my OS (i'm using win7) performance though? thanks again.

(Sorry for the late reply, i just got back online)

[Pondus]

It is not a Virus... did you not read my post

but if you dont want it, just let avast move it to chest......

to check the file RemoveWAT.exe

upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners
when you have the result, copy the URL in the addressbar and post it here so we can see


alternatives
Jotti`s    http://virusscan.jotti.org/en
VirSCAN    http://virscan.org/
Metascan   http://www.metascan-online.com/

[avekigara]

I'm sorry, i did read it but like i said, i don't really understand program language. I did what you told, here's the link :
https://www.virustotal.com/file-scan/report.html?id=fdb35ef4fe3ae4fc9d4e48495585a22b219e729ef2234c40100dba56f17b13a9-1315785527

said it's a goodware but how come avast boot scan warned me bout it if it's been fine all this time? could it be because i just download this file (though i'm sure i didn't do such thing, well.. not on purpose at least). well, thanks again for your help. much appreciated it since i'm the panic type when it comes to computer >,<

[Pondus]

It seem to be a program to remove the windows Genuine ask..... are you running a crack windows version ?

said it's a goodware but how come avast boot scan warned me bout it if it's been fine all this time?

PUP scanning is off by default....so you have turned on PUP scan!

PUP = Possibel Unwanted Program   http://searchsecurity.techtarget.com/definition/PUP

[avekigara]

oh dear, this is not my computer, a friend just lend it to me for awhile. that's why i'm trying to be very careful with it... I'll see in the next boot scan if there's other files got infected or not. maybe i should chest it anyway

[Pondus]

why are you running a boot scan...any problems ?

The boot-time scanner is an expert feature, and was designed to be used when there’s something bad going on on the system.

https://blog.avast.com/2010/02/04/v5-bts-auto-actions/

maybe i should chest it anyway

you can always restore file(s) from the chest if you find out you need it

[avekigara]

I went to a 'usually' secured website today but i got a malware warning all the time when i opened this website. so, i asked a friend to open it just in case it's been hack but it's fine for her. so, i thought maybe there's something in my system...

[Pondus]

can you post the URL here ?

but post it like this  http as hxxp and www as wxw so the link is not clickable

[avekigara]

it's 4shared (wxw.4shared.com)... dunno why it went berserk on me. the malware was iframe something i think

[Pondus]

tested the URL with some online scanners and nothing..

can you attach a screen shot of the avast warning ?

[avekigara]

sory, tried to make the shot but don't know where it's now. oh, but i click on the avast link for the warning : http://www.avast.com/en-us/lp-security-information-fp?utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_vir=html:Iframe-inf&p_prc=file://C:\Users\maya\AppData\Local\Google\Chrome\Application\chrome.exe&p_obj=http://ads.epom.com/ads?p=26|%3E{gzip}&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=323&p_lng=en&p_lid=en-us&p_elm=7

[Pondus]

if you have not restarted the computer since the popup.....but if you did a boot scan i guess you have 
right click the avast tray icon and "show last popup" then there is a pin in top right corner of it, click it and it will stay on screen...

from your description it sounds like avast is seeing something on that website it does not like and blocks it...so this is on the website and not in the computer