Author Topic: reglcean win32:pup-gen  (Read 4709 times)

0 Members and 1 Guest are viewing this topic.

sniper968

  • Guest
reglcean win32:pup-gen
« on: November 12, 2011, 02:04:54 AM »
Hi, I did a boot scan and Avast detected a win32:pup-gen virus in Regclean.msil app.cab application.exe

I had it deleted.

Several very old zip files were corrupted - so I deleted them too.

I was wondering later whether that was an error?

Did anyone else have the same result?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87063
  • No support PMs thanks
Re: reglcean win32:pup-gen
« Reply #1 on: November 12, 2011, 03:39:57 AM »
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn't know the password or have any way of using it even if it did know it).

When you run scans with the above programs and you delete harmful entries that they detect, a copy is kept (in quarantine/restore/backup) in case you need to reverse what you did. These are usually password protected, you should do some housekeeping and delete old backup/recovery/quarantine entries (older than two weeks or so), this will reduce the numbers of files that can't be scanned.

By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to.

So I will let you answer your own question on if you should have deleted them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sniper968

  • Guest
Re: reglcean win32:pup-gen
« Reply #2 on: November 13, 2011, 01:08:58 AM »
Thanks David. You're right I shouldn't have deleted it but sent it to the virus chest.

It was 3am and I just wasn't thinking properly. :-X

I have included my avast bootscan if you might be able to shed some light into it. It seems that a number of very old archival zip files were corrupted. I deleted them (same time as the regclean) because they were so old but again, should have sent them to the vault for further analysis.

If you can shed some light onto them I'd appreciate your advice, thank you and have a good weekend.

The archival hard drive is actually rather old - about 8 years old.

11/12/2011 08:49
Scan of all local drives

File C:\Program Files\iriver\iriver plus 3\PlugIns\mypodder.001|>mypodder\myPodder User Manual.pdf Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Valve\Steam\SteamApps\Targcomputers\team fortress 2\tf\cache\cp_castle3.bsp.bz20000|>{bzip} Error 42130 {BZIP2 archive is corrupted.}
File D:\2gig\xp\VX2S_XP_drivers.part1.rar|>Styles\Theme\uxpatcher.exe|>%WIN%\System32\dllcache\uxtheme.dll Error 42145 {Installer archive is corrupted.}
File D:\2gig\xp\VX2S_XP_drivers.part1.rar|>Styles\Theme\uxpatcher.exe|>%WIN%\System32\dllcache\uxtheme.dll Error 42145 {Installer archive is corrupted.}
File D:\2gig\xp\VX2S_XP_drivers.part1.rar|>Styles\Theme\uxpatcher.exe|>%WIN%\System32\dllcache\uxtheme.dll Error 42145 {Installer archive is corrupted.}
File D:\2gig\xp\VX2S_XP_drivers.part1.rar|>Styles\Theme\uxpatcher.exe|>%WIN%\System32\dllcache\uxtheme.dll Error 42145 {Installer archive is corrupted.}
File D:\2gig\xp\VX2S_XP_drivers.part1.rar|>Styles\Theme\uxpatcher.exe|>%WIN%\System32\dllcache\uxtheme.dll Error 42145 {Installer archive is corrupted.}
File D:\2gig\xp\VX2S_XP_drivers.part1.rar|>Styles\Theme\uxpatcher.exe|>%WIN%\..\VTPFiles\uxtheme.dll Error 42145 {Installer archive is corrupted.}
File R:\richie\jeremy\Transport Tycoon\1million-forth.zip|>Try01.ss1 Error 42125 {ZIP archive is corrupted.}
File R:\Mainuser\setupxv.exe|>RegClean.msi|>app.cab|>ApplicationExe is infected by Win32:PUP-gen [PUP], Deleted
Number of searched folders: 26949
Number of tested files: 1340837
Number of infected files: 1
 

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37166
  • Not a avast user
Re: reglcean win32:pup-gen
« Reply #3 on: November 13, 2011, 01:21:25 AM »
Quote
Win32:PUP-gen [PUP]
PUP is not virus

PUP (potentially unwanted program)
http://searchsecurity.techtarget.com/definition/PUP

it is telling that you have a program that can be used for good or bad, depending on what it can do and who installed it

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87063
  • No support PMs thanks
Re: reglcean win32:pup-gen
« Reply #4 on: November 13, 2011, 01:26:37 AM »
@ sniper968
- Corrupted Archive file, this could simply mean that avast is unable to unpack it to scan the contents of the archive and assuming it is because it is corrupt. Even if it were corrupt there is nothing that a user can do to resolve any corruption, short of replacing the file. This I wouldn't recommend (especially if this is for archives in the \System Volume Information folder, part of the system restore function) unless you are getting problems relating to that file outside of the avast scan.

The pup-gen, again it is within an archive so essentially it is inert unless the archive is unpacked and the application.exe file run. Given the name of the installation file (.msi file) RegClean.msi, this is a registry cleaner of sorts, not these kind of tools could be used for good or evil and that is what a PUP (Potentially Unwanted Program) part of the win32:pup-gen [PUP] detection is all about.

So the boot time scan looks for PUPs by default, the on-demand scans don't. My reasoning on that is the term PUP isn't widely known and may well cause the user more concern than comfort. The user has to know what PUP means and have an idea of what is installed on their system to make the determination if this is an unwanted program or not (for most this isn't easy).

I don't believe you have anything further to be concerned with.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security