Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: PUP's in flash scan at Malwarebytes


09 Feb 2014   #1

win 7 home premium
 
 
PUP's in flash scan at Malwarebytes

Hi Forum members, a question please. I have Malware bytes pro one option is to scan memory and start up items. Today it found 98 items in those locations. They are PUP seach ui in files as well as in registry. I am wondering why Microsoft Security essentials lets them through as well as the Windows firewall and Windows defender. Any ideas? If I need another security tool please tell me and I will install whichever one is appropriate. Regards Peter


My System SpecsSystem Spec
.

09 Feb 2014   #2

Windows 7 Home Premium
 
 
PUP's

Hi,

A PUP is a Potentially Unwanted Program. That could be a toolbar or something similar. MSE and other security programs don't block them unless they're malicious. Some users even want to use these toolbars.

Some security products might have the option to alert on PUP's if you look for it in the settings.

Malwarebytes detects these PUP's as they might have been installed without the user's knowledge.

https://helpdesk.malwarebytes.org/en...ey-be-deleted-

Malwarebytes classifies the following as PUP's.

Malwarebytes : PUP Reconsideration Information
My System SpecsSystem Spec
09 Feb 2014   #3

Win 7 Ultimate 64 bit
 
 

MSE is one of the worst AVs you can be using.
My System SpecsSystem Spec
.


09 Feb 2014   #4

win 7 home premium
 
 

Thank you Callender for your reply. Also Lady Fitzgerald.I do understand it better now. I will search for a better Anti Virus. Some people think MSE is not that bad. Regards Peter
My System SpecsSystem Spec
09 Feb 2014   #5

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Lady Fitzgerald View Post
MSE is one of the worst AVs you can be using.
Please do not take this the wrong way. The info presented below is as much for your benefit as it is for the OP. I agree that MSE could be a lot better. You have probably seen my rants about MSE's lack of heuristics. That said, in the context of preventing PUPs from installing on a computer, AVAST might be just as bad as MSE. AVAST happily allowed the Conduit toolbar (and the apps that its installer offered) to be installed. Other antivirus tools flagged these apps.

PUP's in flash scan at Malwarebytes-avast-pup1.png

PUP's in flash scan at Malwarebytes-avast-pup2.png


Using Process Explorer...

PUP's in flash scan at Malwarebytes-avast-pup3.png


Picking two of the worst offenders:

https://www.virustotal.com/en/file/5...is/1391980609/
PUP's in flash scan at Malwarebytes-avast-pup4.png


https://www.virustotal.com/en/file/3...is/1391980611/
PUP's in flash scan at Malwarebytes-avast-pup5.png
You might notice that there are ten findings, but the initial screenshot showed 9 findings. That is because the initial report was based on data that was 6 days old. I resubmitted the EXE for evaluation.

I know that you rely on Malwarebytes Pro to keep these PUPs off of your computer(s), but again, in the context of this thread, moving away from MSE is not going to help the OP to stay free of PUPs (unless the OP picks an antivirus tool that does a better job than AVAST).

I wonder why more antivirus tools don't add more PUPs to the list of things that they watch for?


My System SpecsSystem Spec
09 Feb 2014   #6

W7 Pro SP1 64bit
 
 

petrox,
You can see this post of how to get/setup Process Explorer:
Process Explorer 16
My System SpecsSystem Spec
09 Feb 2014   #7

Windows 7 Home Premium
 
 

[/QUOTE]I wonder why more antivirus tools don't add more PUPs to the list of things that they watch for?[/QUOTE]

I'd say that the answer here is probably about right:

Why isn't a program malware if it installs additional, unwanted software? | PCWorld

Except that some software bundles PUP's with no chance for the user to opt out of installation!

I keep looking for a current list of executable file names for the installers or setup files for these programs but so far I've never come across a full list that is kept up to date!

If there were such a list it would be very useful to me as I block installation of this stuff by detecting the installer process running and then when that happens I've set up a method of automatically launching another safe file to run in it's place.
My System SpecsSystem Spec
09 Feb 2014   #8

W7 Pro SP1 64bit
 
 

I don't think that I was clear. I was not suggesting that installers that offer other apps should be classified as malware. The installer for AVAST and CCleaner would fit into that category. I was saying that apps like Conduit, Search Protect and the like should be highlighted to the user as a PUP by MSE, AVAST and the like. There is no reason to have AV tools look for one level of malware and Malwarebytes looks for another level of malware.

I'm well aware of the need for layered protection and that no one tool catches all forms of malware - but my question stands: why do so many AV tools set the bar so low when it comes to PUPs? Many AV tools simply ignore that entire class of software. I realize that putting software into the PUP category is a subjective decision; but come on, Conduit!

Trovi bought Conduit and here is what you agree to during the install:
Quote:
Information Trovi Collects and Receives. There are several types of data being collected from you as detailed herein.
AVAST thinks the Conduit toolbar and website is just fine:

PUP's in flash scan at Malwarebytes-avast-pup6.png


I could not even get to the Malwarebytes website without being blessed with an endless offer scam from the adware that AVAST allowed.

PUP's in flash scan at Malwarebytes-avast-pup7.png


Most of those 293 items shown below are just snake oil*. They are harmless registry entries. Should they be cleaned? Yes. But they should not be listed in big bold red letters. Those bold red letters should be reserved for items that can cause something to actually happen on your computer.

PUP's in flash scan at Malwarebytes-avast-pup8.png

*The more items found, the better the user feels about Malwarebytes. The same can be said about UniBlue's registry tool. It will find more things "wrong" with the registry than the conservative CCleaner tool will.


Don't get me wrong, Malwarebytes is an excellent tool...
...but it still uses the same tactics (perhaps unintentionally) used by Uniblue.


My System SpecsSystem Spec
09 Feb 2014   #9

Windows 7 Pro. 64/SP-1
 
 

Malwarebytes Anti Malware finds lot of PUP's for me and I don't really care what color they use to indicate them.
To me no PUP is a good PUP. If I wanted it downloaded I would of ask for it up front.
Many anti virus let PUP through because they are not considered virus at this time in the anti virus world, and they are not. For what ever reason some people like some of the little free goodies that slip in. I consider them malware and Malwarebytes does to.
Eset Free Online Scanner will also find PUP's along with viruses ect.
If PUP's were nice to have then send they to me through the front door and not the backdoor of my system.

Many wiser that me have posted: Their is no one program that does it all and I do agree.
My System SpecsSystem Spec
09 Feb 2014   #10

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Malwarebytes Anti Malware finds lot of PUP's for me and I don't really care what color they use to indicate them.
To me no PUP is a good PUP. If I wanted it downloaded I would of ask for it up front.
~~~
If PUP's were nice to have then send they to me through the front door and not the backdoor of my system.
I asked for these installs "up front". The paid version of Malwarebytes Anti Malware might have stopped most of the installs; but Malwarebytes Anti Malware cannot clean what was installed for this tiny test of mine.


Quote   Quote: Originally Posted by Layback Bear View Post
....Many anti virus let PUP through because they are not considered virus at this time in the anti virus world, and they are not....
You are correct about these apps not being a virus. I was lamenting/questioning the decision of some antivirus tools not to include PUPs.


Quote   Quote: Originally Posted by Layback Bear View Post
...Eset Free Online Scanner will also find PUP's along with viruses ect.
~~~
Many wiser that me have posted: Their is no one program that does it all and I do agree.
I mentioned the multiple program concept too; unfortunately, the concept can mean:
1) use one tool to look for viruses and use another tool to look for PUPs
or
2) use more than one tool to look for all classes of malware and PUPs.
Lots of people here operate under option 1.
(which is better than just using MSE :-)


Not to beat a dead horse, but since I spent the time playing with the Conduit toolbar and the other things that I intentionally did not opt out of - I'll report that none of the tools listed in Lady Fitzgerald's system spec [AVAST!, MBAM, SAS, Spybot S&D (all but MBAM free] have managed to rid the virtual machine of the stuff that was installed. Also, ESET seems to have changed their online scanner to be a one time use.

Name:  ESET.png
Views: 31
Size:  12.3 KB

That is why I wanted the antivirus app to do what it can against PUPs and malwarebytes to do what it can against PUPs and any other tool that I throw against the problem. Then maybe - just maybe - if they all do what they can, the PUP can be eradicated from the computer.

Or maybe I'm just looking at the virus/malware/PUP issue all wrong.
I've been known to do that :-(


My System SpecsSystem Spec
Reply

 PUP's in flash scan at Malwarebytes




Thread Tools



Similar help and support threads for2: PUP's in flash scan at Malwarebytes
Thread Forum
Scan Error Error while Scan::0::LEAD Error: Twain source manager no Hardware & Devices
Windows Fax and Scan only able to scan bmp General Discussion
BSOD when running Malwarebytes scan - Kernal_data_in_page_error BSOD Help and Support
Malwarebytes scan times System Security
Malwarebytes freezes during scan System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:25 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33