item found in Malwarebytes (from udemy.com?)

Page 1 of 3 123 LastLast

  1. Posts : 1,442
    Windows 7 Professional 64bit
       #1

    item found in Malwarebytes (from udemy.com?)


    I did a scan with Malwarebytes.
    It found one item and I think it's related to udemy.com. I use google chrome to view courses and it happens to be in the google folder.

    I removed it once before but it shows up again.

    AdwCleaner also finds it.
    Attached Thumbnails Attached Thumbnails item found in Malwarebytes (from udemy.com?)-pup.png  
      My Computer


  2. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #2

    Hi:

    Re: the MBAM detection -- please be sure MBAM is properly configured to both detect AND remove PUPs.
    (Dashboard > "settings" > "detection and protection" > "non-malware protection" > "PUP" > "Treat detections as malware")

    If you have removed it and it reappears on subsequent scans, then most likely you are reacquiring it via visiting the same website, or via something on your system carrying the PUP as a "freebie", or it may be reappearing from Google sync (seems likely if you are using Chrome).

    In the latter case, you may need to clean out all of your sync'd settings and perhaps reset (or even reinstall) Chrome.
    If that doesn't resolve the issue, then you might need a deeper look at the system to clean out whatever is respawning this PUP.

    OTOH If you think that the PUP might be a false positive detection by MBAM, then you may want to start by reading the pinned topic HERE and then submitting at least a scan log (for starters) in the MBAM file F/P forum HERE. The Research team will evaluate the data to determine if the detection may (or may not) be a F/P.

    HTH,

    MM
      My Computer


  3. Posts : 1,442
    Windows 7 Professional 64bit
    Thread Starter
       #3

    I'm going to do a couple scans with MWB and see when it actually reappears.
      My Computer


  4. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #4

    Hi:

    If it's reappearing in both MBAM and AdwCleaner scans, then the most likely explanations are that something on your system is regenerating it (perhaps the application with which it came bundled in the first place) or it is respawning from your sync'd Google data.

    If it's the former, then a bit of deeper work might be needed for complete removal (PUPs can be pesky).
    If it's the latter, then you'll need (at a minimum) to clear out your sync'd Google/Chrome data and probably reset Chrome; additional work might be needed.

    Start by disabling Sync
    How To Delete Your Google Chrome Browser Sync Data
    Chrome - Reset browser settings
    Reset Chrome sync

    If that fails then you might want to Uninstall Google Chrome and do not reinstall until sure the system is clean.

    Let us know how it goes,
    MM
      My Computer


  5. Posts : 3,302
    Windows 7 Home Premium x64 SP1
       #5

    I have a feeling its a F/P. I have been getting the same for a few days now, delete it and it reappears and never visited the site mentioned above. Also using chrome.
    Full Path - C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Danny
      My Computer


  6. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #6

    Hi:

    PUP classifications change from day to day, based on the criteria to which programs are assigned to that category. A change to a program's behavior can result in its being newly classified. More info HERE.

    xxxdannyxxx said:
    I have a feeling its a F/P. I have been getting the same for a few days now, delete it and it reappears and never visited the site mentioned above. Also using chrome.
    Full Path - C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Danny
    To be safe, especially since the OP reports that AdwCleaner is also detecting it....

    MoxieMomma said:
    OTOH If you think that the PUP might be a false positive detection by MBAM, then you may want to start by reading the pinned topic HERE and then submitting at least a scan log (for starters) in the MBAM file F/P forum HERE. The Research team will evaluate the data to determine if the detection may (or may not) be a F/P.
    But it's certainly up to you.:)

    Cheers,
    Last edited by MoxieMomma; 05 Jun 2016 at 11:11. Reason: clarify
      My Computer


  7. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #7

    I would upload and scan the file at https://www.virustotal.com/
    I've seen where the same file gets different results when scanning locally vs. virus total for the same scanner.
    I've also seen where the same file gets reported differently depending on the type of local scan used.
    None of the security programs are perfect.
      My Computer


  8. Posts : 1,102
    OEM Windows 7 Ult (x64) SP1
       #8

    DavidE said:
    I would upload and scan the file at https://www.virustotal.com/
    Excellent idea.

    I've seen where the same file gets different results when scanning locally vs. virus total for the same scanner.
    I've also seen where the same file gets reported differently depending on the type of local scan used.
    None of the security programs are perfect.
    VT and jotti and other sites are a good way to get a broader view.

    One just needs to be aware that "legal" PUPs are not true malware in the strict sense.
    Most have EULAs or require some sort of user behavior (especially failing to opt-out of installation) for their installation.
    Many scanners do not even target them.
    (But I certainly don't want any of that junk on my system -- sooner or later, they tend to lead to more serious problems.)

    This particular "hit" may or may not be a F/P.
    But the only way to know for sure and to have a particular file removed from a particular scanner's database as a F/P is to submit the necessary data to the software vendor.

    One can -- in most scanners, including MBAM -- set an "exclusion" for a given PUP.
    But doing so without first checking with the security software vendor is not particularly safe.


    Cheers,
    MM
      My Computer


  9. Posts : 1,442
    Windows 7 Professional 64bit
    Thread Starter
       #9

    I ran malwarebytes again after opening chrome and going to udemy.com. The PUP is no longer there. I'll use chrome for a bit and see what site the PUP might be associated with. I thought it was related to udemy because of the ability to comment on videos that you watch.
      My Computer


  10. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #10

    At VT you can scan a URL such as www.udemy.com.
    Here are the VT scan results for that site (it scans clean)
    https://www.virustotal.com/en/url/8b...1de2/analysis/
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:40.
Find Us