PUP detections from MalwareBytes

LevelBest · 17 Jul 2016

Hi

I regularly scan with MalwareBytes (alongside my existing AV). MW usually reports back as no issues but today it reported 5 PUPs namely Optional Optimizer Elite Max (screenshots below). I'm struggling to think how I could have picked these up. Yesterday, I installed an update for Adobe Flash but am always mindful to de-select any optionals.

Any ideas as to how I could have picked these up? I got MW to delete them all and re-ran the programme and it reports all clear.

LevelBest

Callender · 17 Jul 2016

It comes bundled with other software that you must have installed. Review installed software sorted by install date using:

GeekUninstaller

Also see:

https://www.malwarebytes.com/pup/

HAVOC · 17 Jul 2016

Have you installed any "free" programs recently? Did you restart your computer after removal of the PUP's and do another scan with Malwarebytes?

Callender · 17 Jul 2016

RE: FlashPlayer. I always get the clean downloads as it's often bundled with unwanted extras:

For Internet Explorer :
http://fpdownload.macromedia.com/pub..._player_ax.exe

For Mozilla Firefox & Chrome :
http://fpdownload.macromedia.com/pub...ash_player.exe

Plus I always do a clean install of flashplayer each time it is updated. (Fully remove old version first)

LevelBest · 17 Jul 2016

[URL said:

https://www.malwarebytes.com/pup/[/URL]

That info is interesting. I was on a couple of websites this morning where I had to click the 'x' to close down. I haven't installed any programmes of late, nothing new shows in programmes. The most recent update was the Adobe Flash yesterday. My feeling is it was the closing down of pop ups with the 'x' - I must remember to use Alt, Control and Delete which I usually do (too much of the falling down water last night, I reckon

).

Yes, I did another scan with MalwareBytes and no problem this time and I also did a full scan with my usual AV - again no issues.

I'm pretty confident all is well I was just surprised as MW normally reports back with no issues.

LevelBest

Callender · 17 Jul 2016

The date on your screenshot would appear to indicate that Optimizer Elite Max installed on 17 July at 13.10 so check if you installed anything else at that time.

RE: MBAM. It will render the Optimizer Elite Max program ineffective but will not remove it.

MoxieMomma · 17 Jul 2016

Callender said:

RE: MBAM. It will render the Optimizer Elite Max program ineffective but will not remove it.

Are you sure about that?
Normally, if MBAM detects the PUP, it more than likely can and will remove it, IF the user's settings are properly configured.

@LevelBest, please open the MBAM GUI > Settings > Detection and Protection > Non-Malware Protection and make sure that both PUPs and PUMs are set to "Treat Detections as Malware".
You may need to rescan and then reboot for full removal.

Having said that, some PUPs can be tricky to fully remove (requiring a custom script by a trained expert).
Others can respawn e.g. from Google sync or other places, and/or the user may inadvertently reinstall the PUP by failing to opt out during installation of wanted, legitimate software (#1 way that PUPs get on to the system).

If there is any question, @LevelBest, it would help if you could please attach the latest MBAM SCAN log as a *.txt file to your next reply here. Let us know if you need help locating, exporting or attaching it.

Thanks,
MM

Callender · 17 Jul 2016

I'm not entirely sure but it will not stop any Optimizer Elite Max running processes and Optimizer Elite Max scheduled tasks before running the uninstaller. Maybe MBAM deletes everything on boot?

I'm just going on past experience as I don't have MBAM installed currently so can't test.

MoxieMomma · 17 Jul 2016

Callender said:

I'm not entirely sure but it will not stop any Optimizer Elite Max running processes and Optimizer Elite Max scheduled tasks before running the uninstaller. Maybe MBAM deletes everything on boot?

I'm just going on past experience as I don't have MBAM installed currently so can't test.

The PUP database changes -- new PUPs are added, and others may be removed. So your past experience may not reflect the current status.

If you have a potential PUP sample that may not be detected by MBAM, I'm sure that the Research Team would welcome the sample for analysis. :)
They have a rigorous process for evaluating such files for inclusion in the database.
But if the file is coming up in scans (as shown by the GUI snippet provided by the OP), then, chances are, it *will* remove it.
But, yes, some PUPs and malware need a reboot for full removal.
And some malware and even PUPs require the use of multiple tools and/or custom scripts for complete removal.

Until then, it would greatly help at least to see @LevelBest's MBAM scan log -- without it, we are only speculating.:)
@LevelBest, this tutorial HERE shows how to locate, export to a *******.txt******* (not *.xml) file; you can then please ATTACH it to your next reply here in this thread.

We can go from there.

Cheers,
MM

LevelBest · 18 Jul 2016

Hi All

I was downloading Youtube videos yesterday at 1 pm ish, so that's where the malware came from. I did have Adblock for IE11 installed but due to having a few issues with IE11, I had disabled it. I have enabled it again but I have a shrewd suspicion that adblock keeps the comments from being show. I know this is the case with Chrome where I have adblock (which is why I was viewing via IE11).

I've attached the files. All is well with the computer. MW gave me the option to delete the malware and then asked me to re-start to complete the process. I've since run 2 MW scans and my usual AV and all is well.

LevelBest