PUP Files Everyday

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 9,600
    Win 7 Ultimate 64 bit
       #11

    bigmck said:
    Lady Fitz -- I thank you for the Malwarebytes heads up. Yeah, I had version 3 and I have been getting some goofy things lately now that I think about it. I just uninstalled it and am trying Super Spyware or what ever you called it. I will see how it works. Thanks,
    SuperAntiSpyware (SAS) and Malwarebytes 3 (MB3) do two completely things. I use both: the free version of SAS and the paid version of MB3 (I have four grandfathered lifetime licenses).

    SAS looks for and removes cookies that either track your usage or inject advertising into your computer. MB3 looks for pretty much all other kinds of malware. MB3 does its job well but has some problems, most which can be fixed, although it's a pain in the neck to have to keep doing so with each new version. It's worthwhile to use MB3's user forum to keep track of the problems and fixes. I also recommend using MB3 with an antivirus even though MB3 claims you don't need one; MB3 also claims you can do so. I'm using Avast free with most of the extra features turned off with MB3.
      My Computer


  2. Posts : 4,751
    Windows 7 Home Premium 32-Bit - Build 7600 SP1
    Thread Starter
       #12

    Lady Fitzgerald said:
    SuperAntiSpyware (SAS) and Malwarebytes 3 (MB3) do two completely things. I use both: the free version of SAS and the paid version of MB3 (I have four grandfathered lifetime licenses).

    SAS looks for and removes cookies that either track your usage or inject advertising into your computer. MB3 looks for pretty much all other kinds of malware. MB3 does its job well but has some problems, most which can be fixed, although it's a pain in the neck to have to keep doing so with each new version. It's worthwhile to use MB3's user forum to keep track of the problems and fixes. I also recommend using MB3 with an antivirus even though MB3 claims you don't need one; MB3 also claims you can do so. I'm using Avast free with most of the extra features turned off with MB3.
    I was under the impression that SuperAnti was an alternative to Malwarebytes, thanks for the heads up. I use MS Security Essentials for my AV. I like MalBytes but I get too many strange things. I have gone back to MalBytes V 2.2 What did you disable in V 3 that satisfied you?
      My Computer


  3. Posts : 9,600
    Win 7 Ultimate 64 bit
       #13

    bigmck said:
    I was under the impression that SuperAnti was an alternative to Malwarebytes, thanks for the heads up. I use MS Security Essentials for my AV. I like MalBytes but I get too many strange things. I have gone back to MalBytes V 2.2 What did you disable in V 3 that satisfied you?
    I just went back to an earlier update of v3.
      My Computer


  4. Posts : 7,100
    W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
       #14

    Hi bigmck,

    nothing really sticking out as malware
    Allthough there is a google policy restriction.
    Im not a malware expert but i'll ask @DonnaB to cast here expert eyes over it.
    There are a couple weird files
    the program compatabilty program is referencing Yahoo
    and some odd data in your appdata temp files, Quarentine for one.


    Both MBAM and MSE are having trouble connecting via your host files.


    Roy
      My Computer


  5. Posts : 4,751
    Windows 7 Home Premium 32-Bit - Build 7600 SP1
    Thread Starter
       #15

    Thanks for looking at the files Roy.
      My Computer


  6. Posts : 163
    Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
       #16

    Hi everybody,

    For the record, if I am not mistaken, MBAM3 is not an AV unless you have the paid version like Lady Fitzgerald has, otherwise it does not run in realtime and is only a second hand scanner that must be executed manually. The paid version is supposed to play well along side any other AV as a second layer of realtime protection.

    I think I read that you uninstalled Malwarebytes? If not, please attach the logs so we can see the 36 PUP's that it has been finding.

    bigmck? Did you download WeatherBug intentionally?
    Task: {06F75BBE-8156-4B85-9EA0-97DDC91475B4} - System32\Tasks\{B6FFA501-E300-4C95-BC8D-3971D890F9EE} => C:\Windows\system32\pcalua.exe -a C:\Users\Jim\Desktop\WeatherBugSetup.exe -d C:\Users\Jim\Desktop
    Task: {45E5D37F-0334-441E-853B-19014301465C} - System32\Tasks\{CC802FEB-6364-45B2-A2E9-B26FEAAE3700} => C:\Windows\system32\pcalua.exe -a D:\Downloads\WeatherBugSetup.exe -d D:\Downloads
    WeatherBug is and ad serving software that is considered PUP/Adware because it is usually bundled along with legit software that is downloaded and can generate pop-up advertisements in the browser it attaches to. Back in the day SuperAntiSpyware used to target it as a threat, or was that Spyware Blaster. Sorry, my memory fails me since it has been quite some time since I uninstalled it.

    The following two programs are severely outdated. Older versions of software have vulnerabilities that malware can use to infect your system. Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed properly. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises that it is needed.

    Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

    If you decide that you do need Java, you can dowload the most recent version from here.

    As for the Hosts file. Found the following in the FRST log:

    Hosts: Hosts file not detected in the default directory

    Any idea what might have happened to it? We'll do a search of the default location to see what's up. I am sure it will not be found but still want to see.

    There are a few orphaned files etc that can be removed and we're going to empty those temp files. Please do as follows:


    • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
    • Please copy the entire contents of the code box below.
      (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    • Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.

      CreateRestorePoint:
      CloseProcesses:
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      Toolbar: HKU\S-1-5-21-2284772-1736933989-2242282106-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
      CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
      S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
      S3 ALSysIO; \??\C:\Users\Jim\AppData\Local\Temp\ALSysIO.sys [X]
      S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
      S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
      S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
      CustomCLSID: HKU\S-1-5-21-2284772-1736933989-2242282106-1000_Classes\CLSID\{48AC0584-909B-42D6-BD5F-83124C096669}\InprocServer32 -> no filepath
      Folder: C:\WINDOWS\system32\drivers\etc
      EmptyTemp:
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please attach it to your reply. DO NOT paste into reply box. It might be too long.
      My Computer


  7. Posts : 9,600
    Win 7 Ultimate 64 bit
       #17

    DonnaB said:
    Hi everybody,

    For the record, if I am not mistaken, MBAM3 is not an AV unless you have the paid version like Lady Fitzgerald has, otherwise it does not run in realtime and is only a second hand scanner that must be executed manually. The paid version is supposed to play well along side any other AV as a second layer of realtime protection...
    True that. I should have been more clear about that.
      My Computer


  8. Posts : 4,751
    Windows 7 Home Premium 32-Bit - Build 7600 SP1
    Thread Starter
       #18

    Lady Fitzgerald said:
    True that. I should have been more clear about that.
    Yes, I am aware that MByte is not an AV. I run MSE for my AV. == I also have the Paid Version of MByte. Since I uninstalled MByte 3 and installed MByte 2 I don't get the Pup but I feel like it is not a good idea to run Version 2. I could be getting all kind of stuff. When I install a new program, which I haven't recently, I always look to see if anything is being added in addition to the program. == Lady Fitz, what do you disable in MByte 3 that works for you?
      My Computer


  9. Posts : 9,600
    Win 7 Ultimate 64 bit
       #19

    bigmck said:
    ...Lady Fitz, what do you disable in MByte 3 that works for you?
    I installed an earlier version of Malwarebytes 3.
      My Computer


  10. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #20

    @ bigmck

    Take a look in msconfig Startup and Non Microsoft Services.

    You might have a program in one of those that is doing a 'auto' update that is loading those PuP's.

    I have the paid for version of Malwarebyte and MSE and have no problems on two systems.

    I also use the stand alone free online scan with Eset. It's the only thing I have found that finds and removes the Google toolbar bundle.

    Jack
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:20.
Find Us