Windows 10: Overrun by PUP's Solved

Page 1 of 4 123 ... LastLast
  1.    21 Apr 2016 #1

    Overrun by PUP's


    I run 3 PC's
    windows 10 32 bit
    windows 10 64 bit
    windows 7 32 bit
    Whenever I run malwarebytes, say after 2-3 days interval - it records 325 PUP entries (applies to each machine)

    This is a comparatively recent happening. Some guidance as to how to avoid this intrusion would be very much appreciated.
    All three PC's are installed with Webroot Internet Security (but this happens regardless of whatever AV is installed)
    I use google chrome a lot for my visits to the net etc
    My ISP is talktalk, and I use Thunderbird as my email client.

    I await any comments with interest - thanks in advance

    EDIT / PS - I should have mentioned that the malwarebytes used is the free version - will the real-time version do the trick?
    Last edited by Skofab; 21 Apr 2016 at 16:33.
      My ComputerSystem Spec


  2. Posts : 11,642
    W10Prox64
       21 Apr 2016 #2

    Skofab said: View Post
    I run 3 PC's
    windows 10 32 bit
    windows 10 64 bit
    windows 7 32 bit
    Whenever I run malwarebytes, say after 2-3 days interval - it records 325 PUP entries (applies to each machine)

    This is a comparatively recent happening. Some guidance as to how to avoid this intrusion would be very much appreciated.
    All three PC's are installed with Webroot Internet Security (but this happens regardless of whatever AV is installed)
    I use google chrome a lot for my visits to the net etc
    My ISP is talktalk, and I use Thunderbird as my email client.

    I await any comments with interest - thanks in advance

    EDIT / PS - I should have mentioned that the malwarebytes used is the free version - will the real-time version do the trick?
    Hi.
    First of all, MBAM (Malwarebytes Antimalware) Free should do the job just fine getting rid of them, but you have to go into the settings and tick the box to scan for Rootkits. Then do the custom scan, selecting the entire C drive. The paid version should prevent them from getting on your system in the first place.
    You may also want to run ADWCleaner, just to clean up things.

    Please also have a look at your installed applications and make sure nothing shady is in there.
      My ComputerSystem Spec


  3. Posts : 377
    Windows 10 Pro 64bit v10586.3
       21 Apr 2016 #3

    Try this program and then delete what you know doesn't belong there. If you don't know what belongs look up the pups individually. I have never seen that many pups or heard of that number unless some kind of virus attack occured. After a rootkit scan (done weekly here) I usually find 1 or 2 PUPs and they are always erroneously flagged. Good luck.

    Program: Sophos Virus and Rootkit Scanner Free Antivirus System Tool for Conficker, Rootkit, Virus and Malware Detection and Removal | Sophos
      My ComputerSystem Spec


  4. Posts : 824
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       21 Apr 2016 #4

    Hi, @Skofab:

    A bit of clarification...
    As the others have pointed out, MBAM Free is only a manual, on-demand scanner that removes PUPs and malware already on the system.
    MBAM Premium -- when properly configured -- can help to PREVENT PUPs/malware infection in the first place.

    PUPs are not malware, in the strict sense of the term, as explained HERE. But they are generally junk that one likely does not not need or want and they can eventually get one into trouble with real malware.

    Having said that, scanning for ROOTKITS and scanning for PUPs/PUMs are actually different settings.
    In order to be sure MBAM is properly configured, open the dashboard > settings > detection and protection > non-malware protection and verify that both PUPs and PUMs are set to "treat detections as malware".

    If your settings are correct, but the PUPs seem to come back with each scan, then the most likely explanations include:
    • MBAM is having trouble removing them for some reason; and/or
    • They are re-spawning, either from software/malware on the system, from Google sync or from another source.


    If you would like, please follow the steps in THIS TUTORIAL to locate, export and post here as an ATTACHMENT to your next reply an MBAM SCAN LOG from one of the computers. That log may point to an explanation and possible solution.

    Thanks,
    MM
      My ComputerSystem Spec

  5.    22 Apr 2016 #5

    Get an adblocker for your browser too. And protect your browsers from zero day attacks with Malwarebytes Antiexploit or similar.
      My ComputerSystem Spec

  6.    22 Apr 2016 #6

    Thanks everyone for your responses to date.

    I would explain that I am aware that Malwarebytes free is only of use 'after the fact' - it does it seems certainly remove the listed entries effectively.
    I was unaware that there is a rootkit tickbox in malwarebytes settings - that has now been dealt with.

    I will keep a log - which I will forward at the next convenient time. As already mentioned, the readout suggests 325 entries that revolve around 'mindspark'
    Running ADWcleaner throws up just one entry (this I will try to include in next post)

    From memory, I think the log list includes a reference to a google extension - but - when I navigate to the google extension list, no individual entry is marked a enabled.


    I will return!
      My ComputerSystem Spec

  7.    22 Apr 2016 #7

    Me again..........
    I have just found a saved log of a recent run of ADWCleaner - it was here that I found the references to Google/Chrome. Is this of any significance/help?






    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\bg.html->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\bg.html.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\bg.js->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\bg.js.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\content.js->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\content.js.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\content_lores.js->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\content_lores.js.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\htmlhelpers.js->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\htmlhelpers.js.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\icon128.png->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\icon128.png.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\icon48.png->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\icon48.png.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\manifest.json->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\manifest.json.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\_metadata\computed_hashes.json->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\_metadata\computed_hashes.json.vi r
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\_metadata\verified_contents.json->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_1\_metadata\verified_contents.json. vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dulkizjkkg-a.akamaihd.net_0.localstorage->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dulkizjkkg-a.akamaihd.net_0.localstorage.vir
    C:\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdkhngaioieemngifhcjghfankkmbpca_0.localstorage->C:\AdwCleaner\FileQuarantine\C\Users\CJE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdkhngaioieemngifhcjghfankkmbpca_0.localstorage.vir
      My ComputerSystem Spec


  8. Posts : 824
    Win10/64 Pro 1511 (and 2 Win 7/64 Ult & Pro systems)
       22 Apr 2016 #8

    Hi:

    Just to be clear, the ROOTKIT scanning setting in MBAM is separate and different from the PUP/PUM settings.
    It's certainly fine to enable the anti-rootkit feature, but it's not likely to directly impact the behavior you reported in your original post (recurring PUPs in sequential MBAM scans).
    Adding MBAE (Free or Premium) is another fine suggestion, but it won't fix your original issue, either.

    To more directly fix that particular problem, it would help to know if your PUP/PUM settings in MBAM are correctly configured, as suggested in my earlier reply #4 here.
    And, yes, the partial AdwCleaner log suggests that the PUPs are likely re-spawning from Google sync/Chrome/a Chrome extension.
    But it would also help to see the MBAM scan log, as previously suggested.

    >>Some PUPs (and some malware) can be rather pesky, requiring the use of multiple, powerful tools, in the correct sequence, as well as other interventions (e.g. resetting/reinstalling Chrome), for complete removal.

    HTH,
    MM
      My ComputerSystem Spec


  9. Posts : 28,860
    Windows10Pro 64Bit - Build 14393.1198
       22 Apr 2016 #9

    Malwarebytes does not remove pup's much at all. I even believe they post that on their site. Download a program like SuperAntiSpyware free version which does a GREAT job of finding and removing pup's. Here is a link.
    http://www.superantispyware.com/
      My ComputersSystem Spec


  10. Posts : 11,642
    W10Prox64
       22 Apr 2016 #10

    MoxieMomma said: View Post
    Hi:

    Just to be clear, the ROOTKIT scanning setting in MBAM is separate and different from the PUP/PUM settings.
    It's certainly fine to enable the anti-rootkit feature, but it's not likely to directly impact the behavior you reported in your original post (recurring PUPs in sequential MBAM scans).
    Adding MBAE (Free or Premium) is another fine suggestion, but it won't fix your original issue, either.

    To more directly fix that particular problem, it would help to know if your PUP/PUM settings in MBAM are correctly configured, as suggested in my earlier reply #4 here.
    And, yes, the partial AdwCleaner log suggests that the PUPs are likely re-spawning from Google sync/Chrome/a Chrome extension.
    But it would also help to see the MBAM scan log, as previously suggested.

    >>Some PUPs (and some malware) can be rather pesky, requiring the use of multiple, powerful tools, in the correct sequence, as well as other interventions (e.g. resetting/reinstalling Chrome), for complete removal.

    HTH,
    MM
    Just to reiterate:
    Whenever I run malwarebytes, say after 2-3 days interval - it records 325 PUP entries (applies to each machine)
    Since the OP indicates that the PUP/PUM selections are being flagged in the MBAM scan, I assumed those were already set to "treat as malware". The problem is that they keep coming back, hence the need for the Rootkit option in MBAM, and the ADWCleaner log. Mindspark is notorious for respawns. The log clearly indicates problems with the Chrome browser extensions.

    Now that ADWCleaner has been run, my recommendation would be to completely reset Chrome, Edge, and all other existing browsers on the system, removing all extensions, and then be very careful which ones you reintroduce to the browser(s).

    You may also want to install Unchecky.

    OldMike65 said: View Post
    Malwarebytes does not remove pup's much at all. I even believe they post that on their site. Download a program like SuperAntiSpyware free version which does a GREAT job of finding and removing pup's. Here is a link.
    http://www.superantispyware.com/
    OldMike suggests a very good program here, which I use on all my systems, and those I work on as well.

    Good luck!
      My ComputerSystem Spec


 
Page 1 of 4 123 ... LastLast

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:58.
Find Us