PUP.BundleOffers.IIQ, just making sure it's gone.

Patrick

Sysnative Staff
Joined
Jun 7, 2012
Posts
4,618
Hi :)

BSOD analysis is my thing, not security! :P Oh the mistakes you make when you're tired :sleep2:

I was looking to play some .FLV files, and I was trying to remember the name of the player I used to use (it was and is VLC Player), however... at the time, I thought it was FLV Player. So, I navigated to a site and it looked different, but I figured they just updated it. I downloaded the program, ran the install, but didn't install it per-say. I saw that the installer was much different, and when it asked whether or not I wanted to install Yahoo toolbar as an option under "custom", I said to myself "yeah... let's close this installer, this isn't it."

Well, as I clicked the "decline" option, it asked me again if I wanted to decline, and again.. and again... and eventually tried to download the necessary application files via the installer, and then I assume install them if the download completed. I cancelled it and closed the application. There are no remnants of the program whatsoever installed. No folders, no shortcuts, etc. It was just trying to download it from the installer, but I stopped it.

However.... after that, I felt that installer was way too fishy, and I ran a quick MWB scan, and it found PUP.BundleOffers.IIQ in my Temp. I quarantined it and deleted it, and according to the log:

Files Detected: 1
C:\Users\BSOD\AppData\Local\Temp\_ir_sf_temp_0\flvinstaller.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

So that went okay. After that, I loaded up CCleaner and cleaned my temp and the nine (minus the registry, of course). After that, I restarted, booted back up, re-ran a quick scan TWICE, and it found nothing.

I'm assuming it's gone, but I just want to be sure that PUP.BundleOffers.IIQ is nothing serious, didn't do any damage, and make sure I don't need to go the extra mile and begin the posting instructions, etc. System seems fine, processes are great.. no fishy ones. I'm a perfectionist and a worrier, so just checking to make sure everything's in the clear.

Thanks guys :)
 
Last edited:
Hi, Patrick.

"PUP" stands for "potentially unwanted program". From the name, the installation would cave bundled lots of unwanted offers in addition to the Yahoo toolbar. Apparently, the installer was programmed not to accept "decline". The best way to handle such situations is the keyboard shortcut Alt + F4 to close the window or task manager. The reason is that most nefarious programs are written so that cancel, the X or even clicking on it all mean "Ok".

From what you posted, it sounds as though all is well. However, without seeing any logs, I can only go by what you said. If you are comfortable that your computer is clean, then fine. Otherwise, the only way to know more is to go the extra mile.
 
Whew, thanks Corrine for the quick peace of mind and the explanation!

I did some small research and found it usually comes with a toolbar like you said IF the install goes through, and that's probably what unleashes hell? Anyway, I made sure. There's no toolbars on Firefox or Internet Explorer. No nefarious / unwanted processes that I don't recognize, etc. So everything seems okay. I just wanted to make sure I don't have a rootkit that MWB won't show or something serious.

Regards,

Patrick
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top