Hello security analysts,
A few weeks ago on this machine I downloaded a freeware program that I was going to use to convert .flv's to .whatever. Unbeknownst to me, this was your typical freeware loaded with a bunch of garbage during the install, and I X'd the install rather than clicking anything else (friendly tip from Corrine that I never forgot!) before it installed any of its other stuff and just moved on. The mistakes I make when I'm tired....
After uninstalling it and restarting and ensuring it was gone + any remnants, I ran a MBAM scan and had a PUP in my TEMP. I figured it was just something it dropped in there that it 'would' have executed if I kept going with the installation. Needless to say I cleared my TEMP, restarted, ran MBAM again and it didn't show up.
Well, I ran MBAM again a bit ago just to do my biweekly scanning and it found 2 PUP's in TEMP again:
With this said, I did the same thing.. just cleaned TEMP, restarted, ran a Quick Scan again and they were gone the next time (here is the log right after the cleaning TEMP and restarting):
(To clarify when I say 'I cleaned TEMP' I didn't take any action with MBAM, I just used it as a scanner. I flushed my temporary files myself, restarted, and then scanned again afterwards and they were gone).
I then ran a Full Scan with MBAM and that was clean as well, here's the log:
Given that they are not reappearing after a cleaning of TEMP and rescanning (or new ones), there is no obvious decrease whatsoever in system performance, all processes are regular and none are sketchy, etc, would you say that these PUP's that I sometimes see in scans are just sometimes being caught from browsing the occasional not-so-safe website, and I am not infected and these are being dropped in there by a trojan, let's say?
Regards,
Patrick
A few weeks ago on this machine I downloaded a freeware program that I was going to use to convert .flv's to .whatever. Unbeknownst to me, this was your typical freeware loaded with a bunch of garbage during the install, and I X'd the install rather than clicking anything else (friendly tip from Corrine that I never forgot!) before it installed any of its other stuff and just moved on. The mistakes I make when I'm tired....
After uninstalling it and restarting and ensuring it was gone + any remnants, I ran a MBAM scan and had a PUP in my TEMP. I figured it was just something it dropped in there that it 'would' have executed if I kept going with the installation. Needless to say I cleared my TEMP, restarted, ran MBAM again and it didn't show up.
Well, I ran MBAM again a bit ago just to do my biweekly scanning and it found 2 PUP's in TEMP again:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.26.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bsod :: BSOD-PC [administrator]
10/26/2013 7:44:13 AM
MBAM-log-2013-10-26 (07-49-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202136
Time elapsed: 2 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\bsod\AppData\Local\Temp\GXwSCpKD.exe.part (PUP.Optional.InstallMonetizer) -> No action taken.
C:\Users\bsod\AppData\Local\Temp\vmlUv9GO.exe.part (PUP.Optional.InstallMonetizer) -> No action taken.
(end)
With this said, I did the same thing.. just cleaned TEMP, restarted, ran a Quick Scan again and they were gone the next time (here is the log right after the cleaning TEMP and restarting):
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.26.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bsod :: BSOD-PC [administrator]
10/26/2013 7:52:05 AM
mbam-log-2013-10-26 (07-52-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196598
Time elapsed: 2 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
(To clarify when I say 'I cleaned TEMP' I didn't take any action with MBAM, I just used it as a scanner. I flushed my temporary files myself, restarted, and then scanned again afterwards and they were gone).
I then ran a Full Scan with MBAM and that was clean as well, here's the log:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.26.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bsod :: BSOD-PC [administrator]
10/26/2013 7:58:34 AM
mbam-log-2013-10-26 (07-58-34).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401436
Time elapsed: 29 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Given that they are not reappearing after a cleaning of TEMP and rescanning (or new ones), there is no obvious decrease whatsoever in system performance, all processes are regular and none are sketchy, etc, would you say that these PUP's that I sometimes see in scans are just sometimes being caught from browsing the occasional not-so-safe website, and I am not infected and these are being dropped in there by a trojan, let's say?
Regards,
Patrick
Last edited: