Anyone Know Anything About Pup.Bundleoffer.Downloads.S in other words, what it is, what it does? I couldn’t find anything about it by doing a Google search which usually means it’s very new. Malware Bytes just found it on my system and flagged it as malicious and serious. Malware Bytes supposedly has removed it and I just finished a scan that shows that it really did.
That’s two nasty ones in two days that Avast 6.0.1367 has missed (the other being “Vista Home Security 2012)”. Thank God for Malware Bytes.
Haven’t got the slightest idea. That said all you have to do is break down the (what appears to be a) generic signature.
PUP (Potentially Unwanted Program) - See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
By default PUPs aren’t scanned for, so you can however change your settings in the Web Shield, Expert Settings (see image) and in the File System Shield (same area) and enable Scanning for PUPs.
The same is required for on-demand scans.
That said you will probably be surprised what is considered a PUP and you then have a decisions to make based on your knowledge of your system, what is installed on it and the file being detected (what does it do, etc. etc.). Most people really are ill prepared to answer this and my guess on why it is disabled by default.
Bundleoffer - pretty self explanatory some bundles offers come with things which might be considered adware/spyware. This may provide anonymous information on your browsing habits to deliver targeted adverts, marketing information, etc.
Downloads.S - it obviously has to be downloaded and I have no idea what their .S classification is for type of download.
All in all this one I think is pretty timid/benign:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here, post the URL in the Address bar of the VT results page.
Hi m8 not really very good at this stuff but yesterday I got an email titled “wooow” from a friend. It asked me to open a link which then offered prizes. At this point I abandoned it as I thought it looked dodgy. Today I got a load of emails from friends saying I had sent them this dodgy email. Obviously the worm/virus had got hold of my contact list and sent out the same email. When I realised what was happening I did a MALWAREBYTES scan and up popped PUP.BUNDLEOFFER.DOWNLOADS S. When I looked at the properties I see it was located in my downloads folder\Softronics downloader for kmplayer.exe. Ran the Malware scan and it said it was removed but when I went back and scanned again it was still there. Just thought I would add this post by way of an extra bit of info but if anyone knows how to remove this worm please let me know.
I came upon this site looking for answers to the same questions. I’ve done two sweeps of my machine with Malwarebytes, and both came up with the Pup.Bundleoffer questionable object; last night’s sweep came up with two examples.
Here’s the log info for last night’s sweep regarding one of the PUP items:
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000951 (PUP.BundleOffer.Downloader.S) → Quarantined and deleted successfully.
C:\Documents and Settings\Robert\My Documents\Downloads\SoftonicDownloader_for_ultrasurf.exe (PUP.BundleOffer.Downloader.S) → Quarantined and deleted successfully.
(end)
Hopefully Malwarebytes has gotten rid of both. I have no idea where these PUP’s came from or whether they’re legit or malware. I was looking for answers when I stumbled upon this site.