Pups

What are they and should I have them turned on in Avast? I’ve had them turned on since I downloaded Avast. Whenever I do a quick or full scan on Avast it always shows no threats found but I downloaded Malwarebytes yesterday evening, run a quick scan and it showed 2 pup infections.

I have and run Spyware Terminator every day and the only critical objects it finds are cookies.

Thanks in advance for your help.

Spyware Terminator
you dont need that with avast and malwarebytes

PUP - not a virus = Possible Unwanted Program. avast tell you that you have a program that can be used for good or bad if abused
PUP scan is default off in quick/full scan but default on in boot scan

avast seems to be a bit more strict to what it reports as PUP then MBAM

i would use avast default settings … and what MBAM find as PUP i would remove at once …usually lots of Browser/toolbar crap

what did your MBAM find ? post the log here

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Beverly’s :: BEVERLYS-PC [administrator]

Protection: Disabled

8/18/2012 7:40:25 PM
mbam-log-2012-08-18 (19-40-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204295
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Beverly’s\AppData\Local\Temp\dealio.exe (PUP.Dealio.TB) → Quarantined and deleted successfully.
C:\Users\Beverly’s\Downloads\gimp_freely_1790.exe (PUP.BundleOffers.IIQ) → Quarantined and deleted successfully.

(end)

googling those they seem to be toolbar crap

you can try this to remove more

adwcleaner a special tool for removing browser/toolbar crap. Click search, when done a log pop ups, then click delete, it will ask for a reboot

http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
http://www.softpedia.com/progScreenshots/AdwCleaner-Screenshot-212632.html

post the log here

Error…message exceeds the maximum allowed length (10000 characters.

What do I do now?

Hi midnight,

Attach the log (click on attachment and other options under the message composition window).

I can’t attach it because it says the file is too large.

You can use a file sharing site such as Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link.

Since it is this large…should mean it removed lots of crap :smiley:

I couldn’t figure out how to use Mediafire.

Did another malwarebytes scan and it showed 0 files were detected.

You Seem to have uploaded the adwcleaner.exe file …that is the program file and not the log
I think the log name is adwcleaner.txt

Anyway i cant check as i am on a cellphone

Edit. It was correct done just wrong file.

-\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Beverly’s\AppData\Roaming\Mozilla\Firefox\Profiles\l5ksdrsu.default\prefs.js

Found : user_pref(“aol_toolbar.buttons.layout”, "aol_custom_button_1339355686114;aol_mail_5496;facebook_4083[…]
Found : user_pref(“aol_toolbar.cookie.homepage”, “”);
Found : user_pref(“aol_toolbar.cookie.search”, “”);
Found : user_pref(“aol_toolbar.default.homepage.check”, false);
Found : user_pref(“aol_toolbar.default.search.check”, false);
Found : user_pref(“aol_toolbar.firsttime.showwindow”, false);
Found : user_pref(“aol_toolbar.guid”, “{0DA09299-5490-F656-6BCA-D52121CD6986}”);
Found : user_pref(“aol_toolbar.install.distroid”, “”);
Found : user_pref(“aol_toolbar.install.lastTbVersion”, “5.74.1.8302”);
Found : user_pref(“aol_toolbar.install.lid”, “hyplognew00000010”);
Found : user_pref(“aol_toolbar.install.mtmhp”, “hyplogusaolp00000022”);
Found : user_pref(“aol_toolbar.install.ncid”, “”);
Found : user_pref(“aol_toolbar.metrics.activestampdate”, “19”);
Found : user_pref(“aol_toolbar.metrics.activestampmonth”, “7”);
Found : user_pref(“aol_toolbar.metrics.activestampyear”, “2012”);
Found : user_pref(“aol_toolbar.metrics.originalDate”, “10”);
Found : user_pref(“aol_toolbar.metrics.originalHours”, “19”);
Found : user_pref(“aol_toolbar.metrics.originalMinutes”, “14”);
Found : user_pref(“aol_toolbar.metrics.originalMonth”, “6”);
Found : user_pref(“aol_toolbar.metrics.originalSeconds”, “10”);
Found : user_pref(“aol_toolbar.metrics.originalYear”, “2012”);
Found : user_pref(“aol_toolbar.relatednews.enabled”, false);
Found : user_pref(“aol_toolbar.remote…xml”, “1345334276063”);
Found : user_pref(“aol_toolbar.remote.publish.xml”, “1345334275757”);
Found : user_pref(“aol_toolbar.rtw.active”, false);
Found : user_pref(“aol_toolbar.search.button”, true);
Found : user_pref(“aol_toolbar.search.cid”, “16-06-2012”);
Found : user_pref(“aol_toolbar.search.instd”, “201206101829450000”);
Found : user_pref(“aol_toolbar.search.oid”, “10-06-2012”);
Found : user_pref(“aol_toolbar.search.placement”, “right”);
Found : user_pref(“aol_toolbar.search.populateoncomplete”, false);
Found : user_pref(“aol_toolbar.search.savehistory”, false);
Found : user_pref(“aol_toolbar.search.searchtype”, “web”);
Found : user_pref(“aol_toolbar.search.source”, “tb50-ff-dlcomaol”);
Found : user_pref(“aol_toolbar.skin.custom”, false);
Found : user_pref(“aol_toolbar.surf.date”, “9”);
Found : user_pref(“aol_toolbar.surf.lastDate”, “19”);
Found : user_pref(“aol_toolbar.surf.lastMonth”, “7”);
Found : user_pref(“aol_toolbar.surf.lastYear”, “2012”);
Found : user_pref(“aol_toolbar.surf.month”, “701”);
Found : user_pref(“aol_toolbar.surf.prevMonth”, “2876”);
Found : user_pref(“aol_toolbar.surf.total”, “5538”);
Found : user_pref(“aol_toolbar.surf.week”, “9”);
Found : user_pref(“aol_toolbar.surf.year”, “5487”);
Found : user_pref(“aol_toolbar.ticker.active”, false);
Found : user_pref(“aol_toolbar.upgrade.showwindow”, false);
Found : user_pref(“aol_toolbar.weather.degc”, “17”);
Found : user_pref(“aol_toolbar.weather.degf”, “63”);
Found : user_pref(“aol_toolbar.weather.image”, “chrome://aoltoolbar/skin/weather/34.png”);
Found : user_pref(“aol_toolbar.weather.metric”, true);
Found : user_pref(“aol_toolbar.weather.tooltip”, “New York , NY : Mostly Sunny”);
Found : user_pref(“aol_toolbar.weather.update”, “1345376785579”);
Found : user_pref(“aol_toolbar.weather.zipcode”, “10065”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.AutoSearchEventData”, “auto%20search”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.ClearCacheDate”, 19);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.DNSCatch”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.DisplayEULA”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.DnsCatchEventData”, “dns%20catch”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.EBOMode”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.FirstLaunchShown”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.InstallDomain”, “freecause.com”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.InstallType”, “standard”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.LoadLayoutDate.100573”, 19);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.NewTabSearchEventData”, “tab%20search”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.ShowRecommendedOptions”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.StateReportDate”, “1345218712511”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.TopRightSearchEventData”, "top%20right%20search[…]
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.beforeInstallSaved”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.beforeinstall.homepage”, "hxxp%3A//g.msn.com/US[…]
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.beforeinstall.search”, “Secure%20Search”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.customNewTab”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.helpUsImprove”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.hideOthers”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.partnerauth”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.processAddrBar”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.restoreSearch”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.searchHistory”, true);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.session”, "E3D5BAA7CA9161EF661F0ADFA668A4E706AA[…]
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.showFirstLaunchOptions”, false);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.tb_lang”, “en”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.tool_id”, “100573”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.user_id”, “113664472”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.user_key”, "2acdefae878e234fbe7e276025ba18011a1[…]
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.user_layouts”, “100573”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.user_lnames”, “Shop%20to%20Win%2031”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.vars.disablecuidinject”, “1”);
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.vars.lastcheck”, "Wed%20Jul%2011%202012%2006%3A[…]
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.xml_service_url”, "6bb94bbf55fe2f255901a560824a[…]
Found : user_pref(“freecause678881e15812e8d4c5b35902ec5dbf68.yahooSearch”, false);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.DNSCatch”, false);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.FirstLaunchShown”, true);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.LastDate”, 19);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.customNewTab”, false);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.processAddrBar”, false);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.tb_lang”, “en”);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.user_id”, “67717509”);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.vars.disablecuidinject”, “1”);
Found : user_pref(“freecausea018b2136b4647919298519020db5737.vars.lastcheck”, "Wed%20Jul%2011%202012%2006%3A[…]
Found : user_pref(“freecausea018b2136b4647919298519020db5737.yahooSearch”, false);

-\ Google Chrome v [Unable to get version]

File : C:\Users\Beverly’s\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : “description”: “The fastest way to search the web.”,

-\ Opera v12.1.1532.0

File : C:\Users\Beverly’s\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.


AdwCleaner[R1].txt - [15932 octets] - [19/08/2012 09:05:22]
AdwCleaner[R2].txt - [15993 octets] - [19/08/2012 09:28:07]
AdwCleaner[R3].txt - [15868 octets] - [19/08/2012 12:31:04]

########## EOF - C:\AdwCleaner[R3].txt - [15997 octets] ##########

Unable to post the full text.