The possibility exists that SpyHunter is playing games, but after a moderate Internet session with Avast activated, it found 20 infections in the following classes:
2o7
advert
advertising
atlas DMT
Fastclick
Media
QuestionMarket
Serving-sys
AVS did little better. The idea is to block these buggers, not to continuously remove them after infections. I am willing to pay for protection.
What you are listing are not virus … but PUP
PUP = not virus / Possible Unwanted Program … crap that comes bundled with freeware downloads
avast PUP detection is default off exept for in boot scan… so if you want avast PUP detection turn it on
Be aware that avast also class some factory installed programs from Dell / HP / Toshiba as PUP because of what they can do
I recomend using Malwarebytes and AdwCleaner for PUP removal
Also recomended and will save you from some of these Unchecky www.unchecky.com
It SHOULD be ON by default!
I agree and disagree with that. Many users (“Average”) users call PUP & Malware Viruses. If they see 100-1000 programs like PP.Optional.Conduit, Webcakes etc. They’d freak out and most likely either pay $200 USD for a tech to clean it. Call Avast! Third Party shitport (Other wise known as Third party Support) and pay $175, or reformat. All of which are not needed. On top of that. Many programs (adwcleaner, JRT, MBAM etc) remove this and that’s there job.
However, it would be nice for Avast! to put out a Pop-up saying something like. “PUP is not enabled by default for all scans. PUP’s are not viruses, just potentially unwanted programs”.
I don’t think AVAST! feels the need to panic potentially millions of users due to enabling PUP by default.
avast also class some factory installed programs from Dell / HP / Toshiba as PUP because of what they can do, so users then may remove a program they want…
while the PUPs detected by Malwarebytes are only crapware…
@stronghill
For each PUP removal, it is best to simply uninstall them before any shots. In many cases, their uninstaller (if it does) should pick up all or at least most registry entries that these PUP software carry. In this case, most likely will not be any need for additional removal.
@all
In my opinion, all AV companies (including avast!) should start to take it more seriously PUP and start adjusting there scanner.
In theory PUP is not malware, but only in theory. Each user will receive notice in installation progress and PUP’s install can be canceled, yes.
Also, PUP’s uninstaller is available in most cases. But is it legitimate to deceive user in this way? In practice, a lot of them does behaves similar or very simular as a real malware.
I understand that is difficult for AV software to simply target them as such, BC AV doesn’t know whether the user knowingly/deliberately installed the PUP or deceived and tricked. But no matter what, bad PUP is today’s world-wide problem. It is not just common bad software as such, developers attentions and effort are with each new update by going deeply in the registry in attention to hide complete removal if MBAM or some other tool/program target them and that is the malicious act.
There uninstallers (one of the reasons why these software labeled as legitimate) in many cases, doesn’t work (is that deliberately or accidentally I can’t tell).
The fact is that a user will receives notification for PUP installation and configuring on his masnine and browsers but many of them uses varius techniques & fraud to deception in order to make successful install. Most cases this is the users “fault” if he allows that, but the same user is also tricked. PUP software in many cases makes the computer behave buggy and/or unusable to common use.
It is my opinion that avast! should follow some example of their colleagues, to adapt itself and reconsider whether it really true that the PUP is noteworthy of targeting and how avast! should behave towards. I also think that this targeting is waiting avast! and other AV companies sooner or later. The more they delaying this, they (or user) are at a loss.
My opinion of course.
@Magna
While I certainly agree PUP’s are becoming a very large issue. What would be the widespread affect of Avast! users if they suddently made that change? Many users don’t have the knowledge of you or I (Although I by far know way less then you). We understand that PUP is not-a-virus. But most users I see would FTFO (Freak the F out) if they suddenly saw potentialy 10-1000’s of PUP’s on their system.
It’s certainly true that PUP’s are/can be very deceiving. But is that not why unchecky was created? Is to avoid the installation of PUP’s? I’d say more like. Implement it, for let’s say 1 month (time could be different for all I care). Then like Grime Fighter push the installation Unchecky to avoid the installation of PUP. Assuming of course that Unchecky would be OK with that.
A PUP is not a PUP or riskware when you agreed to download it or downloaded it intentionally as you know what the download is supposed to do.
Then one has to be aware of bundled “goodies” that come along with it, even developers may bundle these days.
So be aware where to go to securely and safely download from.
A PUP can become a PUP if it landed onto your OS without your knowledge.
Some of these “proggies” go somewhat further than being just a PUP that comes easily uninstalled -
and then the help of a qualified remover may be necessary to cleanse all remnants of it.
For these categories of "grey"ware (stuff somewhere in between adware, spyware and genuine malware) tools like SAS and MBAM were being developed.
For instance some Browser Hijackers can be easily reversed, some not that easily, for example Conduit,
while they sue everyone that openly calls it a “pest”.
polonus
Most people don’t read what they accept or the EULA. That is where the true issue lies.
It’s not the companys looking to make revenue, or the produces of such programs like Conduit. It’s the users.
Everything can be avoided by the user.
While it’s true that company’s don’t have to put such programs in, if they offer free services, how do they pay employee(s)? Donations? No. Start Selling it? Maybe. But that would PO a lot of users.
The only other solution in which no one seems to care about is programs being installed while that program is installed.
So, with that being said. Something needs to be done on 3 sides. These companies need to find other ways of gaining money.
Users, need to be careful on what/how they download something.
AND
AV companies need to be able to remove these programs w/o scaring most users.
Hi Michael,
It is the user that has a central role here, because he/she/it installs the browser hijacker - thinking it is a useful item etc. etc.
or just by clicking through without paying any notice to what is installed.
CoolSearchBar is a good example and because of user intervention to make it redirect, CSB claims it is a perfectly legal tool,
and even may take those that flag it as a virus to court. It is a grey area for parasites and leeches.
That declares some of the reluctance from av solutions to flag the bloatware fraud.
→ http://www.av-comparatives.org/it-security-tips/prevent-and-repair-browser-hijacking/
Also users can act by adjusting and setting their browser protection higher and watch their e-mails securely.
polonus
turn on PUP in webshield, then i guess you get a warning
What would be the widespread affect of Avast! users if they suddently made that change?What would be? :) Nothing, they would just feel more protected. Not all users malware concerns. Many users simply remove detections as AV says it should be removed. Take for example ESET AV/SS users. Or MBAM uses. Or Emisoft users... etc. They have clearly stated "threat PUP as malware" as available options. Did their users feel worried or secure?
Unchecky works on most common and known level of installation monitoring. It can not protect users from every possible bundled options.
No the main problem always will be the same problem, see attached
But shouldn’t there also not be alerts for zip download files that contain bundled bloatware?
I think we should extend the blocking via a list of known bloatware domains or IPs.
I like what DrWeb’s url checker does, give messages like “this is a known source of infection”.
It is customary now to bundle all sorts of software,
Clean and pristine software out of the box to download is becoming “a rare bird” as put in software zoo terms.
And how would the average user discriminate to that one specific download for a tool like “CommView for Wifi”
for instance that is clean and all the others that come with added crap, bloatware or worse even :o
Sometimes it is not clear whether the software is safe to use: http://app.webinspector.com/public/reports/21716478
I get an injection check alert like :
Suspicious Text after HTML
(0 %áápáá¯á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿c;»¿|z¿¿p0á ááÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿ>6¿ÿÿÿÿÿÿÿßápáïáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿieÿÿÿÿÿÿÿÿÿï0ááÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿieÿÿÿÿÿÿÿÿÿÿï0ápáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿ7.äÿÿÿÿÿÿÿÿÿÿÿï0á áïáÿáÿáÿáÿáÿáÿáïá¿áááááááááááááááááááálf³ïÿÿÿÿÿÿÿïááÿáÿáÿáÿáÿáÿáá ¿ÿÿÿÿÿÿáïáÿáÿáÿáÿáÿáÿÿÿÿÿïá@áÿáÿáÿáÿáÿá¿ïÿÿÿÿÿ á@áÿáÿáÿáÿáÿáÿÿÿÿÿ@ááÿáÿáÿáÿáÿá@@ÿÿÿÿÿ@á@áÿáÿáÿáÿáÿápÿÿÿÿÿ@á áÿáÿáÿáÿáÿáïáÿÿÿÿÿ@áßáÿáÿáÿáÿáÿáïá ÿÿÿÿÿÿááÿáÿáÿáÿáÿáÿáßáá ïÿÿÿÿÿ¯áïáÿáÿáÿáÿáÿáÿáÿáÿáÿá0@ ïÿÿÿÿÿÿ@á0áïáÿáÿáÿáÿáÿáÿáÿáÿáÿáÿÿÿxxxßßÿÿÿÿÿÿÿÿ¯á0áïáÿáÿáÿáÿáÿáÿáÿáÿßpÿÿÿÿÿ~ÿÿÿÿÿÿÿÿïáááÿáÿáÿáÿáÿáÿáÿsÿ0ïÿÿÿÿÿkkkÿÿÿÿÿÿÿïá0ááßáÿáÿáÿ°ÿ)ÿÿ0ïÿÿÿÿÿ"$$ÿÿÿÿÿÿÿ+ßnÿ6ÿÿÿÿÿïp ÿÿÿÿÿÿÿ]^^ÿÿÿÿï 0ÿÿÿÿÿÿÿÿ￯ïÿÿÿÿÿÿÿÿ$&&¿p0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿïïÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¯ ¿ÿÿÿÿÿÿÿÿÿÿÿÿÿïp@¯ÿÿÿÿÿÿÿÿÿßp¿¿p0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿþüøðààÿÿøà?ÿÿþàÿÿþàÿÿÿàÿÿÿàÿÿÿà?ÿÿÿàÿÿþàÿÿüðÿþ0ðÿüøÿøüðÿ?àÿàÿàÿÿð?ÿÿøÿÿüÿÿÿÿÿÿÿÿàÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ( @ á
etc. etc.
Damian
I don’t want this to become a flame war. Each perso. Has their own idea.
Take for example, stronghill. (Please don’t take offends to wait I say). Stronghill miss identified pUP for malware. In the city I live in, most would think that as a virus. Not a potentially unwanted program. Coming from any vendor.
When I originally got into malware/viruses, I scanned my home computer. Only a few PUPs came back. I thought it was viruses. Now, granted, that could just be my city; but I think if something like that should be changed. An announcement should be made explaining that PUP = not-a-virus
Michael,
This is not turning into any “flame war”. No way. It has been turning in a very interesting discussion and I would like as many users as possible would weigh the various points of view expressed. What magna86 and little old me are talking about is given in by experience directly from being in the trenches where the fight against malicious but considered as benign browser hijackers is fought everyday. What do you think when a user finds out that his Google Chrome browser won’t update anymore to enable the Conduit Crap will keep redirecting :o. You have to experience the Conduit misery yourself just for once on your comp and I am sure you will hold a negative position on this pest and similar crap for the rest of your days. That is no flaming, my friend it is just the downright truth.
Damian
I’ve never personally had conduit honestly. I’ve fixed a few friends computer from it. Nothing fancy… (MBAM, short OTL fix). And this is part of the reason why ive applied for G2G. Is so Ican help you guys more. And those suffering from malware. I think tho the public needs to be told what PUP is by defintion. Not the common misconception of virus.
Hi Michael,
I've never personally had conduit honestly. I've fixed a few friends computer from it. Nothing fancy... ([b]MBAM, short OTL fix[/b])If you're gonna listen to me, remember the golden rule. :)
This should attempt to remove all registry entries created by adware.In another case you have no choice but to target the remains and that always create additional job.
Btw, there is no “flame war”, we are just discuss and in some hope that avast! team reads this.
Hi magna86,
A thought by some here is: "Why does not the browser alert to such a Browser Hijacker Object download and stop it,
just like Google Safebroswing is blocking other issues in the browser if they cannot be trusted?
But somehow there is an ambivalent reaction towards these kind of PUPs, where I question the first P of the term - as this is intentional by design!
We know that it has been developed with an intention to stay inside the browser
and in the registry as long as possible to earn from fraudulent redirects.
Would you qualify a browser hijacker as a PUP, bloatware or malware?
Tricky overall situation where a particular removal information site is even vulnerable to the Heartbleed SSL bug
like this one: htxp://malwaretips.com/blogs/remove-browser-redirect-virus/ (do not visit!)
polonus