Win32:Pup-gen (Pup)

I’ve had continuous rproblems with a Toshiba P100 and always felt there was avirus lurking somewhere even if all scans shoed a clean computer. Around last November I started getting blue secreens pointing to the NVidia driver. After a few days I was unable to strat the system anylonger, so I took it to the shop where I bought and they reckoned it was the graphics chip. It is true that over the last few months before the computer gave up it was very hot. I phoned theToshiba appointed technical workshop that told me the problem that I described was well known to them in the P100 and there was nothing they could do; better to use while I could and then throw it away…

Anyway, I left the laptop with the original shop and was told that it needed a new motherboard. I refused and took it home. I tried the Recovery disk but the blue screen came up again referring to the NVIdia driver. I kept trying with the same results until at the forth try I managed to get the Windows Desktop, but various MS boxes came up telling me that there were seriuos errors and I should send info to MS. I did. Amazingly, gradully the messages diasappeared and the computer settled down to complete normality. I started to assume that the problem had to do with the unavailibility of a Toshiba graphics driver for the XP SP3. So, I refused the SP3 and carried on with SP2.

All was fine until now. I decided to a boot scan (an earlier sacn showed no problems) and I got 3 files infected with Win32:Pup-gen (PuP). How can that be? I have not copied any old files to the computer. The only thing I did since the recovery was to download Avast and Poppeeper, apart from Office 2003. I hve not been on any funny webpages. So my questions are

a) is it possible that the virus infected the recovery disk when I put it in, or that the virus was somewhere that stays from the original instalation (menory, bios, etc)?

b) what should I do now to make sure this virus goes away for ever? I chose to send it to the Chest.

Thank you very much for your help on this.

qim

To start with in normal mode avast doesn’t scan for pups (Potentially Unwanted Program) so you are unlikely to see such detections.

  • See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html. Not included in this definition are tools which can be used for good or evil, some have been legitimately installed for a specifically good purpose, but could have been unknowing installed for a malicious purpose.
    Not all antivirus programs scan for PUPs and avast has it turned of by default (an exception being the boot-time scan).

The above are I believe why PUPs aren’t scanned for by default as most people haven’t a clue what the term is and then if what has been detected is legit or its actions could also be used for malicious purposes.

Since you didn’t give any information on the files detected (file name and location), I can’t answer any of your questions.

Whilst the play on words and creating a new Poll (dog - pup) might be funny, it nearly had me pass this topic straight by (without a response) as I hate meaningless polls.

Hi, thank you very much for the response

two of the files were at

c:\prog files\ Toshiba\ConfigFree\NDSTray.exe
c:\Toolscd\Package\NDSTray.exe

the other was in systemRestore. If you tell me how to find the Avast Chest I can send you the info.

Thank you again

qim

avast! GUI → Maintenance

In any case, PUP is not the same as “virus”.

In addition, I don’t see why XP SP2/3 should be an issue. You should go to the manufacturer’s website, check the specific model information. If there is an update for SP3, or for your drivers, apply the updates. If there is no information recommending against SP3, that’s one important item. But if there is no such recommendation, then SP3 (and updated drivers) is a good idea for XP. All this is a separate issue (more important IMHO than 3 “unknown” PUPs).

It isn’t. :wink:

NDSTray.exe =. http://www.processlibrary.com/directory/files/ndstray/22948/

Thak you all

I followed Pondus’ link and decided to restore the items flagged as viruses, as it appears that they are not.

As for the SP2/SP3 what I have heard and seems to agree with my problems is that Toshiba abandoned looking after Satellite P100 and there is no good graphics driver for the XP SP3. I intend to carry on for a while on SP2 which is working fine and then see what happens if I install SP3.

The question at the moment is why did the laptop recover, after so many failures before and after the fresh installation of the Toshiba Recovery disc. It does not make any sense to me.

Thanks

qim

Well, it’s your decision, but be aware that SP2 doesn’t get any security updates anymore…!!

Thank Asyn, but I am in test mode only. I am not using the computer for any serious work. I will in a ew days install SP3 only to find blue screens again, I guess. The important thing now id to try and discover if I have a hardware problem or not.

If you can throw some light on the reasons why the computer seems to be working fine now, I would be grateful

tehanks again

qim

Even in “test mode” you should update to SP3 ASAP.
Doesn’t make much sense to troubleshoot an outdated OS. :wink:

I can not throw some light on this but I do know when I installed XP SP3 many of the BSODs stopped on my XP system.

Please read this:
Support for Windows XP Service Pack 2 ends on July 13, 2010
http://support.microsoft.com/gp/lifean31

Thanks

But as I said before I am not rying to get a working computer. I am slowly installing programme after programme, and eventually SP3, to see where and when it goes wrong. It is suprprising that a computer that “needed” a motherboard and was ready for the rubbish bin is now working perfectly under SP2 and hopefully later under SP3. But what I want to knwo was why it did not start working properly immediately after reinstalling the Toshiba Recvery disc, as I wrote above.

Thanks again

qim

Can you trust PC repair shops?
http://www.mytechteam.net/can-you-trust-pc-repair-shops/

One more question, please:
When you reinstall the manufacturer’s Recovery disc, does anything remain from before in the system? For example, does the bios go back to the original version, or does it remain as per the last update?

Thank you

qim

When You use the recovery, there usually is an option…do you want to format…option

Bios has nothing to to with the recovery partition/disk. It is stored on a flash chip on the motherboard

Bios http://en.wikipedia.org/wiki/BIOS

Thanks Pondus

I understand now.

qim

Some interesting read about Bios malware

http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/

http://www.howtogeek.com/forum/topic/bios-malware

http://www.symantec.com/connect/blogs/bios-threat-showing-again

Hello Pondus

Thanks for the links. Is there any way of checking if my Bios and memory are clean?

qim

Well You can follow essexboys guide and attach the logs so he can have a look
http://forum.avast.com/index.php?topic=53253.0