Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"generic Pup.x"


  • Please log in to reply
14 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 29 September 2008 - 10:55 PM

Hello Everyone!

My McAfee Security Center recently found "Generic PUP.x" on my computer. I then went to the McAfee site for more information. They say it possibly could be or could not be a threat to my computer. It may be part of a license agreement from McAfee or part of some other bundled package from another software supplier. That is why I came here to see if you can help find out what it is.

Here is the search results that the McAfee scan came up with.

File Name: D:\MATTHEW-PC\Backup Set 2008-02-11 134738
\Backup Files 2008-02-11 134738\Backup iles 2.zip

I have not run any other scans yet, with: a squared free,SuperSpyware free,Spybot S&D,SpywareBlaster, or Malwarebytes Anti-Malware. I will make sure they are all up to date and then run full or deep scans.

Should I do all the scans in safe mode? or just do the scans when I am offline after a normal start up?

I know not to do all the scans at the same time.

If you need any more information just let me know.

Matt

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 30 September 2008 - 08:21 AM

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted program", or even "malware (virus/trojan)" when that is not the case.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

Do you recognize those files or know what program created them?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 30 September 2008 - 10:41 PM

Hello again,

No I do not know what program those files are from, right of hand. The McAfee scan had just started picking up the Generic PUP.x on either Tuesday or Wednesday of last week. But from the file that it shows, the date on it is from February 11,2008 and it is a backup file.

How can I determine which program on my computer that file is from? And thus, determining if it is safe or not.

I do not want to open it, just incase it is not safe. But Because it is listed as a backup file I presume it might be from one of my programs on my computer, But which one?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 01 October 2008 - 08:20 AM

With such generic names it can be difficult to trace. Since the file is that old, you may already have removed the program that created it. To be safe, I would rename the file and then delete after a couple weeks if you don't come up with anything.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 06 October 2008 - 10:57 PM

Hello everyone

Guess what? It was a huge threat!!!! I went to check it out and see what file it was and to see what more I could gleam from it. I tried to scan it with a squared, the Damned thing started taking over my computer!! I could not do anything!! At the one point I could do something I managed to click on delete, in the McAfee Security Center Scanner. That started to give me control back of my computer! But it could not completely delete it. So I went back and deleted all the Backup files that were there! 970MB worth. I just hope I did not loose any major needed information! Actually, that was the time I had to do a total Factory Condition Reset of my computer! Maybe that was the cause of the problem I had then?

How should I double check to make sure it is completely gone?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 07 October 2008 - 08:36 AM

How should I double check to make sure it is completely gone?

Yes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 07 October 2008 - 11:41 PM

Hello again,

I just need to ask one quick question before I run the scans to double check to make sure it is completely gone.

Should I run the scans after starting my computer in safe mode? or Run the scans after a normal start-up of my computer?

I know some program's scans are more effective when done in safe mode,but I am not sure which ones. Here are the programs I have:
Malwarebytes Anti-Malware, a squared free, SUPERAntiSpyware free, Spybot Search & Destroy, and SpywareBlaster.
Plus McAfee came installed on my computer, when I bought it.

Edited by Groffeaston, 08 October 2008 - 12:04 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 08 October 2008 - 07:09 AM

"Safe Mode" is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In most cases, performing your scans in "Safe Mode" speeds up the scanning process.

"Beginners Guides: Windows XP Safe Mode Explained"
"What is 'Safe Mode' used for and why?"

Note: Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a driver which does not work in safe mode. For optimal removal, a Quick scan in normal mode is recommended.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 08 October 2008 - 11:41 PM

Hello

I ran the MBAM scan while I was checking my emails. Nothing showed up except cookies. I ran a Spybot S&D scan on Tuesday same result just cookies. I am currently running an a squared deep scan. Will let you know what the result are from that scan.


I did not realize this, but I have an item in qurentine in: a squared. It was from back in May of this year. Should I post a seperate topic for that item?

#10 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 09 October 2008 - 01:35 AM

Hello everyone!

Well there is good news and bad news. The Good news is that: Generic PUP.x seems to have been Deleted completely!

The Bad News: It sems I picked up some more things on my computer that the other scans did not pick up. Here are the new ones that showed up plus one that was in quarantine that I forgot about.

New ones:

Trace.Registry.JEOPARDY!!A2
Trace: Value: HKEY_LOCALMACHINE\SOFTWARE\Sony Pictures Games\JEOPARDY! -->PID

Backdoor.Win32.Bifrose.kt!A2
File: C:\Program Files\Dell Games\SCRABBLE\Scrabble.exe


The one I forgot about:

Backdoor.Win32.Hupigon.burx
File: C:\Program Files\Dell Games\Polar Bowler\Polar.exe

I put them all in quarantine for now. Until I can find out why they were not picked up sooner and where the other parts of the prorgams are hidden that are keep putting them here.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 09 October 2008 - 09:50 AM

I put them all in quarantine for now.

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time.

Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them while in the quarantined area.

Until I can find out why they were not picked up sooner

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

Are you finding anything else?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 09 October 2008 - 11:50 PM

Hello again!

That was the first deep scan/full scan that I did. I think I have Spybot S&D on full also but not 100% sure. But the only thing else that was found by a squared was a dialer for/in the dell help center and cookies. I have not had a chance to run the other programs yet. I had a busy day today.

I will run the other scans in full scan/deep scan ASAP. Then I will let you know the results. I will also do the MBAM again to see if anything might have snuck in since. I will up the Firewall level in McAfee also.

Should I do the scans While I am offline and not connected to the internet? I usually update first and then immediately do the scan while still connected online.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 10 October 2008 - 07:58 AM

Should I do the scans While I am offline and not connected to the internet?

Yes after you update.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:31 AM

Posted 15 October 2008 - 07:08 PM

Hello everyone!

Well, I did the scans and here are the results: MBAM = Clear , "a squared" free = 18 items; 1 file: a Dialer for Dell's Support Center and 17 cookies. , SUPERAntiSpyware free = 48 items; 48 cookies and then deleted them. , Spybot S&D = Clear.

I did all the scans after normal start up and while offline. I did: deep scan/full scan option. I made sure all the programs were updated before running the scans. So far nothing else has been picked up on the McAfee scanner as of yet. But will keep an eye on it.

Thank you for all the help! I think this is done for now, I hope. :thumbsup:

One more question, Should I delete those programs/files that are in quarantine or just leave them there for now?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:31 AM

Posted 15 October 2008 - 08:04 PM

If the machine is running normally as in any quarantined files haven't caused an operating problem then delete them. Or give it a day and do so.

Since you have no more signs of malware then....

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users