Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.Spigot.A, PUP.Optional.MyEmoticons.A, PUP.Optional.SearchProtection


  • This topic is locked This topic is locked
3 replies to this topic

#1 KiryuuHime

KiryuuHime

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 24 May 2014 - 01:27 AM

Recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer. 

Free Trial Avast comes up clean.

Free Trial Malwarebytes is a bit different:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d], 
 
Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtection, "C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart, , [062bb5a0b3c82412a25f003c31cf629e]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, , [062bb5a0b3c82412a25f003c31cf629e], 
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Local\Temp\~sp8AD9.tmp, , [cd640451a0dbd26443bf2a1232ceb24e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


I've Quarantined all detections, but I haven't removed any of them, because to be frank, I'm pretty computer stupid. I know that PUPs aren't always necessarily dangerous, but a quick Google search has pulled up many sites stating that "Spigot" can be pretty dangerous. I know nothing about "MyEmoticons," but I'd rather not have it on my computer if I don't need it (to be honest, it sounds kinda spammy). I'll admit, I'm kinda freaking out.

In terms of performance, I could say my computer is a bit slower than I remember, taking time to load web pages and such, but that may just be placebo. I'm not sure.  

Should I just remove these via Malwarebytes and call it a day, or do you think this calls for a more thorough cleanse?

EDIT:

Rescanned my computer several times, and each came up with similar detections:

First Time-
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 12:44:56 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267922
Time Elapsed: 9 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, Delete-on-Reboot, [b37eb79e1d5e2115a45d3705f30db24e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [b37eb79e1d5e2115a45d3705f30db24e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

~~~~~~~

Second Time-

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 1:01:16 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267875
Time Elapsed: 10 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, Delete-on-Reboot, [46eb1144cfac1521308d5055887aca36]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [46eb1144cfac1521308d5055887aca36], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

~~~~~

Third Time-

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/24/2014
Scan Time: 1:12:19 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267983
Time Elapsed: 9 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, Delete-on-Reboot, [ba77124391eaf4425766d3d2639f2ed2]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.SearchProtection.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [ba77124391eaf4425766d3d2639f2ed2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Further research has discovered that "PUP.Optional.SearchProtection.A" is comping from Spigot, but please, correct me if I'm wrong. 

It is blatantly obvious that this program will keep sending out those PUPs no matter how many times I scan, so I'm going to stop doing so. 


Edited by KiryuuHime, 24 May 2014 - 01:33 AM.


BC AdBot (Login to Remove)

 


m

#2 KiryuuHime

KiryuuHime
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 24 May 2014 - 01:32 AM

Update:

Malwarebytes blocked PUP.RiskwareTool.CK from doing something (this was outside of a scan). 

A quick Google search has led me to understand that this particular PUP is not an issue? Is this true?



#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:17 PM

Posted 25 May 2014 - 02:00 PM

Good evening. :)

A PUP is a Potentially Unwanted program - a term that covers items that fall in-between malware and non-malware. These files may not benefit you in any way, but they won't usually be that malicious. Some "free" programs come with the option to install toolbars or deliver advertising pop-up to cover the cost of development and some people are happy to allow these things so that the person who writes the software is rewarded for their time. Others don't want these things and so remove them.

 

.Have you instructed MBAM to remove them or simply scan and tell you the results?


So long, and thanks for all the fish.

 

 


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:17 PM

Posted 30 May 2014 - 02:22 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users