Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there a junkware (re)installer out there?


  • Please log in to reply
5 replies to this topic

#1 ToddAndMargo

ToddAndMargo

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 May 2014 - 11:45 AM

Hi All,

 

Lately I am finding my Windows customers "infested" with junkware.   I remove them with JRT (Junkware Removal tool) and by hand.   Most stay junkware free.  But a few call me back in a week and they are all infested again with a combination of the previous stuff and new stuff.

 

I have always assumed that this was the fault of the user.  My cure is to enable the "administrator" account with a password and to remove admin rights from their user account(s).  This always does the trick.

 

But, I got to thinking, is there some kind of malicious software out there that infests or re-infests someone with tons of junkware (I remove them and it puts them back)?  Or is it really the user's doing (grand kids helping dear old grandpa by "optimizing" his computer)?

 

Many thanks,

-T



BC AdBot (Login to Remove)

 


#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:55 PM

Posted 28 May 2014 - 12:21 PM

It's probably due to 'bundle' kits out there.

 

You should probably take a look at your customer's install history- I generally find several malware apps installed the same day as things like games, video codecs, video players, optimizers, specialty browsers, or other 'helper' apps.

 

Also, if they are using a P2P app, such as utorrent, then they are automatically at a much higher risk of malware/viruses.

 

Make sure you have completely cleaned the computer as well- if something isn't caught then it will reassert itself on the system.

 

EDIT: I hope you're using more than just JRT...a good antivirus combined with a malware app like Malwarebytes makes a pretty formidable system. I used JRT mainly for cleanup after the fact.


Edited by Netghost56, 28 May 2014 - 12:23 PM.


#3 kunalthechamp

kunalthechamp

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:25 AM

Posted 28 May 2014 - 12:32 PM

Agreed, also the fact that you are just using JRT would mean that the computer doesn't get cleaned well. There could easily be remnants of the malware/junkware which show itself once you are done with 'cleaning'.


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 ToddAndMargo

ToddAndMargo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 May 2014 - 12:39 PM

It's probably due to 'bundle' kits out there.

 

You should probably take a look at your customer's install history- I generally find several malware apps installed the same day as things like games, video codecs, video players, optimizers, specialty browsers, or other 'helper' apps.

 

Also, if they are using a P2P app, such as utorrent, then they are automatically at a much higher risk of malware/viruses.

 

Make sure you have completely cleaned the computer as well- if something isn't caught then it will reassert itself on the system.

 

EDIT: I hope you're using more than just JRT...a good antivirus combined with a malware app like Malwarebytes makes a pretty formidable system. I used JRT mainly for cleanup after the fact.

 

Okay, so "bundleware".  Makes sense now.  Would do the re-infesting.  All they have to do is go at it one more time, whether on purpose or by accident.  I have suspected that there is a user personality to junkware, as I have some customers that go for years without ever so much as being touched by it.  And others that attract it.

 

I hadn't used PDF Creator for years.  Oh Boy, did that turn into bundleware!  (I use DoPDF now.)  So I can now see where this would all come from.

 

If the customer will let me, I put Kaspersky on their machine.  But, usually, the have time left on their AVG or their Norton and they think I am trying to sell them stuff they don't need.   (And, I do have to admit, I do get so tired of that attitude of distrust.  We consultants are the ones writing these things so we can get paid to remove them, don't you know.) 

 

I show them Leo LaPort's video of him stomping on a box of Norton (all funny), but that doesn't always do the trick.  They just say that when their Norton expires, they will consider it.

 

They will let me take away their user's admin right though, which makes them more like Linux and OSx.  As I said, that does the trick.

 

I do carry Malware bytes and have used it frequently.  But, I have yet to have it catch anything.  Maybe I am too good that cleaning things up first.

 

Thank you for the advice!   Bundleware.  Dang!

 

-T



#5 ToddAndMargo

ToddAndMargo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 May 2014 - 12:48 PM

Agreed, also the fact that you are just using JRT would mean that the computer doesn't get cleaned well. There could easily be remnants of the malware/junkware which show itself once you are done with 'cleaning'.

 

Oh I do a lot more than JRT.   I clean out the temp directories (where they like to hide).  I clean their entries out of the registry.  I clean their files off the hard drive.  And I scan again with JRT.   Usually, I will scan for rootkits and malware too.  Plus check their start ups (I like Sysinternals AutoRuns).

 

But, I do love JRT.  By the way, caught a root kit as it nailed JRT just as it started, thus giving itself away.  Kaspersky's tdsskiller made short work of it.

 

When the stuff comes back, it is typically half the old stuff and half new stuff.  I think Netghost56 got it when he said it was "bundleware".  Taking away the user's admin right stops it cold.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:55 PM

Posted 28 May 2014 - 07:26 PM

You may want to read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users