Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mbam-- pup detected, should I be concerned?


  • Please log in to reply
7 replies to this topic

#1 mrfingerz

mrfingerz

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:03:05 AM

Posted 24 June 2014 - 01:30 PM

Hello :)

 

Following an update to the latest version, mbam detected 2 pup entries of

 

 

PUP.Optional.VShare.A

 

Seems they are relating to an IE toolbar of some sort. I chose the ignore once option, as googling didn't give me any definitive answers. Should I quarintine/remove, or is this an FP?

 

The computer in question is an old Toshiba Satellite running Vista.

 


It's nice to be important, it's much more important to be nice.

BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:11:05 PM

Posted 24 June 2014 - 01:34 PM

 I always click the Quarantine all button.  I've never had a problem doing that.  You can always restore quarantined items if you see a need, but I've never needed to.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 24 June 2014 - 02:08 PM

Quarantine what was found. Posting the log is also helpful.

Looks like an install manager add on
lets do these first.

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:03:05 AM

Posted 24 June 2014 - 05:04 PM

Hi boopme

 

Many thanks for your reply.

 

I ran mbam again and subsequently quarantined the aformentioned pups. Log below.

 

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 247803
Time Elapsed: 9 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
PUP.Optional.VShare.A, HKU\S-1-5-21-2946398857-3479072851-3392556437-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{043C5167-00BB-4324-AF7E-62013FAEDACF}, , [b399225ab7c47eb8516255f0cf33a35d],
PUP.Optional.VShare.A, HKU\S-1-5-21-2946398857-3479072851-3392556437-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{043C5167-00BB-4324-AF7E-62013FAEDACF}, �м»�纯Ţ긿�, , [b399225ab7c47eb8516255f0cf33a35d]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

___________________________________________________________________________________________________________________

 

# AdwCleaner v3.213 - Report created 24/06/2014 at 20:12:52
# Updated 23/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Josephine - LAPTOP
# Running from : C:\Users\Josephine\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CE65966-A1E4-4D48-96C4-B3B3C56C355C}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\BillP Studios
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555


*************************

AdwCleaner[R0].txt - [2310 octets] - [24/06/2014 19:28:06]
AdwCleaner[S0].txt - [2273 octets] - [24/06/2014 20:12:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2333 octets] ##########

___________________________________________________________________________________________________________________

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Josephine on 24/06/2014 at 20:17:54.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Josephine\Local Settings\Application Data\tempdir"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/06/2014 at 20:24:46.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I noticed that AdwCleaner was deleting a key relating to a task. I attempted to open the Task Scheduler prior to running the 'Clean' option and when I did I received the warning...

 

'The task image is corrupt or has been tampered with.Reminders'
 

After running the 'Clean' and rebooting, I again opened the Task Scheduler, this time I initially received the warning...

 

'The selected task ''RunAsStdUser Task'' no longer exists. To see the current tasks, click Refresh.

 

Any thoughts?


It's nice to be important, it's much more important to be nice.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 24 June 2014 - 07:41 PM

Looks like a few broken Registry entries.. Let's try fixing that.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 5 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:03:05 AM

Posted 25 June 2014 - 06:33 PM

The system file check said that it was unable to fix some problems. I don't have a vista installation disk (if needed). Anyway, ran everything else successfully and here's the log :)

 

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Basic
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: LAPTOP
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Josephine
Current Profile SID: S-1-5-21-2946398857-3479072851-3392556437-1000
Current Profile Classes: S-1-5-21-2946398857-3479072851-3392556437-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Josephine\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:05:35

Process Count: 50
Commit Total: 622.25 MB
Commit Limit: 3.98 GB
Commit Peak: 672.51 MB
Handle Count: 11140
Kernel Total: 74.24 MB
Kernel Paged: 45.84 MB
Kernel Non Paged: 28.40 MB
System Cache: 348.92 MB
Thread Count: 631
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.87 GB
Memory Used: 468.94 MB(24.4571%)
Memory Avail.: 1.41 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.87 GB
Memory Used: 366.68 MB(19.1241%)
Memory Avail.: 1.51 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Start (25/06/2014 03:18:41)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (25/06/2014 03:18:50)
   Running Repair Under Current User Account
   Done (25/06/2014 03:19:19)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (25/06/2014 03:19:19)
   Running Repair Under System Account
   Done (25/06/2014 03:27:45)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (25/06/2014 03:27:45)
   Running Repair Under System Account
   Done (25/06/2014 03:29:00)

03 - Reset Service Permissions
   Start (25/06/2014 03:29:00)
   Running Repair Under System Account
   Done (25/06/2014 03:29:51)

04 - Register System Files
   Start (25/06/2014 03:29:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:30:40)

05 - Repair WMI
   Start (25/06/2014 03:30:40)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (25/06/2014 03:36:04)

06 - Repair Windows Firewall
   Start (25/06/2014 03:36:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:36:47)

07 - Repair Internet Explorer
   Start (25/06/2014 03:36:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:37:32)

08 - Repair MDAC/MS Jet
   Start (25/06/2014 03:37:32)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:37:50)

09 - Repair Hosts File
   Start (25/06/2014 03:37:50)
   Running Repair Under System Account
   Done (25/06/2014 03:37:52)

10 - Remove Policies Set By Infections
   Start (25/06/2014 03:37:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:38:01)

11 - Repair Start Menu Icons Removed By Infections
   Start (25/06/2014 03:38:01)
   Running Repair Under System Account
   Done (25/06/2014 03:38:04)

12 - Repair Icons
   Start (25/06/2014 03:38:04)
   Running Repair Under Current User Account
   Done (25/06/2014 03:38:07)

13 - Repair Winsock & DNS Cache
   Start (25/06/2014 03:38:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:38:20)

15 - Repair Proxy Settings
   Start (25/06/2014 03:38:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:38:25)

17 - Repair Windows Updates
   Start (25/06/2014 03:38:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:01)

18 - Repair CD/DVD Missing/Not Working
   Start (25/06/2014 03:39:01)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (25/06/2014 03:39:01)

19 - Repair Volume Shadow Copy Service
   Start (25/06/2014 03:39:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:18)

21 - Repair MSI (Windows Installer)
   Start (25/06/2014 03:39:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:37)

23.01 - Repair bat Association
   Start (25/06/2014 03:39:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:42)

23.02 - Repair cmd Association
   Start (25/06/2014 03:39:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:47)

23.03 - Repair com Association
   Start (25/06/2014 03:39:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:51)

23.04 - Repair Directory Association
   Start (25/06/2014 03:39:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:39:56)

23.05 - Repair Drive Association
   Start (25/06/2014 03:39:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:01)

23.06 - Repair exe Association
   Start (25/06/2014 03:40:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:06)

23.07 - Repair Folder Association
   Start (25/06/2014 03:40:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:14)

23.08 - Repair inf Association
   Start (25/06/2014 03:40:15)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:19)

23.09 - Repair lnk (Shortcuts) Association
   Start (25/06/2014 03:40:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:24)

23.10 - Repair msc Association
   Start (25/06/2014 03:40:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:29)

23.11 - Repair reg Association
   Start (25/06/2014 03:40:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:34)

23.12 - Repair scr Association
   Start (25/06/2014 03:40:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:38)

24 - Repair Windows Safe Mode
   Start (25/06/2014 03:40:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:43)

25 - Repair Print Spooler
   Start (25/06/2014 03:40:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:40:56)

26 - Restore Important Windows Services
   Start (25/06/2014 03:40:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:41:13)

27 - Set Windows Services To Default Startup
   Start (25/06/2014 03:41:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/06/2014 03:41:26)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

Cleaning up empty logs...

All Selected Repairs Done.
   Done (25/06/2014 03:41:26)
   Total Repair Time: 00:22:47


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account


It's nice to be important, it's much more important to be nice.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 25 June 2014 - 07:58 PM

Looks like it only skipped the Win8 files

 

See how its running..


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 mrfingerz

mrfingerz
  • Topic Starter

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:03:05 AM

Posted 25 June 2014 - 09:16 PM

I've been using it for a few hours and no major problems to report.

 

I'm still getting the same warnings if I open the Task Scheduler, having said that, tasks seem to be running as expected. For example, I use 'Clean-Mem' and that's not having any problems.


It's nice to be important, it's much more important to be nice.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users