Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May have downloaded a PUP, getting spam on Gchat, want to check.


  • Please log in to reply
13 replies to this topic

#1 windows8newb

windows8newb

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 12 January 2015 - 09:02 PM

Hi there,

 

A couple of days ago, I think I downloaded an adware (wasn't fast enough to uncheck a box for bundled software when downloading something).  Nothing happened, so either my computer blocked it or else it disappeared into my computer.

 

Windows 8.1 Dell Inspiron 5000 series

Firefox with NoScript

 

Malwarebytes free found nothing

Avast! free found nothing

Malwarebytes anti-rootkit found nothing

Adwcleaner found 1 registry key, which I cleaned.  Nothing after that.

 

Not sure if it's related but I've been getting some spam invites to chat on Gchat, which has never happened before. Otherwise, the computer is running well.

 

Would like someone to help me check and make sure the computer is fine, thanks.



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 12 January 2015 - 09:18 PM

avast! also offer PUP protection but its turned off by default. If you have it enabled, most likely avast! blocked it.

Please download and scan with Emsisoft Anti-Malware 30 day trial version.
  • Double-click on the EmsisoftAntiMalwareSetup.exe icon to install.
  • If the setup program displays an alert about safe mode, please click on the Yes button to continue.
  • Agree to the license agreement and click on the Install button to continue with the installation.
  • You will get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.
    .
    If you have an existing license key or want to buy a new license key, please select the appropriate option. Otherwise, select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.
    .
  • Emsisoft Anti-Malware will now begin to update it's virus detections.
  • When the updates are completed, select Enable PUPs Detection.
  • Select the Full Scan option to begin scanning your computer for infections.
    scan-selection.jpg
    .
  • When the scan has finished, the program will display the scan results that shows what infections where found.
  • Click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine.
    scan-results.jpg
    .
  • If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.
  • When finished, click Logs > Scan at the top to view the Scan log which is listed by date.
  • Highlight the log by clicking on it, then click View details to open it in Notepad. The logfile will be named in the following format: a2scan_Date-Time.txt (YYMODY)
  • Alternatively you can click Export and save the log to your Desktop, then open it by double-clicking on it.
  • Copy and paste the contents of that logfile in your next reply.
Scan logs are automatically saved to the following location:
-- XP: C:\Documents and Settings\All Users\Application Data\Emsisoft\Reports\a2scan_Date-Time.txt (YYMODY)
-- Vista, Windows 7/8: C:\ProgramData\Emsisoft\Reports\a2scan_Date-Time.txt (YYMODY)


Note: By default Emsisoft Anti-Malware installs as a free fully functional 30-day trial version with real-time protection. After the trial period expires you can either choose to buy a full version license or continue to use it in limited freeware mode which still allows you to scan and clean infections. The freeware mode no longer provides any real-time protection to guard against new infections. However, even if the trial is still enabled, you can easily turn off all real time protection and just have it running as on-demand scanner only. After the trial period expires nothing really changes except that the options to activate real-time protection are no longer available without purchasing the full version.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 windows8newb

windows8newb
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 12 January 2015 - 09:38 PM

Thanks, quietman.  I do not think I have that enabled in Avast!  How do I do so?  I am downloading Emsisoft now.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 12 January 2015 - 09:49 PM


Instructions for enabling PUP detection for avast can be found in this article.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 windows8newb

windows8newb
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 12 January 2015 - 11:12 PM

Emsisoft Anti-Malware - Version 9.0
Last update: 1/12/2015 7:38:51 PM
User account: Cthulhu\Admin

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    1/12/2015 7:39:11 PM

Scanned    335022
Found    0

Scan end:    1/12/2015 9:10:05 PM
Scan time:    1:30:54
 


It seems I did not have Avast! set to detect PUPs, but I do now.

 

Is there anything else I should run?  Thank you for your help.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 13 January 2015 - 05:57 AM

Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Enable detection of potentially unwanted applications
    • Enable detection of potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • Please be patient as the scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
ESET Online Scanner FAQs

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. ESET's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 windows8newb

windows8newb
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 13 January 2015 - 07:23 AM

Hi quietman,

This scan may have to wait till Thursday, as that is my day off, and I know that ESET may take some time. I appreciate your help but wanted to let you know that with my work schedule, I may not be able to do this until Thursday. I will post its results then.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 13 January 2015 - 09:51 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 windows8newb

windows8newb
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 15 January 2015 - 04:40 PM

Hi quietman,

 

I had some problems with ESET, but I finally got it working.  I had to run it twice but I don't have a log (explanation below).  Both times I ran Firefox as administrator and deactived EmsiSoft's and Avast!'s realtime for the duration.

 

First time:  Firefox was acting a little weird.  It didn't load my bookmarks or exceptions or anything, as if it was like a fresh install.  Also when I downloaded the installer for ESET, it wasn't in my Downloads folder.  I downloaded it 5 times but I couldn't get it to open the file location for me.  Anyway, I finally just ran the installer from inside Firefox.  The ESET scan worked normally and found 1 threat, but when I saved the scan log I couldn't find it.  Anyway here is the threat (I'm typing it out):

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe

 

and it flagged it as Potentially Unsafe Application, variant of Win32 HiddenStart.A

 

I believe it's likely a false positive, but I quarantined it and will let you decide if I should restore it.  That was all it found. 

 

Second time:  I tried to run it again to see if this time I could save the scan log.  This time, Firefox was behaving normally.  The installer saved to my download folder as usual.  I ran the scanner and it does register that it had been run on this computer before; I just can't find it.  Anyway, this time it showed no threats but if I check the quarantine, the questionable item is still there, so I can restore it if need be.

 

Please advise on this item, and thank you for your help and patience. 



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 January 2015 - 06:53 PM

The detection is a false positive. hstart.exe is a legit file related to Dell DataSafe Local Backup so you can restore it.

Doesn't appear you have anything on your system to worry about.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 windows8newb

windows8newb
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 15 January 2015 - 07:21 PM

Thank you for your help!

 

I started ESET again and restored the file from the Quarantine, then clicked "Uninstall ESET" and closed it.  Anything else I need to do to uninstall it?

 

Also, I have both Malwarebytes and Emsisoft.  I think I'd like only Malwarebytes; is there any special tool I need to remove Emsisoft?

 

edit: meant that I want to get rid of Emsisoft (had typed AdwCleaner), as it seems to be a bit of a resource hog on my machine.


Edited by windows8newb, 15 January 2015 - 07:22 PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 January 2015 - 07:31 PM


The correct way to remove Emsisoft Anti-Malware is from within its program group Uninstall shortcut in Start Menu > All Programs or by using Programs and Features (Add/Remove Programs) in Control Panel

2. Setup Files
If you need to uninstall Emsisoft Anti-Malware or Emsisoft Internet Security this should be performed by using the uninstaller provided. You can locate the uninstaller from either the Start Screen/Start menu, or via the Windows Control Panel.

Emsisoft Anti-Malware Help

If you are unable to remove Emsisoft Anti-Malware, then use the Emsisoft Uninstall Tool (emsiclean.exe).

This is a summary of instructions for using emsiclean.exe provided by Fabian Wosar, Emsisoft Employee.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 windows8newb

windows8newb
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Local time:05:27 PM

Posted 15 January 2015 - 07:33 PM

Thank you!  I will do so.  I think I'm all set.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 15 January 2015 - 07:40 PM

You're welcome. :thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users