Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected with PUP Adware.Heuristic


  • Please log in to reply
7 replies to this topic

#1 cookiemonster57

cookiemonster57

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 August 2017 - 05:11 AM

Hi everyone! This is my first post. Before i send a mega long description of all that's happened to my pc, I wanted to check something...

Following a virus infection that i believed i had removed, Malwarebytes anti root kit has found what it calls

 

PUP Adware.Heuristic

 

It tells me that it can only completely remove if i reboot, but after reboot another search reveals the PUP to still be there. Is this a well known false positive or should i genuinely be concerned? Then I can send more details.

 

If it helps, i have Windows 10 version 1511. I know there's a new windows 10 version 1703 creators update available but that update keeps freezing or failing. Maybe something nasty is interfering, preventing the update from being successful? Thanks for looking.

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:07:35 PM

Posted 30 August 2017 - 05:36 AM

There's no specification of it, all we know is that it's a potentially unwanted program, probably adware and it was detected by heuristics, which may indicate that it is one of the newer rootkits since mbar does not detect it with any sort of a signature.

 

Yes, you should be concerned if mbar can't remove it. 

 

Besides, your system is outdated and since you have troubles installing creators update then consider backing up your data and clean install it. 

 

Rootkits are hard to remove, sometimes even hard to find. If your computer is acting weird ( which it already does ) then formatting your drive and installing windows from scratch is your best option. Don't forget to secure it properly and try to follow best security practices if possible https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


Edited by Daniel_Boringcliffe, 30 August 2017 - 05:39 AM.


#3 cookiemonster57

cookiemonster57
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 August 2017 - 01:19 PM

First, and most importantly, thanks for your speedy reply, it was very much appreciated.

 

Before i posted earlier, I made another attempt at updating to windows 10 creators. After several failed attempts, including saving an ISO copy to disc and using that, which also failed, I was not confident, so i forgot about it.

 

Came home 6 hours later and there it is - windows 10 fully updated. Don't know why it worked this time. AND a scan with Malwarebyes Adwcleaner shows the following result...    

 

              No Unwanted Element Found

 

Please tell me this means I'm in the clear!

 

 

 

 

 



#4 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:07:35 PM

Posted 30 August 2017 - 02:20 PM

No.

 

Navigate to settings > updates & security > troubleshooting > windows update, run it, after it's finished check for updates again.

 

After that's done you might want to run a scan with Zemana https://zemana.com/en-US/ThankYou/Download?source=download&ProductID=2&IsFree=False&IsPortable=True

 

What's your AV ? Forgot to ask. 

 

After running a scan with Zemana, run JRT https://download.bleepingcomputer.com/dl/777974bc6bfadf8b0396a2756b5f2002/59a70f76/windows/security/security-utilities/j/junkware-removal-tool/JRT.exe

 

Then reboot.

 

After booting up, run MBAR again. 

 

Reboot.

 

Run MBAR again, see if it finds anything. If it won't then you're probably in the clear.



#5 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:11:35 AM

Posted 31 August 2017 - 07:26 AM

You can also try Malwarebytes and Adwcleaner for additional assurance. Multiple anti-malware solutions usually help you confirm removal of issues.



#6 cookiemonster57

cookiemonster57
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 01 September 2017 - 12:52 PM

Hi Daniel, many thanks once again. Tried all the things you recommended and nothing nasty was flagged up. My AV was Avast until a few days ago when the subscription expired, so thought I'd go for a 30 day trial with Kaspersky, which also doesn't find anything in the normal scan or the rootkit scan, so fingers crossed, I'm in the clear!?



#7 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:07:35 PM

Posted 01 September 2017 - 01:54 PM

Yes, you are. By the way, you can have avast for free forever, just sign in with your email. If you're uncomfortable giving avast your email then use a temporary one, just google "temp mail" and click on the first one that shows up. 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:35 PM

Posted 02 September 2017 - 02:33 PM

For future reference...About PUP.Adware.Heuristics detection

Heuristic analysis is the ability of an anti-virus or anti-malware program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. A heuristic scanner does not compare code to a signature file like a virus scanner but uses a grading system to determine the probability that the program code being analyzed is a virus. Most heuristic scanners perform a statistical analysis in order to determine the likelihood that a file contains program code that may indicate it is malicious. Static heuristic analysis usually begins by scanning code for suspicious attributes characteristic of a malicious program. Dynamic heuristic analysis involves copying part of a programs code into the anti-virus's virtual emulation buffer and uses special techniques to reproduce its action (execution). If any suspicious activity is detected during this phase, the program is considered malicious and its execution is blocked. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as possible malware.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "false positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Packed files use a specially compressed (protected) file that may have been obfuscated or encrypted in order to conceal itself and often trigger alerts by anti-virus software using heuristic detection because they are resistant to scanning (difficult to read). Sometimes lowering the program's heuristic settings and rescanning may provide more accurate results but then that increases the possibility for new malware to infect your system.

Submitting file samples to the vendor for further analysis allows the lab techs to quickly investigate and confirm if the detection is actually malware. Some security programs have built-in options for submitting a file directly from the quarantined area to the vendor's lab for analysis. Most user guides will explain how to do that. Other anti-virus solutions automatically submit files or provide an alert to do so if you have checked the option to "Submit for analysis in the program's settings. If those options are unavailable, you can also look for documentation on the vendor's web site on how to submit file samples.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users