Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just a few PUP's?


  • Please log in to reply
8 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 6,336 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:40 PM

Posted 13 November 2017 - 10:45 AM

I keep getting these, and I think they are relatively harmless but I don't really know.  I did a little research...very little...as I don't fully understand most of this stuff.  This is what I keep getting below.  I have no bad Toolbars or anything in Programs and Features.

PUP.Optional.Conduit, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [579], [454835],1.0.3230
PUP.Optional.Trovi, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [4977], [454808],1.0.3230

I did a little research about "Conduit" at MBAM.com HERE and HERE but I have run a bevy of all the programs suggested at malwareremovalguides.info.  

 

I suspect it is from installing Auslogics DiskDefrag at one time not to long ago, but before all these AntiMalware programs were run.  I uninstalled DiskDefrag since.  So what do I need to do to get rid of this thing forever?

 

Thanks, pcpunk


Edited by pcpunk, 13 November 2017 - 10:46 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:40 PM

Posted 13 November 2017 - 11:15 PM

Assuming this is a part of MBAM scan log why don't you let MBAM remove those two?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,336 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:40 PM

Posted 13 November 2017 - 11:33 PM

I keep getting these

I did Broni, and this is the Third time they have come back.  

 

I'll make a list of tools I've run, but they are all in line with the things I've learned over the years here.  This is somewhat what I ran, it seems I did not take notes.  I was infected a while back connecting another Drive via Docking Station to my Main pc.  I used System Restore and a bunch of Cleaning Tools, mostly AntiMalware and AV's.  I found a Funky File in Temp, with some really poor spelling.  Wish I had saved some of that stuff, will I ever learn? lol

-Cleaned out Temp Folder.

-JUNKWARE REMOVAL TOOL
-AdwCleaner
-MBAM
-HITMANPRO
-Looked for Startups that don’t belong eg: Malware.
-MBAR
-ESET ONLINE SCANNER.
-Even used CCleaner on the Registry, which I only did because I was desperate to get up and running again.
 
All works fine though, so don't really know what is going on?

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:40 PM

Posted 14 November 2017 - 08:43 PM

When you remove those two one more time pay attention what you did exactly when they come back.

Conduit stuff usually comes attached as drive-by install when you installing something.

Make sure when installing anything that you always go for custom not standard or automatic installation.

When you do custom installation you know exactly what ELSE tries to install.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,336 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:40 PM

Posted 14 November 2017 - 10:31 PM

That's exactly what I always do Broni, and they came back right away again.  I saved this Log File, Quarantined, and Deleted them again.  I have not downloaded or installed anything recently, and am very carefull when I do.  Everything gets scanned after a download also.  I think this is some kind of remanence of an earlier infection but don't know how to get rid of it.

Spoiler


Edited by pcpunk, 14 November 2017 - 10:33 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:40 PM

Posted 14 November 2017 - 10:38 PM

It looks like they come from Chrome. Possibly some extension?

 

 

Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif
Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
 

  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,336 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:40 PM

Posted 14 November 2017 - 10:52 PM

I will try that Broni

 

EDIT: I just remembered, I installed "GoToMeeting" recently to join my favorite Webinar.  I never like that program but sacrificed installing it to listen in on this Webinar.  I wonder if I Whitelisted that folder and then scanned again to see if it comes back would be a good thing to do?


Edited by pcpunk, 14 November 2017 - 11:05 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,336 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:40 PM

Posted 14 November 2017 - 11:12 PM

I just scanned "GoToMeeting" Folder and got the same darn PUP's!  When I quarantined them Chrome Shut down!

 

I wonder how to deal with this, just Whitelist that folder and not worry about it?  I thought that was a legit program, perhaps I should ask at the MBAM Forum?

Spoiler


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:40 PM

Posted 15 November 2017 - 05:29 PM

That may be a good idea.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users