dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2256
share rss forum feed


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

3 edits

PUP Crap

So last night I was downloading/installing MSN Weather gadget (from http: // www. thoosje.com/Windows-7-gadgets-weather. html) to check it out and got hit with a PUP, Lucky Coupons/Savings. Dang thing installed even though I said not to, so fast I couldn't even close out the download (as is typical).

I think I got rid of it this morning after using multiple tools, including MBAM, HitMan Pro, adw Cleaner, CCleaner and MSE. I find no remnants and all scans now come up clean. Nothing in IE add ons or Firefox add ons/plugins.

Having said that, is there anything that will run in REAL TIME that is FREE that will stop PUP's before they get their hooks in? I can't remember the last time I got hit with anything (knock wood), and I want it to stay that way.

My current security apps are MSE, MBAM (free), WinPatrol, and I also installed SpywareBlaster today (will that help?).

Anything further that's free that I can run in real time?
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11



GadgetsRme
RIP lilhurricane
Premium
join:2002-01-30
Canon City, CO

Avast Free.
»en.kioskea.net/faq/15731-avast-e···ams-pups
--
Gadgets



Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:2

1 recommendation

reply to La Luna

Have you tried Sandboxie? It should eliminate theose nasty surprises from installing (unless you click to allow them). Great software. Lots of Sandboxie info at Wilders.

»www.wilderssecurity.com/showthre···andboxie

»sandboxie.com/



DownTheShore
Mr. Putin, meet SEAL Team 6
Premium
join:2003-12-02
Beautiful NJ
kudos:13
reply to La Luna

Would MBAM running real-time have stopped it? I know it's not free but it is a lifetime license.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

2 edits
reply to La Luna

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
Also see: • PUA Redirects to Malware at Wikipedia.

--
She shills sea shills by the Sea Shore.



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to DownTheShore

said by DownTheShore:

Would MBAM running real-time have stopped it? I know it's not free but it is a lifetime license.

Possibly. I can't afford it today though, maybe at the end of the month.


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 edit

1 recommendation

reply to siljaline

I know that. I'm confident I got rid of it myself though.

I'm thinking of giving Sandboxie a run for now, it's free even after 30 days if you don't mind a nag screen. I may also get the pay version of MBAM at the end of the month.

Like I said, this is the first time I've been hit with anything since I can't remember, so I guess I'm pretty careful most of the time.

Edit: and thank you for the links siljaline See Profile!
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

PUP = Potentially Unsafe Probably Useless Program



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

Yep, that's what I figured, heh....

I'm sitting there talking to the screen " STOP YOU SOB, STOP!!!", but it didn't help!

Expand your moderator at work


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to StuartMW

Re: PUP Crap

Yep



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

2 recommendations

reply to La Luna

I try to practice safe hex siljaline See Profile, I try. And I think I've done pretty good over the years, so I can't really complain. S**t happens occasionally, not going to stress over it.

If I notice anything hinky, I will surely ask one of the fine people in Security Cleanup for help.

Oh, and I've installed Sandboxie, at least for now.
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11



wowwtfakasdf

@comcast.net

1 edit
reply to La Luna

THat whole site you posted

is full of trojans!

Every single freaking widget!

SOMATO.A



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by wowwtfakasdf :

THat whole site you posted is full of trojans! Every single freaking widget!
SOMATO.A

Based upon what evidence? And what is SOMATO.A?
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to wowwtfakasdf

said by wowwtfakasdf :

THat whole site you posted

is full of trojans!

Every single freaking widget!

SOMATO.A

I didn't have a problem with the site itself, just the weather widget. I only tried downloading the one, so I can't speak for the rest of them.

And yeah, what is Somato.A?
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11


fatness
subtle
Premium,ex-mod 01-13
join:2000-11-17
fishing
kudos:14

2 recommendations

reply to La Luna

My first thought seeing the topic title was "what does paper training a young dog have to do with security and privacy?"



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

LOL!!!



dib22

join:2002-01-27
Kansas City, MO
reply to wowwtfakasdf

said by wowwtfakasdf :

THat whole site you posted is full of trojans!

Yea just opening this topic caused my anti malware to block the thoosje.com domain.


balloonshark
Lets Go Mountaineers

join:2006-08-11
WV
reply to Pentangle

Sandboxie wouldn't help in this situation. It wasn't a driveby install. La Luna downloaded and installed the program on her own. This would have been done outside of the sandbox. This is why I make it a practice to scan programs before letting them out of the sandbox or running them. If possible I also upload the program to VirusTotal or Jotti to be scanned.

Was the program MSN Weather 2.0? »www.virustotal.com/en/file/030a3···2893892/
--
If we quit voting, will they all just go away?


Rebirth

join:2009-06-18
33333
reply to La Luna

 
 
Webroot WRSA blocked it !

Anyway i allowed it through, & ProcessGuard immediately jumped in, first with weatherbug.gadget.exe i allowed it, then with as per screenie.

My Firewall then alerted me it wanted out, i allowed it. I got an error message saying there was a connection problem, but there isn't.

Funny thing is, i don't see anything dodgy.

Apart from WRSA, if you had a HIPS installed as i do, & your FW was setup to prompt you, no unwanted intrusion would have occured.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

Process Guard doesn't work beyond XP. I miss it horribly. The OP has Windows 7 and some classic HIPS do work on Win 7. NONE work on Win 8...just like most programs that you used and loved on earlier OSes won't work on Win 8 so suggesting to get a classic HIPS is rather difficult after XP. Plus, the few out there for Win 7 are not easy to use like ProcessGuard. Firewalls are another thing that don't work on Win 8 except Windows firewall so your solutions are great for XP but not beyond it and especially not for Win 8. However, SuperAntispyware caught it and it DOES work on Win8. Malwarebytes didn't catch it. But the best thing for Win8 is the right click send to Virus Total app and send all downloaded files there.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



mypreviousan

@comcast.net
reply to Blackbird

Many AV's detect it. For example Emisisoft Detects it as a adware toolbar.


norwegian
Premium
join:2005-02-15
Outback
reply to La Luna


I would think Winpatrol would block a toolbar install?
Just speculating though.



MumRAR

@sky.com
reply to La Luna

PUP stands for Potentially Unwanted Program.

The security industry standard is its pretty much Adware with a EULA.

At some point in the click through box's when installing it would be stated that you agree to the install of or need to uncheck box(s) or *skip* a component installs of the bundle.

Unfortunetly most people click through the EULA without any verification of what they are agreeing too being installed on their computers.

The end user then looks to security vendors to remove extra application(s) they have installed.

The problem for the vendors is if they go unloading somebody else's application then they leave them selves open to being sued for damages to the other parties business model.

Some greyware providers are more hot on enforcing compliance in this area. For example "Babylon Toolbar, WhiteSmoke and Delta" will not stay targeted for unloading by any commercial vendor for long as those greyware purveyers are quick to start litigation.

The truth is since the end user agreed to the EULA, the vendors will end up paying silly amounts in damages should it go before a judge.

The 3 best ways to deal with PUP's are as following.
1)Non commercial removal tools tend to avoid threatened litigation( not much $'s for the targeted software owners from non commercial entities)so tend to be more effective when removing PUP's then mainstream vendors.

2) Non mainstream removal tools tend to avoid litigation since the targeted application owners don't see big chunks being taken out of their profit margins by tools that are only used by a couple hundred users or so.(Litigation avoidance through obscurity).

3) Add/remove panel and targeted applications website.
Most Uninstallers work for PUP applications with the exception of the following scenario's.
The end user either runs the uninstaller with their browser open and the uninstall is incompleted as the browser holds settings/files in place. This is a very common reason for incomplete uninstalling.
Or the end user has let a removal tool try to uninstall it first and the removal tool has by way of an incomplete removal has in fact damaged the uninstall routine of the targeted application.

Either way most mainstream greyware application providers provide "Uninstallation" help on their webpages but for me the easiest way to deal with this stuff is the standard approach as if you have a corrupted install of any application. Install it over again to follow correct Uninstall routine to get shot of it properly



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to fatness

said by fatness:

My first thought seeing the topic title was "what does paper training a young dog have to do with security and privacy?"

Well a properly trained dog will provide both security and privacy
--
Don't feed trolls--it only makes them grow!

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to norwegian

said by norwegian:

I would think Winpatrol would block a toolbar install?
Just speculating though.

I was wondering about that also.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to La Luna

It was the MSN weather gadget, not Weatherbug.

There was a check box to not allow the "extra" stuff, but when I unchecked it (to NOT allow), it ignored my choice and continued to install the "extras" anyway. I did make a mistake by not scanning it before installing. Admittedly got a little complacent there, as I usually do that. I'd swear I've downloaded stuff from that site before with no problems, but maybe I'm not remembering correctly.

WinPatrol did throw up a a few warnings, I chose "no" each time, but that didn't stop it.
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to Mele20

Is Process Guard no longer available (Windows 7). I looked for it but it seems it's gone. Do you know where I could get it (safely), and would it work on Windows 7?


Rebirth

join:2009-06-18
33333
reply to La Luna

@ Mele20

"SuperAntispyware caught it and it DOES work on Win8"

Really ! Not according to their www »www.superantispyware.com/superan···are.html

Have you considered going back to XP ?

@

"There was a check box to not allow the "extra" stuff"

I didn't see one ? But it didn't install anyway !

Unfortunately ProcessGuard won't work on W7 !

There are Lots of other options though. Check out Wilders for AntiExe's & HIPS etc.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to La Luna

said by La Luna:

There was a check box to not allow the "extra" stuff, but when I unchecked it (to NOT allow), it ignored my choice and continued to install the "extras" anyway.

That is not uncommon in my experience
--
Don't feed trolls--it only makes them grow!