dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2291
share rss forum feed

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to Rebirth

Re: PUP Crap

Process Guard doesn't work beyond XP. I miss it horribly. The OP has Windows 7 and some classic HIPS do work on Win 7. NONE work on Win 8...just like most programs that you used and loved on earlier OSes won't work on Win 8 so suggesting to get a classic HIPS is rather difficult after XP. Plus, the few out there for Win 7 are not easy to use like ProcessGuard. Firewalls are another thing that don't work on Win 8 except Windows firewall so your solutions are great for XP but not beyond it and especially not for Win 8. However, SuperAntispyware caught it and it DOES work on Win8. Malwarebytes didn't catch it. But the best thing for Win8 is the right click send to Virus Total app and send all downloaded files there.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



mypreviousan

@comcast.net
reply to Blackbird

Many AV's detect it. For example Emisisoft Detects it as a adware toolbar.


norwegian
Premium
join:2005-02-15
Outback
reply to La Luna


I would think Winpatrol would block a toolbar install?
Just speculating though.



MumRAR

@sky.com
reply to La Luna

PUP stands for Potentially Unwanted Program.

The security industry standard is its pretty much Adware with a EULA.

At some point in the click through box's when installing it would be stated that you agree to the install of or need to uncheck box(s) or *skip* a component installs of the bundle.

Unfortunetly most people click through the EULA without any verification of what they are agreeing too being installed on their computers.

The end user then looks to security vendors to remove extra application(s) they have installed.

The problem for the vendors is if they go unloading somebody else's application then they leave them selves open to being sued for damages to the other parties business model.

Some greyware providers are more hot on enforcing compliance in this area. For example "Babylon Toolbar, WhiteSmoke and Delta" will not stay targeted for unloading by any commercial vendor for long as those greyware purveyers are quick to start litigation.

The truth is since the end user agreed to the EULA, the vendors will end up paying silly amounts in damages should it go before a judge.

The 3 best ways to deal with PUP's are as following.
1)Non commercial removal tools tend to avoid threatened litigation( not much $'s for the targeted software owners from non commercial entities)so tend to be more effective when removing PUP's then mainstream vendors.

2) Non mainstream removal tools tend to avoid litigation since the targeted application owners don't see big chunks being taken out of their profit margins by tools that are only used by a couple hundred users or so.(Litigation avoidance through obscurity).

3) Add/remove panel and targeted applications website.
Most Uninstallers work for PUP applications with the exception of the following scenario's.
The end user either runs the uninstaller with their browser open and the uninstall is incompleted as the browser holds settings/files in place. This is a very common reason for incomplete uninstalling.
Or the end user has let a removal tool try to uninstall it first and the removal tool has by way of an incomplete removal has in fact damaged the uninstall routine of the targeted application.

Either way most mainstream greyware application providers provide "Uninstallation" help on their webpages but for me the easiest way to deal with this stuff is the standard approach as if you have a corrupted install of any application. Install it over again to follow correct Uninstall routine to get shot of it properly



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to fatness

said by fatness:

My first thought seeing the topic title was "what does paper training a young dog have to do with security and privacy?"

Well a properly trained dog will provide both security and privacy
--
Don't feed trolls--it only makes them grow!

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to norwegian

said by norwegian:

I would think Winpatrol would block a toolbar install?
Just speculating though.

I was wondering about that also.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to La Luna

It was the MSN weather gadget, not Weatherbug.

There was a check box to not allow the "extra" stuff, but when I unchecked it (to NOT allow), it ignored my choice and continued to install the "extras" anyway. I did make a mistake by not scanning it before installing. Admittedly got a little complacent there, as I usually do that. I'd swear I've downloaded stuff from that site before with no problems, but maybe I'm not remembering correctly.

WinPatrol did throw up a a few warnings, I chose "no" each time, but that didn't stop it.
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to Mele20

Is Process Guard no longer available (Windows 7). I looked for it but it seems it's gone. Do you know where I could get it (safely), and would it work on Windows 7?


Rebirth

join:2009-06-18
33333
reply to La Luna

@ Mele20

"SuperAntispyware caught it and it DOES work on Win8"

Really ! Not according to their www »www.superantispyware.com/superan···are.html

Have you considered going back to XP ?

@

"There was a check box to not allow the "extra" stuff"

I didn't see one ? But it didn't install anyway !

Unfortunately ProcessGuard won't work on W7 !

There are Lots of other options though. Check out Wilders for AntiExe's & HIPS etc.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to La Luna

said by La Luna:

There was a check box to not allow the "extra" stuff, but when I unchecked it (to NOT allow), it ignored my choice and continued to install the "extras" anyway.

That is not uncommon in my experience
--
Don't feed trolls--it only makes them grow!


goalieskates
Premium
join:2004-09-12
land of big

1 recommendation

reply to La Luna

said by La Luna:

There was a check box to not allow the "extra" stuff, but when I unchecked it (to NOT allow), it ignored my choice and continued to install the "extras" anyway

When I've downloaded from that site, you have to watch the dialogs a little more carefully. They're tricky. It's not just a matter of unchecking the extra software, there's some wording about clicking "accept" or "continue" (I forget which) that the fine print says will install it anyway. You have to click the option that looks like it won't install anything.

I hate to be so vague about it, but it's been awhile. I do remember it wasn't intuitively obvious. But I didn't get the extras.

SCADAGeo

join:2012-11-08
N California
kudos:2

1 recommendation

reply to Rebirth

said by Rebirth:

@ Mele20

"SuperAntispyware caught it and it DOES work on Win8"

Really ! Not according to their www »www.superantispyware.com/superan···are.html

From their support faq: What operating systems is SUPERAntiSpyware.com software compatible with?

quote:
What operating systems is SUPERAntiSpyware.com software compatible with?

SUPERAntiSpyware is compatible with 2000, XP Home/Professional, 2003, Server 2008, Vista, Windows 7 and Windows 8.

SUPERAntiSpyware is provided as a native 32-bit application and a native 64-bit application. The installer will install the proper version for your operating system.

Our software is not compatible with the Mac OS at this time.



Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
Reviews:
·Comcast Formerl..

2 recommendations

reply to La Luna

said by La Luna:

So last night I was downloading/installing MSN Weather gadget (from http: // www. thoosje.com/Windows-7-gadgets-weather. html) to check it out and got hit with a PUP, Lucky Coupons/Savings. Dang thing installed even though I said not to, so fast I couldn't even close out the download (as is typical).

I think I got rid of it this morning after using multiple tools, including MBAM, HitMan Pro, adw Cleaner, CCleaner and MSE. I find no remnants and all scans now come up clean. Nothing in IE add ons or Firefox add ons/plugins.

Having said that, is there anything that will run in REAL TIME that is FREE that will stop PUP's before they get their hooks in? I can't remember the last time I got hit with anything (knock wood), and I want it to stay that way.

My current security apps are MSE, MBAM (free), WinPatrol, and I also installed SpywareBlaster today (will that help?).

Anything further that's free that I can run in real time?

spybot search and destroy..........pat's program will kill pups
»www.safer-networking.org/private/
b...........are you runnin' ffox 19 or ie10?
the reason i ask is ff has an app that's customizeable and runs in the status bar........i can help ya cofigure it if you like
»addons.mozilla.org/en-US/firefox···?src=api
»www.aniweather.com/
--
101ST ABN Div. (AirAssault) "Rendezvous With Destiny!" "Night Stalkers/Phoenix Flight" For Buddy...who lived it! Whiskey for my men and beer for my horses! H.A.L.O!, 5th Grp., MACV SOG, 160TH AVN SOG, Death From Above, VFW, AmLegion


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

Yep, running Firefox 19.02. Also just installed Spybot S&S again. Haven't used it in a long time. Scan didn't find anything of importance.

Thanks for that weather add on, will check it out!



norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to La Luna

said by La Luna:

Is Process Guard no longer available (Windows 7). I looked for it but it seems it's gone. Do you know where I could get it (safely), and would it work on Windows 7?

I'll jump in for Mele and give you the bad news. You can still source it for XP via software file share sites, but DiamondCS the Australian company behind it folded about 8 years ago. So I would not even attempt to look at it for Win 7.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

reply to Phoenix22

Got the weather add on set up, looks good. Thanks!



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to norwegian

said by norwegian:

said by La Luna:

Is Process Guard no longer available (Windows 7). I looked for it but it seems it's gone. Do you know where I could get it (safely), and would it work on Windows 7?

I'll jump in for Mele and give you the bad news. You can still source it for XP via software file share sites, but DiamondCS the Australian company behind it folded about 8 years ago. So I would not even attempt to look at it for Win 7.

I thought so, I couldn't find it, and I read the company is gone. Thought maybe there was a version floating around on one of those old app sites, but it probably wouldn't work on Windows 7 anyway.

Thanks for the info.
--
The Alien in the White House

20,504 DEADLY TERROR ATTACKS SINCE 9/11


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to La Luna

said by La Luna:

Also just installed Spybot S&S again. Haven't used it in a long time.

Many people have a low opinion of Spybot but I've been using it (the free 1.6.2 version) for a very long time. I update the definitions weekly (every Wed) and perform a manual scan at that time. I don't have it's real-time protection installed.
--
Don't feed trolls--it only makes them grow!


norwegian
Premium
join:2005-02-15
Outback

1 edit
reply to La Luna

It would be unsafe due to the file tree/directories/code of Win 7 not being the same and I doubt running in XP mode on Win 7 would really give you the protection you require.



ThoraX

@108.181.80.x
reply to La Luna

It is worth, real time protection & safe my bacon many moon


Rebirth

join:2009-06-18
33333
reply to La Luna

@ SCADAGeo

Ahh, Thanks & sorry about the confusion ! It was due to SAS stating only up to W7 on the link i gave. I wonder why it says that ?


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to norwegian

said by norwegian:

It would be unsafe due to the file tree/directories/code of Win 7 not being the same and I doubt running in XP mode on Win 7 would really give you the protection you require.

DiamondCS had just succeeded in getting ProcessGuard beta version to work with Vista when the company's owner suddenly disappeared. No more work was done on PG. Microsoft changed some things for tighter security, starting with Vista, that made it necessary to do considerable work on PG if it was to work beyond XP. On XP, it runs at Intel's ring 0 as part of the kernel. Microsoft was not allowing that on Vista and beyond. So, trying to use it in XP mode would not work. Plus, the driver runs with DEP on but the GUI does not and past XP you want all programs to use hardware DEP.

It is disquieting to hear that WinPatrol let it through.

I would suggest NoVirusThanks EXE Radar Pro be considered. There is a free version and the Pro version is only $19.95 for a lifetime license. There is a 70 page thread at Wilders. My reluctance to install it is only because they don't have their own forum. (The Wilders thread is linked to on their site). Wilders folks love it (but I have not read the thread in awhile...I imagine they still love it though).

»www.novirusthanks.org/product/exe-radar-pro/
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


gugarci
Premium
join:2004-02-25
Lyndhurst, NJ
Reviews:
·Comcast
reply to wowwtfakasdf

said by wowwtfakasdf :

THat whole site you posted

is full of trojans!

Every single freaking widget!

SOMATO.A

Emsisoft's Surf Protection is automatically blocking that site from loading. Something is got to be going on there.
--
Desktop Win 7 x64 Emsisoft Anti Malware v7, Laptop Win 7 x64 & Desktop XP Pro Emsisoft Anti Malware v7 & Online Armor Premium v6, Netbook Win 7 Starter and Netbook XP Home Avast 7, MBAM and Hitman Pro used on-demand only.