Picking up 'PUP's
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Picking up 'PUP's
Win7Pro, Windows Firewall, Avast
I seem to be constantly 'collecting' MySearch Dial, 'Google Home page protector' (or something like that) and 'SaveClick' (I think it was). Being picked up by Avast and MBAM.
Really 'innocuous' browsing, careful email reading, non-Admin profile etc etc. Any ideas from whence these are coming and how they get in?
I seem to be constantly 'collecting' MySearch Dial, 'Google Home page protector' (or something like that) and 'SaveClick' (I think it was). Being picked up by Avast and MBAM.
Really 'innocuous' browsing, careful email reading, non-Admin profile etc etc. Any ideas from whence these are coming and how they get in?
Hippopotomonstrosesquipidelian title
Join Date: Oct 2006
Location: is everything
Posts: 1,826
Likes: 0
Received 0 Likes
on
0 Posts
SaveClicker typically comes from free software downloads, such as video tools. It's typically hidden behind the "custom" installation: only selecting "custom" shows you the relevant tickbox to deselect. I imagine the others you mention arrive the same way.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Still happening - no 'downloads' since Wednesday, only normal site access but this am another 'SaveClicker' and Google Search protector removal. As far as I can see, the 'Protector' is for Chrome which I do not use. Is Google now 'secretly' hitting me with these PUPs?
They are being picked up by the latest Avast which seems to be doing well.
They are being picked up by the latest Avast which seems to be doing well.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
No, 'genuine' surveys. I have now turned off my 'Browsiing history' in Amazon to see if they use Saveclicker for the function - didn't know the option existed! Will let you know what happens.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
I only use FF, and I suspect the PUPs are being loaded for Chrome which is installed but not in use. FF has a Google seach box, Menu bar, Web developer Toolbar and Bookmarks Toolbar.
Join Date: Jul 2012
Location: spacetime
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
Seems to me to be wandering around the registry and showing up in different places and times. Have you tried an Avast Boot time scan-usually worked for me when PUP`s were evident. If you havent downloaded anything recently this might terminate them.
Join Date: Jul 2012
Location: spacetime
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
Yep, tricky one this, now I`m no puter expert but a couple things come to mind. Firstly I find with Avast more recently they prompt me very regularly to check my updates for java etc, then tell me my pc is not running to its best performance, can they check it blah blah, no they cant. Its just bloatware. In fact I`m getting fed up with Avast myself. If it was my problem I would be inclined to turn off avast or even uninstall, and then run a free AVG in boot time and see what difference that makes. As for PUP`s coming in via MBytes I would be astonished. Yesterday Avast updated the virus programme twice. After the second update it stated my pc was running very slow which it is not. So, terminate advice then to be confronted with an Avast full page suggesting they can sort the problem for a price. Very tedious.
BOAC,
Rather obvious, so I guess you've done it. Had a look at your programme files?
I had something that was trying to muck about with FF. Can't remember its name. Malwarebytes tried to delete it, but failed. It just came back. Tracked it down in prog files and deleted it.
Dunno how it got there as I'm never on the net as admin.
Rather obvious, so I guess you've done it. Had a look at your programme files?
I had something that was trying to muck about with FF. Can't remember its name. Malwarebytes tried to delete it, but failed. It just came back. Tracked it down in prog files and deleted it.
Dunno how it got there as I'm never on the net as admin.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by gemma
As for PUP`s coming in via MBytes I would be astonished
I do not have the problem with Avast that you have - did you know you can do boot time scan in Avast as well?
AO - I really do not know where I would start there! I can guarantee if I ran Mbam now I would have 'mysearchdial' despite a 'clean out' a few days back - PAUSE FOR SCAN - yes, there it is again. This time shown as effective for IE which again I do not use. I suspect some websites have sold their soul to the devil. While I believe the PUP is 'innocuous', you can never be sure.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Indeed, FOR, and the concern is the 'ease' with which these are 'arriving' and the unknown threats which may be buried in their code.
It would be illuminating, I feel, to see how many 'protected' users there are who have these PUPs - a full MBAM or similar scan is required.
It would be illuminating, I feel, to see how many 'protected' users there are who have these PUPs - a full MBAM or similar scan is required.
Per Ardua ad Astraeus
Thread Starter
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
Pesky thing back again - registry entry for My SearchDial, and in an IE key - I NEVER use IE (except I assume for M$updates).
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [b0711ea6c5b61a1cf33866ffef13738d],
I should add that I normally run in a non-admin user profile, so how it is writing to the reg I know not.
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [b0711ea6c5b61a1cf33866ffef13738d],
I should add that I normally run in a non-admin user profile, so how it is writing to the reg I know not.
Last edited by BOAC; 8th Aug 2014 at 14:20.