Picking up 'PUP's
 

Win7Pro, Windows Firewall, Avast

I seem to be constantly 'collecting' MySearch Dial, 'Google Home page protector' (or something like that) and 'SaveClick' (I think it was). Being picked up by Avast and MBAM.

Really 'innocuous' browsing, careful email reading, non-Admin profile etc etc. Any ideas from whence these are coming and how they get in?

SaveClicker typically comes from free software downloads, such as video tools. It's typically hidden behind the "custom" installation: only selecting "custom" shows you the relevant tickbox to deselect. I imagine the others you mention arrive the same way.

Yes, I'm normally pretty careful to select 'Custom' hence my surprise.

Malware picks up PUP's and puts them in quarantine.

- I'm trying to be 'pre-emptive'....

Still happening - no 'downloads' since Wednesday, only normal site access but this am another 'SaveClicker' and Google Search protector removal. As far as I can see, the 'Protector' is for Chrome which I do not use. Is Google now 'secretly' hitting me with these PUPs?

They are being picked up by the latest Avast which seems to be doing well.

I have also had several over the past few days. No idea where they are coming from, I have not installed anything for weeks.

Saveclicker back first thing this am and the only 'download' was an Amazon purchase survey form.

Zipped attachment? The only Amazon surveys in this neck of the woods are malicious.

No, 'genuine' surveys. I have now turned off my 'Browsiing history' in Amazon to see if they use Saveclicker for the function - didn't know the option existed! Will let you know what happens.

Any toolbars installed in the browser/s?

I only use FF, and I suspect the PUPs are being loaded for Chrome which is installed but not in use. FF has a Google seach box, Menu bar, Web developer Toolbar and Bookmarks Toolbar.

Seems to me to be wandering around the registry and showing up in different places and times. Have you tried an Avast Boot time scan-usually worked for me when PUP`s were evident. If you havent downloaded anything recently this might terminate them.

gemma - from Post #1

Yep, tricky one this, now I`m no puter expert but a couple things come to mind. Firstly I find with Avast more recently they prompt me very regularly to check my updates for java etc, then tell me my pc is not running to its best performance, can they check it blah blah, no they cant. Its just bloatware. In fact I`m getting fed up with Avast myself. If it was my problem I would be inclined to turn off avast or even uninstall, and then run a free AVG in boot time and see what difference that makes. As for PUP`s coming in via MBytes I would be astonished. Yesterday Avast updated the virus programme twice. After the second update it stated my pc was running very slow which it is not. So, terminate advice then to be confronted with an Avast full page suggesting they can sort the problem for a price. Very tedious.

BOAC,

Rather obvious, so I guess you've done it. Had a look at your programme files?
I had something that was trying to muck about with FF. Can't remember its name. Malwarebytes tried to delete it, but failed. It just came back. Tracked it down in prog files and deleted it.
Dunno how it got there as I'm never on the net as admin.

- I think you misunderstood my words.

I do not have the problem with Avast that you have - did you know you can do boot time scan in Avast as well?

AO - I really do not know where I would start there! I can guarantee if I ran Mbam now I would have 'mysearchdial' despite a 'clean out' a few days back - PAUSE FOR SCAN - yes, there it is again. This time shown as effective for IE which again I do not use. I suspect some websites have sold their soul to the devil. While I believe the PUP is 'innocuous', you can never be sure.

They are becoming quite a problem:

A cunning way to deliver malware | Malwarebytes Unpacked

FOR

Indeed, FOR, and the concern is the 'ease' with which these are 'arriving' and the unknown threats which may be buried in their code.

It would be illuminating, I feel, to see how many 'protected' users there are who have these PUPs - a full MBAM or similar scan is required.

Pesky thing back again - registry entry for My SearchDial, and in an IE key - I NEVER use IE (except I assume for M$updates).

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [b0711ea6c5b61a1cf33866ffef13738d],

I should add that I normally run in a non-admin user profile, so how it is writing to the reg I know not.