Malwarebytes and PUPS

Discussion in 'other anti-malware software' started by tomdy2k, Jan 26, 2014.

Thread Status:
Not open for further replies.
  1. tomdy2k

    tomdy2k Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    when doing a scan MB finds some pups that hitman pro doesn't show..should I leave these on my computer.?.some are in the registry..:eek:
     
  2. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    It is typical for both malware and PUPs to have both file system and registry components.
     
  3. tomdy2k

    tomdy2k Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Should I delete them or leave them alone?
     
  4. m0use0ver

    m0use0ver Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    81
    I beleive that Malwarebytes does a more comprehensive clean up then HMP.

    Don't get me wrong HMP detection rate is great but their trace clean up is still lacking.

    AS to whether you need to remove them then its your choice.
    I could only find this at the Malwarebytes forum relating to PUP detections.

    https://forums.malwarebytes.org/index.php?showtopic=134993
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Given the fact that MB has a very "personal" interpretation on what it considers to be "Potentially Unwanted", I would first document myself about those detections in order to see if there are false positives or not, and only after that I would make a decision about deleting them...
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,123
    Location:
    USA
    Is there a standardized and agreed upon list of PUPs?
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    If MBAM identifies them as pertaining to the detected PUP(s) in question, you should have it remove them.

    As Bruce already said, "It is typical for both malware and PUPs to have both file system and registry components".

    The same is true for most legitimate software, and just like a program's uninstaller (ideally) removes all pertaining registry keys, thoroughly removing a pup or other malware completely also entails removing its related registry keys and values.

    If in doubt, feel free to post at the Malwarebytes forum, so that an analyst can check your scan results.
     
  8. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Remove them.
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    It will be safe to delete them, But, the best option is to see what the PUPs actually are before deleting them, as there is a chance you may want to keep some of them. It's important to note that PUP means "potentially unwanted program" and as such are not malicious, but are often programs of little use of with ads, but there is a chance that some of these may be programs you actually use.
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I doubt it, however in my part of the world registry modifications made through Windows interface are not viewed as "potentially unwanted", but MB has a different option. That is why I wouldn't trust their definition of "potentially unwanted" and I would always recommend a double-check.

    Truth be told, I believe that it is a better idea to check upon the results of any malware scan (no matter the tool used), because you can always learn something from the experience; and sometimes you can save yourself the trouble or reinstalling/reconfiguring software :)
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,123
    Location:
    USA
    Do you mean changes made by the user as opposed to some toolbar/adware/scareware install? As to "potentially unwanted programs" I understand that to be a euphemism for rubbish that can't be called what it is because of liability concerns.

    Agreed!
     
    Last edited: Jan 27, 2014
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    There's only an extremely remote chance you'll ever need or use any of the programs MBAM identifies as Pup.Optional.

    MBAM is very cautious in its wording, and the overwhelming majority are adware of other foistware bundled with third party freeware or part of a otherwise contracted ad bundle, without any practical use to the user him/herself.

    And again ,when in doubt, why not post at the malwarebytes forum for advice.

    It is after all impossible for any of us to tell you more without a look at the contents of the scan log
     
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    "why not post at the malwarebytes forum for advice"

    I did that some time ago, and they thanked me and found that they were essentially FP.

    Previously I had quarantined some and had a problem until I took them out of quarantine.

    Jerry
     
  15. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Not really; the key in question is most definitely PUP related, and they also told you to remove it:

    https://forums.malwarebytes.org/index.php?showtopic=135716&hl=
     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Notice that in that forum link posted by TonyKlein the MB staff recommended to uninstall the specific program from the control panel, not to move to quarantine the registry key itself.

    I would go a step further, and check to see what software installed that toolbar on your computer, in order to avoid it in the future (or to be sure you install it without the toolbar, if possible).
     
Loading...
Thread Status:
Not open for further replies.