software to block PUPs?

Discussion in 'other security issues & news' started by vincenzo, Nov 8, 2014.

  1. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    I've got a friend, a senior, who for the 3rd time has his computer infected with pop-ups as he goes on the web. Things like Conduit, MyWebSearch, WebOptimizer, etc, that av's like his installed Norton Internet Security do not seem to block. I've told him how to use the web safely but this has happened again. I don't think telling him he has to change his ways will help.

    I installed MBAM Premium about 2 months ago in hopes that it would stop this. But the program kept malfunctioning and saying it needed to have its database updated, yet would never be satisfied even after it was run, it kept popping up saying it needed update. Two reinstalls did not help. I contacted their support and they gave me a long list of things to do, diagnostics to run, so much so that my friend just said to remove the program.

    After the last time I cleaned it up, using 5 or 6 malware scanners, he was ok for about 2 months.

    So my question is, is there another program that might run in the background to block installation of PUPs?

    Thanks
     
  2. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    271
    Location:
    USA
    You can use Unchecky(http://unchecky.com/), that is what I use for my family that gets tricked into installing PUPS.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    HitmanPro is also good i've found on peoples PC's
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    ESET has good detection of PUPs in my experience.
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    The new Emisoft Internet Security 9 Now detects PUPS
     
  6. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,087
    For realtime protection: Most of AV's detect the Potentially Unwanted Programs (PUP).
    i.e.
    http://www.pcworld.com/article/2603...ially-unwanted-programs-pups-from-biting.html
    For on demand scan:
    1) AdwCleaner
    2) Junkware Removal Tool
     
    Last edited: Nov 9, 2014
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    While AdwCleaner does a very good of removing PUPs, no software will remove (or block) them all. However, aside from some of the adware browser addons which are not so easily removed, PUPs do come with uninstallers.

    The problem is that PUPs are not malicious. There are plenty of websites which will tell you they are malicious in an attempt to get you to install antimalware software which they will make money from if you buy it. But, the reality is that these "unwanted" programs are not harmful. So while they can be highly annoying, especially when they are installed silenty alongside other software, there are people who knowingly install unwanted software and may end up purchasing it.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    Another tool for removing adware and unwanted programs is Adware Removal Tool. However there is a major flaw in the design of both AdwCleaner and Adware Removal Tool (which copies the user interface of AdwCleaner) in that they do not list the particular software that each found file and registry key belongs to, which causes a major headache if there are some detected programs you want to keep - which is usually the case for me. But, they're fine if you want to remove everything.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    Sandboxie.
     
  10. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    617
    Location:
    Wembley, London
    @vincenzo :"So my question is, is there another program that might run in the background to block installation of PUPs?"

    So is he asking for removal suggestions :confused:

    My votes also go to EMSI and ESET for detection/prevention
     
  11. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    This.

    Install Sandboxie and configure it to empty sandbox when browser closes.

    Tell your friend something like this: "from now use this yellow icon (Sandboxie icon) to go to the internet. Nothing you'll do in the internet will be saved to your computer. Use only this icon (IE, Chrome, etc) to go to the internet if you need to do something exceptionally important or really need to save something in your computer."

    It worked fine with 2 clients of mine (the only ones that i installed sandboxie, because of the same problem you're having). After more than 1 year his computer was clean, and it only needed some basic maintenance (updates, defrag, etc.).

    Edit: you can manually configure exceptions to allow bookmarks, history, etc to be saved, but personally, i prefer to keep it simple and straightforward.
     
    Last edited: Nov 9, 2014
  12. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    Thanks to all for the replies.

    Yes, I am right now just concerned with info on blocking installation, although the cleanup apps info is useful.

    After researching what has been suggested, I am going to try ESET Smart Security and EMET (which I've used for a while on my own computer and it has never created any issues).

    By the way, when doing the research I came across this thread that has a lot of really good info
    https://www.wilderssecurity.com/threads/anyone-know-a-great-av-that-blocks-pups-well.360546/

    Thanks for the Sandboxie suggestion, I will experiment with that on my own computer first to learn more about it.

    Unchecky looks good, but it is still in beta, not something I want to install just yet on someone else’s computer.
    I am unclear whether Unchecky will block install of PUPs if there is no checkbox present for it in the installation dialogs that are being presented, in other words, hidden installations. Any thoughts on that?

    Thank again to all.
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    FWIW, There is three user optional detection categories found in the setup-tree for
    Suspicious applications, Potentially Unwanted Applications and Potentially Unsafe Applications.

    What is a potentially unwanted application?
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2629

    Many will be detected as PUAs: http://virusradar.com/en/glossary/pua
    ....while some others may be detected as Adware: http://virusradar.com/en/glossary/adware
     
    Last edited: Nov 10, 2014
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    If it's any help to you, I use Emet, Eset and Sandboxie in combo.

    Also, if it's any help to you, I went down the Sandboxie route specifically because, even with AV protection and good updates, some of the machines I look after were getting these Pups and other infections. After rolling out Sandboxie - nada.
     
  15. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    Thanks, those are just what I am looking for.
     
  16. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    That sounds good to me, haven't had a chance to try Sandboxie yet though. Thanks
     
    Last edited: Nov 10, 2014
  17. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You're welcome :)
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If your friend doesn't install anything, perhaps consider an anti-executable.
     
  19. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    That's a good idea, I'll suggest it, and see what he says. Thanks
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    There's a very light free program called Unchecky that makes sure you have not overlooked pre-checked boxes on installers, and uses additional methods to warn of installers attemptng to sneak-in PUPs

    http://unchecky.com/

    As far as friggin Conduit goes, I'm convinced it sneaks in by many installers without you having OK'd it with a check mark. They do have a check box on many installers AND actually have a EULA, but I'm convinced they use those as a pretext for dissuading AV's from blocking it's installation for legal reasons. Conduit is a sinister pain in the azz.

    In addition to others mentioned, Webroot has started to take a more aggressive stand against PUPs but I believe that it is limited to PUPs that have the capacity to behave in a malicious way. Sadly, the ability to merely start popping up ads while being a total annoyance, in and of itself, is typically not regarded as malicious behavior.

    Bitdefender has recently released a free Ad Ware scanner and remover, but as of the moment it is not detecting all adware. Hopefully it will be improved over time.

    The attempts to block malware, cybercrime, PUPs, adware, spyware is a perpetual war. Something like US military-industrial-big money led US foreign policy. We'll never stop either - there's too much profit to be gained.

    We don't need anti-virus/malware/PUP/Ad Ware blockers. We need greed reducers and anti-psychopathic drugs introduced into the water supply everywhere. Would do a heck of a lot more than Flouride.

    There is always hope:

    http://www.bbc.com/news/technology-30146176

    Countered by discouragement:

    http://www.winbeta.org/news/psa-cha...ing-has-hacked-windows-live-psn-and-2k-gaming

    The Road Goes on Forever and the Party Never Ends.

    Somewhere in a Land far, far, far away there is a free,open,neutral, high-speed, hacker/criminial/ script-kiddie free/privacy protected/secure internet. When I find it I'll send you an email.

    My apologies for the OT/thread-hijack/mini-rant.
     
    Last edited: Nov 21, 2014
  21. vincenzo

    vincenzo Registered Member

    Joined:
    Nov 28, 2005
    Posts:
    151
    Thanks for the info. When I get some time, I plan to give Unchecky a look on my computer.
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
  23. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    438
    Location:
    The Outer Limits
    Maybe something like Toolwiz Timefreeze etc would save your friend and you alot of grief.

    Regards Eck:)
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I had good success in the past with a setup like this for a family member who doesn't install or configure anything, along with a separate data partition that was not virtualized.
     
  25. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    438
    Location:
    The Outer Limits
    The good thing is you can hide these types of program to an extent that granny or grandpa dont even know it`s on their system...he,he,he.:ninja:

    Regards Eck:)
     
Loading...