MalwareHelpNeeded

There was a file that I downloaded onto my PC that ended up on my list of Programs - it's called "Zip Extractor Packages," and clicking on it also installed some known malware programs. I'm not sure if it's a virus, malware, a benign or dangerous PUP or something else, but since there are only a few dozen Google hits on this, I'm wondering if it's brand new, what its effects are, and how to fully remove any remnants of it. Unfortunately I don't have a copy or screen shot to attach, since my PC went to Geek Squad and they said all malware/viruses were removed. But since it may be a brand new malware or a dangerous PUP, I'm hoping someone can investigate what it is. (I posted a request for help on the "Malwarebytes Anti-Malware Help" forum here - they didn't know what it was, and said I should post in Newest Malware Threats, which I did. Since the moderator who replied there said he couldnt find it at the link I gave below, he suggested I post here and let him know what I hear. My Geek Squad guy suggested I post in Tom's Hardware, but I got no reply there) I believe I downloaded it based on a link from the moderator of MalwareTips.com that said it was a link for RogueKiller. Unless the link was changed from a few days ago, I believe the link was listed as this: RogueKiller Download Link: http://tigzy.geekstogo.com/roguekiller.php (FYI. Someone at the Malwarebytes forum said they tried this link & Zip Extractor Packages wasn't there - since I no longer had the program or any screenshots, they said they weren't able to investigate it) Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another) - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. When I tried to uninstall, it said it may have been removed... and then a NEW program appeared on the list - Sweetpacks. I went back to another help page on the site and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link unless you have a way to safely download and examine it - it's listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Though Geek Squad says they found my hardware was clean, and say they cleaned everything, my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since this thing may still be unknown or unanalyzed. Anyone know about this malware/PUP, or can anyone report it to whoever these things get reported to so it can be fixed? A friend in IT said antivirus/malware co's usually have 30 days after IDing a new item to come up with a solution, and with only a few dozen Google page hits on this thing the last time I checked, I'm afraid I may be Ground Zero with a new virus or malware or dangerous PUP. And a few related things it may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) Thanks, Jeff

Sorry, the link to the Newest Malware Threats thread on it is here: https://forums.malwarebytes.org/index.php?showtopic=134806

Thanks, David. I posted about it on Newest Malware Threats, and if it's their specialty to research these things, hopefully they can help. Since my PC is in the shop and I hadn't realized the thing was so obscure, I have no file or screenshot to post, but I did post a link in case they have a safe way to download/analyze it. Since there are only 34 Google hits, they can also check out one of the few sites that has or wrote about it. Link to the Newest Malware Threats thread is here in case anyone wants to investigate: https://forums.malwarebytes.org/index.php?s=73175b329231c9882b73c4b50d8c7543&showtopic=134794

Actually, David, in the link you posted, the root admin Marcin says there are some "harmful and dangerous PUPs we already detect." So saying all PUPs aren't potentially harmful seems inaccurate - seems some are? So it's entirely possible that Zip Extractor Packages is a harmful PUP, but just not well known or widespread enough yet to be detected or analyzed by Malwarebytes. And I don't want to be the Ground Zero case for this. So if this is a brand new PUP, can anyone suggest a forum to ask about it, or perhaps help here?

Thanks again for your reply and the info, David - posting it here will help people. I know even less about PUPs than malware, but the fact that Zip Extractor Packages seemed to be some exe that showed up on my Uninstall a Program list, and didnt even contain RogueKiller (just the malware I posted a list of above), still makes me worried that Zip Extractor Packages itself could do some sort of damage or cause corruption. (The malware it contained was all known, and I trust the people fixing my PC to ID and fix those) Anyone have any further thoughts on how to help with this? Is there some online malware/PUP center where these new, potentially harmful things can be reported and dealt with?

Ps: to answer your question directly, no programs I have flagged it as malware - Im only writing here based in what happened to me as I described it, and I appreciate your warnings about freeware. If this post leads to anything aside from a solution for my pc, hopefully people will know Zip Extrator Packages and that one RogueKiller link I listed (others may be fine) could be dangerous. Thanks for replying to my post.

(I'm assuming it's malware (or maybe just a conduit/shell that someone who wants to distribute malware created?) because I clicked on the RogueKiller download link, was asked to download Zip Extractor Packages, opened it and ended up with several malware program installed... and (including?) a program called Zip Extractor Packages, which had a strange screen pop up when I tried to uninstall it. This & the fact that there are only 34 Google hits for the name, many from strange Russian and Asian language websites, makes me think it may be, but of course I don't know for sure. I dont know anything else about this thing that installed on my PC alongside other known malware. That's why I'm posting here - to find out - but its not an academic exercise. I know very little about malware, I'm trying to see if its dangerous and may damage my pc, and want to possibly report it if its something that warrants investigation. If it is indeed brand new malware Any help or info anyone can give would be greatly appreciated

I have malware on my system called "Zip Extractor Packages" but since there are only a few dozen Google hits on this, I'm wondering if it's brand new and how to remove it. I'm also concerned that the site MalwareTips.com may be perpetuating malware, since they didn't post my post on this Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com" I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another" - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. (When I tried to uninstall, it said it may have been removed) and then a NEW program appeared on the list - Sweetpacks) I went back to the site (this time http://malwaretips.com/blogs/remove-sweetpacks-toolbar/ ) and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link, listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php") Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!. I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there. Right now my pc is with the Geek Squad - they've found my hardware is clean and are now checking my data -- but my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since it may still be unknown or unanalyzed. Anyone know about this malware, or can report it to whoever these things get reported to so it can be fixed? And a few related things some of this malware may have affected: --My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know? --my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers) --Also: I never got an emailed reply or post accepted to MalwareTips.com, but i did get an increase in spam to the email address I submitted with my post Thanks! Jeff