Jump to content

PUP.Dealio

Jkc73

By Jkc73
in File Detections

 Share

Recommended Posts

Jkc73

Jkc73

Posted
Posted

Please shine some light on what Mbam has found here, thanks!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5417

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/30/2010 3:33:40 AM

mbam-log-2010-12-30 (03-33-07).txt

Scan type: Quick scan

Objects scanned: 154850

Time elapsed: 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken. [a1886da814ecd0302815f7181ce4649c]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. [0326d83dea1652ae7c6cb4dd2fd37987]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken. [a1886da814ecd0302815f7181ce4649c]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken. [a1886da814ecd0302815f7181ce4649c]

mbam_log_2010_12_30__03_33_07_.zip

Link to post
Share on other sites
lmacri

lmacri

Posted
Posted

I received the same notification for PUP.Dealio today after a quick scan with MBAM v. 1.50.1.1100 - database version 5422 (see attached log).

I'm assuming this registry key for the CLSID E312764E-7706-43F1-8DAB-FCDD2B1E416D is associated with the Dealio Toolbar. Did Malwarebytes just add this fingerprint to the database recently? I am curious since I do not recall installing any software that warned me that the Dealio Toolbar was included in the installation.

I checked the add-ons in my IE 8 browser (Tools | Manage Add-ons | Toolbars and Extensions | Show All Add-ons) and I don't see any evidence that I've ever installed the Dealio toolbar on my PC. I found some information on the Dealio website (http://www.dealio.com/help/uninstall-dealio-toolbar.html) that the Dealio Toobar also installs a program called Search Settings (searchsettings.exe) but I checked Programs and Features in my Windows Control panel and can't see Search Settings in my list of installed programs.

I googled "Dealio Toolbar" and there are lots of people who have reported serious problems after installing this software, so kudos to Malwarebytes for adding the fingerprint to their malware database. I have Norton Internet Security 2011 on my PC and ran a full scan of my PC before I quarantined PUP.Dealio with MBAM, and NIS 2011 doesn't detect it as a threat.

________

MS Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.1.0.37 * MBAM v. 1.50.1.1100

HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

mbam_log_2010_12_30__20_27_12_.txt

Link to post
Share on other sites
DavidR

DavidR

Posted
Posted
Yes, this was added recently as PUP, which explains why you suddenly got this detection :)

My problem with this detection is that there are absolutely zero other Dealio associated elements, files, toolbars, registry keys, etc. etc. only this single registry key:

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio)

I searched on the CLSID looking for other associated stuff and on Deelio, but there is nothing on my system. I hate toolbars with a vengeance, so there is absolutely no way I would go installing one. Not to mention I don't use IE as my default browser but firefox 3.6.13 with NoScript, RequestPolicy, AdBlock Plus add-ons and avast with its web and network shields enabled. I haven't had any malware infection in over 7 years, so I rather doubt I got hit with a driveby installation.

So I'm at a loss as to how this can get there without a single other piece of associated Dealio c**pware on my system.

Personally I feel this is some sort of FP on the CLSID if there are no other indications of Dealio ?

Link to post
Share on other sites
DavidR

DavidR

Posted
Posted
Hi,

This is no FP though. Maybe you have installed pdfforge in the past or any other app that bundles dealio.

No, no pdfforge and I'm very hot on any bundled apps, notoriously ASK toolbars, etc. I have an absolute aversion to toolbars/ bundles software and am like a hawk in the various installs.

As I said before there are zero other indications of Dealio only this registry key. I also use SAS and no indications on that either. So I'm at a loss as to how only the registry key would be there if this truly were Dealio.

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

The Vendio searchsettings also bundles these: http://www.systemlookup.com/search.php?typ...RCHSETTINGS.DLL

As I said, many apps are bundled with Dealio. It could be that this leftover was already present there for a long time on your pc.

I also use SAS and no indications on that either.

SuperAntispyware normally detects this one as well though, because I found a report where it does: http://www.computerhope.com/forum/index.php?topic=73598.0

Link to post
Share on other sites
DavidR

DavidR

Posted
Posted

Same thing really, I don't have any search settings, freebies as I know that they aren't set to help me but the makers of the toolbar/settings, etc. so I do avoid them like the plague.

I have absolutely no explanation given my caution and proactive measures I take, how it would get on my system. Even with this item out of the MBAM Quarantine SAS doesn't detect this (scan just run). I have had SAS Pro (resident) for over three years before I tried MBAM which is on-demand only to avoid conflict of two resident anti-spy/malware applications running.

The topic you found from 2009 was within the time that I have had SAS and no detections, so perhaps that Unclassified.Unknown Origin detection was removed as I certainly didn't have the alert in my weekly .

So colour me confused.

post-4426-1294245857_thumb.gif

Link to post
Share on other sites
  • 2 months later...
gardnerman

gardnerman

Posted
Posted

Hello everyone

I just joined as I have this as well (pup.dealio that is), I first got the results a few weeks ago and removed all with malawarebytes.

I scanned again today and it's all back, I've once again had malawarebytes remove but I assume it'll be back.

Is there a way to permanently remove, you mention PDF creator software and I only have Adobe reader, is it possible it comes in with updates to that.

Richard

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.