Jump to content


Photo

False pup?


  • Please log in to reply
6 replies to this topic

#1 Quinny

Quinny

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 196 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.

Posted 05 May 2012 - 06:44 AM

Just did a full scan and this pup turned up /pup hacktool.VBhideproc/ so i removed and quarentined it.
Can't seem to find out much information on it,but it has coincided with me trying out "hidemyass" proxy server.
Should i delete or not?Thanks in advance for any info.
Update,been told to post it here with logfile.

Attached Files



#2 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 05 May 2012 - 11:57 AM

Thankyou for the report Quinny.

Have now checked the file and can verify it is a False positive.

This will be fixed on the next update cycle.
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 Quinny

Quinny

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 196 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.

Posted 05 May 2012 - 01:14 PM

Thankyou for the report Quinny.

Have now checked the file and can verify it is a False positive.

This will be fixed on the next update cycle.


Thanks for that.But i'm a little confused to what the the file is,so after i restored it i traced it back to
users/roaming and a folder called 2 4 where it resided but i can't figure out what this folder is for.
After opening a couple of text files inside the folder,i can see it's got something to do with "github"
and cpu mining whatever that is.Do you know if this folder is importent and should it be left alone,or
should i delete it.

#4 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 05 May 2012 - 01:22 PM

Ok Quinny.

PUP stands for potentially Unwanted Program which denotes that some users will probaly not want it installed where as other types of users might intentionally install it.Since we cannot tell which type of install it is then assigned PUP classification.

The folder contains a BitCoin miner.

If you installed this tool then no need to take any action.

If however you did not install the Bit miner tool then there is a possibilty that either another application or potentially a trojan install has put it on your computer.So just to err on caution if you have not installed intentionally then to get your computer checked out to rule out a trojan based install.

If a computer checkup is required.
Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.
One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 Quinny

Quinny

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 196 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.

Posted 05 May 2012 - 05:47 PM

Hi,No i did'nt install it,so i thought i'd delete the folder from roaming.Checked add and remove
first but nothing there also checked program files and program filesx86,common files and program
data and nothing there either.
I then ran a full malwarebytes scan and a full avast free scan and both ran clean.My laptop seems to
be working fine,do i still need to follow your instructions in your previous post as i find them a bit complex..

#6 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,543 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 05 May 2012 - 05:53 PM

Hi Quinny :)

I would advise still to get it checked over by one of our experts just to err on caution since you did not install it.

To simplify getting help for you then please start a new topic in the following sub forum>> http://www.malwareby...php?showforum=7 with the title of need "Need to check whether my computer is clean"

Please when you post that topic leave a link back to this topic so that your helper will have a point of reference.
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 Quinny

Quinny

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 196 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.

Posted 05 May 2012 - 06:15 PM

Hi Quinny :)

I would advise still to get it checked over by one of our experts just to err on caution since you did not install it.

To simplify getting help for you then please start a new topic in the following sub forum>> http://www.malwareby...php?showforum=7 with the title of need "Need to check wther my computer is clean"

Please when you post that topic leave a link back to this topic so that your helper will have a point of reference.


Thanks Ade.I will follow your advice as i did bit more googling on bitcoinminer and apparently it's some sort of really dodgy virus.
Maybe i'm lucky and got rid of it in time,but like you saidbest to err on caution.Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users