Jump to content


Photo

MBAM suddenly cites 24 files as PUPs


  • Please log in to reply
13 replies to this topic

#1 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 04 August 2013 - 10:42 AM

I'm using MBAM Pro 1.75.0.1300 with database 2013.08.04.03 on a Win 7 64 bit computer.  Today I decided to run a full scan, for no particular reason.  In the past, MBAM has almost NEVER found anything to report, neither on a quick scan nor a full scan.  Today, however, it identified 24 items as problematic.  All were identified as PUP.Optional.Babylon.A except for one that was PUP.Optional.Ask.Toolbar.  I'm assuming that none of these is something to worry about.  I've had the Babylon Pro dictionary on my computer for years, and never before has MBAM (or any other security program) called attention to it.  As for the lone Ask.Toolbar entry, it was the installation file for the KM Player, and it has been on my computer for about two years, and again, no one has flagged it before.  IIRC, the installation file may try to get unwary users to install the Ask Toolbar, but I certainly did not do so.  So I have three questions: 

 

1)  Am I right in thinking that I can simply ignore MBAM's results?

2) Is there a way of telling MBAM not to report these same results again?  (I pressed Ignore, but nothing seemed to happen)

3) Why did MBAM suddenly call attention to these files, when it had never done so before?

 

I'm attaching a file of MBAM's reports, with my username blurred out.

 

Thanks in advance for your help.mbam_pup2.gif


Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#2 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,904 posts
  • Gender:Not Telling

Posted 04 August 2013 - 10:45 AM

Hi, whatmeworry?: :)
 
Yes, there has been a recent change about PUPs (PUP = Potentially Unwanted Program).
What are the 'PUP' detections, are they threats and should they be deleted?
Malwarebytes Adopts Aggressive PUP Policy
PUP.Optional listings and disputes

 

I wouldn't want any of this stuff on my computers, but it's up to you.
 
 If you're not sure what you want to keep and what would be best removed, then please start with the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A qualified helper will guide you through the scanning and cleanup process.

Thanks,

daledoc1


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#3 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 04 August 2013 - 11:05 AM

Hi, daledoc1.  Thanks for your prompt reply.  Though you're usually right in the advice you give, this time I'm afraid you're not.  The Babylon Pro Spanish/English dictionary that I bought six or seven years ago is terrific, far and away the best I've encountered online.  I'm aware that in recent years there has been some kind of PUP involving Babylon, but this isn't it. 

 

As for the KM Player's including the Ask Toolbar as an option in its installation file, I think it's unfortunate, but all too common nowadays.  If I were to remove every piece of software whose installation has included my opting out of bloatware, I'd be missing some valued programs.  At least the KM Player is free; I've begun to see bloatware included even in commercial software. :(

 

I'm hoping my having said "Ignore" to MBAM did more than was apparent.  I'd hate to see it needlessly turn up these same files and folders again.


Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#4 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 04 August 2013 - 11:13 AM

Hi again, daledoc1.  Just a quick addition to my previous message.  I want to thank you for the 3 links you provided, which gave more info about MBAM's handling of PUPs.  They were quite helpful.


Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#5 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,904 posts
  • Gender:Not Telling

Posted 04 August 2013 - 11:13 AM

Hi:

 

I was not specifically addressing any one or more of the detections on your system.

Rather, I was speaking about the basic concept of PUP detections and pointing you to the recent, official pinned topics and forum posts by the MBAM staff.

 

As I said, it's entirely up to you what to keep and remove. :)

 

Also, there's a link in my earlier reply to address how MBAM decides what is or it not a PUP: PUP.Optional listings and disputes

 

Please be advised that we are not listing PUPs as malicious or dangerous, only as the words are defined, Potentially Unwanted. Evaluation will be based on the following criteria:.....

 

As you may (or may not) have other adware/junkware/malware/PUPs on your system, I was merely suggesting that you head over to the malware removal section for expert, guided assistance with checking into that (as we don't work on this sort of thing in this particular section of the forum).

 

 

Nothing more, nothing less. :)

 

Best regards,

 

daledoc1


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#6 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 04 August 2013 - 02:40 PM

Hi yet again, daledoc1.  I don't want to belabor this, but the reason I said I thought you were wrong is that you said "I wouldn't want any of this stuff on my computers," without knowing what the Babylon Pro program is and how extraordinarily useful it is.  You simply assumed that since MBAM has flagged it as a PUP, it's a dodgy piece of work that sensible people should avoid, rather than a very useful, legitimate software program.

 

Why in your most recent message did you say "As you may (or may not) have other adware/junkware/malware/PUPs on your system...[you should] "head over to the malware removal section for expert, guided assistance with checking into that (as we don't work on this sort of thing in this particular section of the forum)"?  I had already said in my first message that I had just run a full scan and that MBAM called attention to 24 files (as shown in the screenshot I posted), nothing else.  I also said that it almost NEVER finds anything.  Indeed, almost the only things it finds on my computer are false positives, and those only rarely.   So why do you say that I "may (or may not) have other adware/junkware/maleware/PUPs" on my computer??   I'm quite careful about what goes on my computer.  That's one of the main reasons I use MBAM Pro.  Are you doubting the accuracy of MBAM's full scans?  

 

Please understand that I've got great admiration for the work you do here.   I'm just a little disappointed in the way you responded to the issue I raised.  Oh well, as they say, even Homer nods.  :)  


Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#7 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,246 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 04 August 2013 - 02:59 PM

I think you are needlessly making a mountain out of a mole hill here.

 

vCBDV.gif

 

Yes there may be a small percentage of people who like a particular class of software that has been called "Potentially Unwanted" but the majority of users find the tactics that get this class of software installed malignant.

 

Daledoc1 gave generic yet accurate information and you are picking apart the words written.  The majority of posters feedback, in reference to Babylon, has been that of an outraged victim.

 

Less then 1 week ago Malwarebytes management made a bold decision to target a broader range of "Potentially Unwanted Programs".  This is new.  There will be growing pains as people will act both negatively and positively to this new aggressive stance.  I will also point out that you posted a screen-capture graphic not a MBAM log so one may conclude, rightly or wrongly, that there is more than meets the eye.


David H. Lipman
DLipman@Verizon.Net

#8 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,904 posts
  • Gender:Not Telling

Posted 04 August 2013 - 03:03 PM

 

Why in your most recent message did you say "As you may (or may not) have other adware/junkware/malware/PUPs on your system...[you should]

 

 

If you re-read all of my replies, you'll see that I never used "should". Alas, those are your words, not mine. :(

 

PUPs often come bundled with other software/malware.

Some of it gets installed unintentionally, even by careful users.

There's no way for anyone -- including the highly qualified MBAM staff and expert forum members  (of which I am neither) -- to determine exactly what might or might not be on your system without an analysis of at least the MBAM logs (if not other diagnostic tools).

And that sort of work is not performed in this particular sub-section of the forum.

That's why I SUGGESTED that you might take advantage of free help from the malware analysts over in the malware removal section or help desk.

They are qualified to review MBAM scan logs and other diagnostic tools, in order to assist users in cleaning their systems of adware/junkware/malware/trojans/viruses/toolbars/BHOs/PUPs and other infections and unwanted software.

Malware detection and removal is a highly complicated endeavor, as explained here by AdvancedSetup, the forum admin: The complexity of finding, preventing, and cleanup from malware

 

I'll only say -- yet again -- that I was merely trying to be helpful, pointing you directly to the informative pinned topics, blog posts and forum posts explaining the new PUP policies and how to deal with the results.

There was absolutely no offense intended.

I'm sorry if I did not explain things clearly enough.

I'm likewise sorry that you somehow read into my suggestions, advice and referenced resources something that wasn't there.

 

Kind regards,

 

daledoc1


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#9 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 04 August 2013 - 07:22 PM

Hi daledoc1.  Yes, I think you're right.  I've made much too much fuss about all this.  I'm sorry.   Basically, what I was trying to say is that the Babylon files and folders were not PUPs sneakily bundled with something else but rather were a program I bought six or seven years ago and have used constantly and valued highly ever since.   But I do think I over-reacted, and I apologize.  I'm especially sorry that I over-reacted with you, since, as I said earlier, I have great respect for the work you've done on this forum.

 

I might just add that there's no need for me to bother the malware analysts in the malware removal section since the logfiles indicated that MBAM found only what I posted earlier.  The rest of the logfile was the same as it almost always is when I run a scan:

 

Protection: Enabled

8/4/2013 9:40:13 AM
MBAM-log-2013-08-04 (10-52-34).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 461417
Time elapsed: 46 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)
 


Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#10 DarkSnakeKobra

DarkSnakeKobra

    May the penguin be with you!

  • Honorary Members
  • PipPipPipPipPipPip
  • 5,262 posts
  • Gender:Male
  • Location:~
  • Interests:Scripting, GNU/Linux, photography

Posted 04 August 2013 - 09:17 PM

Hi daledoc1.  Yes, I think you're right.  I've made much too much fuss about all this.  I'm sorry.   Basically, what I was trying to say is that the Babylon files and folders were not PUPs sneakily bundled with something else but rather were a program I bought six or seven years ago and have used constantly and valued highly ever since.   But I do think I over-reacted, and I apologize.  I'm especially sorry that I over-reacted with you, since, as I said earlier, I have great respect for the work you've done on this forum.

 

These are considered PUP or Potentially Unwanted Programs because many programs bundle these now days especially Babylon which is well known. Whether or not this was installed separately on your computer is irrelevant. Many programs include Babylon and other toolbars etc in their installers as a way to make money as they are prechecked by default and most people click through the installers resulting in tons of toolbars being installed which wastes space and degrade performance. These programs are not related to the software which they are bundled with and such are labeled PUP.


I'm not a staff member just another Malwarebytes' user.

Advice: Hug your dog, cat etc everyday! :)


#11 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,107 posts
  • Gender:Male
  • Location:US

Posted 05 August 2013 - 12:34 AM

Babylon is not malware otherwise we would mark it for removal automatically when scanned.  However what you will find is that sooner or later that software is certainly going to bring you in contact with a site that is going to drop an infection on your box if it's not up to date on all its plugins and protection software.  If you're up to date on everything at all times then you'll probably be okay, but if you happen to have say an old outdated and exploited version of Java and happen to hit one of these sites (that you certainly would never come into contact on your own) then the box is going to get infected.

 

So the "risk" the software potentially brings you is not worth it to most people.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#12 whatmeworry?

whatmeworry?

    True Member

  • Honorary Members
  • PipPipPipPip
  • 326 posts

Posted 05 August 2013 - 08:37 AM

Hi, Ron.  I'm quite interested in your message, which I also find a bit perplexing.  I bought the Babylon Pro Spanish/English dictionary for my computer at least seven years ago.  I have used it VERY frequently -- indeed, in the last few years, almost every day.   As far as I know, it has never brought me into contact with any unsavory site that has tried to infect my computer.  If it had, I would imagine that one of my security programs would have warned me of the attempt or found a nasty infection.  As far as I can tell, all Babylon Pro does is provide me with definitions of words and phrases in Spanish and English.  

 

I do take your message seriously, and I have been aware for several years (thanks to my reading of tech news) that Babylon (the company) has become rather scuzzy.  I'm just not sure that the program I have on my computer poses the danger you describe.  At least, I've seen no sign that it does (knock on wood  :unsure: ).


Dell XPS 8300 Win7 Prof. 64-bit desktop (Intel Core i5-2400 processor, 8 GB RAM): MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS
Dell Latitude E5530 Win7 Prof. 64-bit laptop: (Intel 3rd gen. i5-3230M processor, 4 GB RAM), MS Security Essentials AV, Windows Firewall, MBAM Pro, WinPatrol PLUS


#13 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,246 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 05 August 2013 - 08:42 AM

Personally, I don't think Babylon Pro rises to that level of being a risk especially in light of it being obtained and installed prior to when Babylon authors went "rogue".


David H. Lipman
DLipman@Verizon.Net

#14 gchq

gchq

    New Member

  • Members
  • Pip
  • 10 posts

Posted 18 September 2013 - 07:06 PM

Just to throw in my two cents worth...

 

Carried out a scan today and it not only found a file with Trojan.Email.FA sent from 'Wells Fargo' via email that I had already isolated (first red flag was FirstName_Surname@WellsFargo.com not FirstName.Surname@WellsFargo  - Sandra Bullock - 'Some people collect string...') but also cited PUP.Optional.AskToolbar included in the Image Burn setup exe that has been there since 2010 and has not been flagged before.

 

I have noticed that Java updates now carry this option and if memory serves me correctly the last few updates from Flash carried this for another unwanted toolbar add-on - we are not talking back-street developers here, but large multinationals.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users