Jump to content


Photo
- - - - -

PUP.optional.CrossRider and more...really don't know what to do

CrossRider OpenCandy Wajam

  • This topic is locked This topic is locked
30 replies to this topic

#21 zinniaqueen

zinniaqueen

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 August 2013 - 09:09 AM

Definitely faster than it was, although I hadn't noticed it slowing down until yesterday. 

 

Do I need to re-scan to be sure the bad stuff is all gone?



#22 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,227 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 09:12 AM

You can update and run a scan with your AVG.
 

Keep in mind that as the new data bases come out for MB, you're bound to find some left over items....this is normal.

 


Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get "Unsupported operating system. Aborting now", just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#23 zinniaqueen

zinniaqueen

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 August 2013 - 09:15 AM

Oh, when I started Google Chrome, I had a message that "another program has downloaded RealDownloader". Don't know how or why or if that's a problem. Any thoughts?



#24 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,227 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 09:45 AM

Does it keep reappearing??   MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#25 zinniaqueen

zinniaqueen

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 August 2013 - 10:27 AM

Just finished the AVG scan. It didn't find anything (but it also didn't find the 13 items in the first place).

 

The RealDownloader plugin message, you mean? No, it does not keep reappearing, although when I look in my plugins container in Chrome, it's there, and active (although I didn't tell it to activate when I was asked). 



#26 zinniaqueen

zinniaqueen

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 August 2013 - 10:32 AM

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 AVG Free 9.0    
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.0    
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 8 Adobe Reader out of Date! 
 Adobe Reader XI (KB403742..) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#27 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,227 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 10:45 AM

PUP means Potentially Unwanted Program:

http://searchsecurit.../definition/PUP

---------------------------------------------------------------------------

Malwarebytes just started aggressively detecting PUPs and that's why we are seeing a flood of people complaining about them.
http://blog.malwareb...ive-pup-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


------------------------------

Uninstall any and all Java from your add/remove programs:
JavaFX 2.1.0
Java 7 Update 9

Java version out of Date!
<-------Download and install the latest version (Version 25) from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

----------------------------


Adobe Reader 8 Adobe Reader out of Date! <---uninstall from add/remove programs
Adobe Reader XI (KB403742..) <---------OK

-----------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)
Cached version:
http://webcache.goog...n&ct=clnk&gl=us

Good Luck and Thanks for using the forum, MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#28 zinniaqueen

zinniaqueen

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 August 2013 - 04:56 PM

OK, I think I've done everything on the list. A few questions/comments:

 

Ran OTC and it left JRT and SecurityCheck on the desktop--I can just delete, as in hit the delete key and click yes when it asks if I really wanna delete them, right? (vs "uninstalling" them, right?)

 

Had to leave for a few hours, so ran MBAM on a complete scan. It found PUP.Optional.OpenCandy.  Can I just delete via MBAM or do I need to go through more elaborate process like we just did?



#29 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,227 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 August 2013 - 05:51 PM

Ran OTC and it left JRT and SecurityCheck on the desktop--I can just delete, as in hit the delete key and click yes when it asks if I really wanna delete them, right? (vs "uninstalling" them, right?)
 
Yes
 
Had to leave for a few hours, so ran MBAM on a complete scan. It found PUP.Optional.OpenCandy.  Can I just delete via MBAM or do I need to go through more elaborate process like we just did?
 
Just let MB delete it.
 
As the data base of Malwarebytes gets updated, you're going to find leftovers in the logs.
 
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#30 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,227 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 August 2013 - 06:45 AM

My Preventive Maintenance
Now that the system is clean.

------------------------
 
Delete your system restore files and create a new restore point:(you may have already done this)

Create new system restore point for Vista and W7

Create new system restore point for Windows XP

Clear old system restore points except for the last one

------------------------

If you have used ComboFix and have the XP Recovery Console installed I suggest you keep it on your XP system.
Here's a Tweak so the computer boots up faster with it.
If you would like to uninstall the Recovery Console, please let me know and I'll give you instructions to do so.

-------------------

Install all critical Windows Updates:

Visit Windows Update and install all the lastest critical updates.

--------------------

Optional programs you may need:

Please note:  DON'T download and install any scanner listed on THIS LIST.
They're scanners that are blacklisted because of their questionable reputation.

Note: Please only install one anti-virus program, one firewall and one anti-malware program that provides real-time protection.

A good security plan:

An anti-virus program, a firewall (For XP) - (Vista and Windows 7 firewalls are OK), an anti-malware program that provides realtime protection, keep the registry backed up (mainly for XP), and install the Windows XP Recovery Console.

What do I use and recommend: (I'm using XP pro)
Malwarebytes Anti-Malware Pro (provides realtime protection)
Microsoft Security Essentials (anti-virus)
PC Tools firewall (for XP)... (Vista and W7 firewalls are OK)
Google Chrome
Keep the registry backed up
XP Recovery Console
WOT
OpenDNS
Malwarebytes Anti-Exploit

Links below:

Anti-Virus (free):
Avast Free
Microsoft Security Essentials
Ad-Aware

Anti-malware with "real-time protection" (free):
Microsoft Security Essentials
SuperAntiSpyware Pro and Malwarebytes Pro Anti-Malware
will provide "real time protection" only if you purchase the upgraded version.

I highly recommend that you purchase MalwareBytes Anti-Malware, it's a one time fee, provides excellent protection and you won't regret it.          Read more HERE

Firewalls:
PC Tools Firewall Plus
Comodo Free Firewall w/anti-virus
ZoneAlarm*free

Free malware removal programs:
Malwarebytes' Anti-Malware
SUPERAntiSpyware (free edition)
Dr.Web CureIt!® Utility (Free)
VIPRE Rescue Program
SUPERAntiSpyware Portable Scanner
Microsoft Security Essentials
Free ESET Online Scanner
Microsoft Safety Scanner

Malwarebytes Anti-Exploit
It protects all major browsers (IE, Firefox, Chrome, Opera) and all browser components such as Java, Adobe Reader, Flash, and Shockwave. It blocks standard exploit kits like Blackhole, Sakura, Phoenix, Incognito without requiring signature updates.

AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.

SpywareBlaster Prevent the installation of spyware and other potentially unwanted software! Simple, effective, trusted.

Windows XP Recovery Console:
If a Windows XP-based computer does not start correctly or if it does not start at all, you may be able to use the Windows XP Recovery Console to help you recover the system software.
Recovery Console Tweak if you do have it installed

Back-up the registry: (everyday > important on XP)
ERUNT tutorial

Keep those temp files off your system:
Use CCleaner (Stay away from the registry cleaner and any other registry cleaner as they do no good!)
Here's a Tutorial if needed.
or
try ATF Cleaner - hit "select all" then just uncheck "cookies" (uncheck cookies is optional - leave it checked if you want to delete all cookies) then "empty selected"

Sun Java:
Keep your Sun Java up-to-date  JRE Version **
Older versions are vulnerable to malware!
Delete ALL old versions from add/remove programs if listed first!
Most people have older versions installed on their system, once you get them cleared off > install the newest version and from then on all you have to do is go to Java in your control panel and click on update or just set Java to automatically check for updates.
Check HERE

Please consider using Foxit Reader instead of  Adobe Reader. Foxit Reader is less vulnerable to malware.

Latest versions of Adobe Flash Player and Adobe Reader

Please consider using Google Chrome or FireFox  instead of Internet Explorer. They're more secure browsers!

Use OpenDNS, a very valuable feature that gives your PC the benefit of extra safety and increased browser speed.
OpenDNS – What is OpenDNS and Why You Absolutely Need It
OpenDNS Start Here
Easy set-upHere
Confirm you're using OpenDNS

Install WOT (Web of Trust)
The WOT add-on shows you which websites you can trust based on millions of users' experiences.
Our safe surfing browser tool is easy-to-use, fast and completely free. Install it now!

Blocking Unwanted Parasites with a Hosts File "MVPS HOSTS"

Do Not Track Plus
Blocks tracking cookies

Removes those tracking cookies > Cookienator, run it once a week.

Panda USB and AutoRun Vaccine

Useful information:

Reduce Online Fraud

Slow Computer - Check Here
and HERE

Microsoft Fix it Center Fix those annoying Windows problems

How to Prevent the Online Invasion of Spyware and Adware

Miekiemoes Prevention Tips

Three more sites to check: How did I get infected??
G2G
BleepingComputer
Tony Klein

Some of  My Tips
Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful.
Don't click on any executables in e-mails or any other links that you're not sure of.
Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.
Don't download any  kind of Video Codec when prompted to while watching a movie...it's most likely malware.
Watch your surfing habits, don't click on or download anything you're not sure of.
Don't install a program that hasn't been recommended by a reputable organization.
Don't install toolbars.
If you suddenly get a pop-up or notice that you need to update a program > don't believe it > it may be malware attempting to gain access to your computer. If you what to check for an update , use the program itself > there should be an update tab or button to click on.
Stay away from Peer-to-Peer (P2P) Programs----> Read HERE

Peer-to-peer programs/cracks/keygens/warez warning:

Downloading cracks and keygens from p2p programs ( Limewire, eMule, uTorrent ) is the most common way computers get infected.
They are a security risk which can make your computer susceptible to a variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

Malware Fighter:
If you would like to become a malware fighter, there are schools offering free training and you are welcome to sign up. (it's not easy though!)
WhatTheTech Classroom
Malware Removal University
GeeksToGo University
Also Check Here
----------------------


Good luck and thanks for using the forum -  MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#31 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 August 2013 - 07:21 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users