Jump to content


Photo
- - - - -

PUP.Optional.Installex / PUP.Optional.Installrex .part.exe's?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Halpe

Halpe

    New Member

  • Members
  • Pip
  • 4 posts

Posted 20 September 2013 - 02:14 AM

Files Detected: 3
C:\Users\Arc\AppData\Local\Temp\4SGYyiVq.exe.part (PUP.Optional.Installrex) -> No action taken.
C:\Users\Arc\AppData\Local\Temp\e8+izYDu.exe.part (PUP.Optional.Installex) -> No action taken.
C:\Users\Arc\AppData\Local\Temp\FIoSNhJU.exe.part (PUP.Optional.Installrex) -> No action taken.
 

I ran MalwareBytes and these three results came up. They were all created within about 30 minutes of each other on the 9th of this month. Nothing else appeared in the scan. What do these files mean?

 

Does it mean that I went to some website that downloaded three different parts of a piece of malware, combined them together and installed them? Or it attempted to do so and failed? Or what? I can upload the .exe.part files if it would be at all helpful.

 

I'm uncertain if these were an attempt at installing malware that failed or if I am actually infected but the only thing it could find were these remnants of the infection.



#2 Halpe

Halpe

    New Member

  • Members
  • Pip
  • 4 posts

Posted 20 September 2013 - 02:33 AM

I tried to upload them, but it says 'You aren't permitted to upload this kind of file'. =/

 

I right clicked each of them and looked up their information.

 

Two are digitally signed by 'Shlomy Golani', the other is signed by 'Nadav Kashtan' / 'admin@cyber-mind.info'

 

I hope that helps.



#3 Psychotic

Psychotic

    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,503 posts
  • Gender:Male
  • Location:Germany

Posted 20 September 2013 - 03:04 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Let´s have a look!

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#4 Halpe

Halpe

    New Member

  • Members
  • Pip
  • 4 posts

Posted 20 September 2013 - 03:53 AM

You see anything to be alarmed about in any of these?

Attached Files



#5 Psychotic

Psychotic

    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,503 posts
  • Gender:Male
  • Location:Germany

Posted 20 September 2013 - 04:10 AM

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#6 Halpe

Halpe

    New Member

  • Members
  • Pip
  • 4 posts

Posted 20 September 2013 - 04:21 AM

Here it is, and thank you.

 

 

 

 

 

Attached Files



#7 Psychotic

Psychotic

    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,503 posts
  • Gender:Male
  • Location:Germany

Posted 20 September 2013 - 04:32 AM

These files are part of potentially unwanted programs - that means software which MAY have come unwanted, for example as payload of another software.

It isn´t malware.

 

Let´s do a final check:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 


Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Delete
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#8 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,900 posts
  • Gender:Male
  • Location:US

Posted 23 September 2013 - 11:34 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users