Jump to content


Photo

Question about PUP entries


  • Please log in to reply
2 replies to this topic

#1 Technophobe

Technophobe

    New Member

  • Members
  • Pip
  • 2 posts

Posted 01 November 2013 - 12:35 PM

After a quick scan, I have deleted all the items it found which involved 'files' but I'm scared to remove all the 'Registry' type items. Can you advise on this lot please? I'm a novice at this kind of thing so am very wary of zapping something in error!

Thanks.

ytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
VPCJ1 :: VPCJ1-VAIO [administrator]

28/10/2013 13:29:26
MBAM-log-2013-10-28 (13-39-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224068
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\CrossriderApp0033906.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0033906.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0033906.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0033906.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\SOFTWARE\WEBCONNECT (PUP.Optional.WebConnect.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391106} (PUP.Optional.CrossRider.M) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110311391106} (PUP.Optional.CrossRider.M) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440344394406} (PUP.Optional.CrossRider.M) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550355395506} (PUP.Optional.CrossRider.M) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311391106} (PUP.Optional.CrossRider.M) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311391106} (PUP.Optional.CrossRider.M) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391106} (PUP.Optional.CrossRider.M) -> No action taken.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 1J1S1F1T2X -> No action taken.
HKCU\Software\WebConnect|iid (PUP.Optional.WebConnect.A) -> Data: def_WebConnect -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0



#2 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 01 November 2013 - 01:09 PM

All of those entries should be okay to remove. 

Create a new System Restore Point and then have MBAM remove those entries for you.

Then reboot and check for updated in MBAM and do another Quick Scan to make sure they're all gone still.

 

How to Create a System Restore Point in Windows 7


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#3 Technophobe

Technophobe

    New Member

  • Members
  • Pip
  • 2 posts

Posted 08 November 2013 - 09:25 AM

Thanks for that. Will give it a go and report back asap.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users