Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

General Security General Security
Search Search
Search for:
Tech Support Guy > > >

Solved: Malwarebytes


(!)

avalonaz's Avatar
avalonaz avalonaz is offline
Computer Specs
Junior Member with 3 posts.
THREAD STARTER
 
Join Date: Dec 2011
Location: Arizona
Experience: Beginner
18-Dec-2011, 03:31 PM #1
Solved: Malwarebytes
Hi, I just ran Malwarebytes and it found one malicious software. "Pup.SmsPay.pns" from c:\Users\Alana\downloads\installer_arcsoft_photoimpression_6_5_gold_english .exe

The Malwarebytes program did nothing with this. Should I ignore, or remove?

Thank you and Merry Christmas . Alana
lunarlander's Avatar
Computer Specs
Member with 5,508 posts.
 
Join Date: Sep 2007
18-Dec-2011, 04:39 PM #2
Where did you download that installer from? Is it from P2P like torrents, eDonkey etc ?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,533 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
18-Dec-2011, 05:39 PM #3
It could be a false positive, unless it's a cracked version that was downloaded.

You could try uploading the file to either Jotti: http://virusscan.jotti.org/en or VirusTotal: http://www.virustotal.com/ and see what those say regarding it.
Snagglegaster's Avatar
Account Disabled with 1,906 posts.
 
Join Date: Sep 2006
Experience: Between Vast & Half-Vast
18-Dec-2011, 08:27 PM #4
I think I'd go ahead and remove this file. Frankly, I have no idea what a .pns file is, except for some humorous ideas, and who knows how many points those would get me? But the issue that makes me extremely suspicious is that doing a search for "pns file extension" only seems to get results to REALLY dubious web sites, rather than legitimate sites that explain system processes, file extensions etc. So I'd have to think this is probably malware inserted into legitimate program files. Worst case scenario would be that you might have to re-install one program. So, yes, I would kill it.
avalonaz's Avatar
avalonaz avalonaz is offline
Computer Specs
Junior Member with 3 posts.
THREAD STARTER
 
Join Date: Dec 2011
Location: Arizona
Experience: Beginner
19-Dec-2011, 12:10 AM #5
Thank you for all your responses. I don't know where this comes from, or when it was downloaded. I've run both http://virusscan.jotti.org/en and http://www.virustotal.com/
The results of virusscan.jotti has all negative results except for one...

ESET
2011-12-18 Win32/Toggle


And virustotal.com found all negative except for three findings...
eSafe
7.0.17.0
2011.12.18
Virus in password protected archive

McAfee
5.400.0.1158
2011.12.19
Artemis!3A9D0B2861F8

NOD32
6722
2011.12.19
Win32/Toggle

So is this a virus or just a part of a program?

It is times like these that I wish I knew much more about computer programs.

Thanks again. Alana

Last edited by avalonaz; 19-Dec-2011 at 12:11 AM.. Reason: For clarity.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,533 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
19-Dec-2011, 12:29 AM #6
I would just have MalwareBytes quarantine and then delete it.
Snagglegaster's Avatar
Account Disabled with 1,906 posts.
 
Join Date: Sep 2006
Experience: Between Vast & Half-Vast
19-Dec-2011, 12:43 AM #7
Well, let's see. What's the downside to ignoring the file if it is indeed malware? Well, there's no good malware, right? So you don't want to keep it even if you aren't sure how nasty it is. The flip side is that if the file is a false positive, and you remove it, perhaps nothing much happens. In a worst case scenario, you might have to re-install whatever Arcsoft program the file belongs to. But seriously none of the sites that came up when I searched this extension were legit sites that identify file extensions, etc. That just screams malware. So I just don't see how your choice here can be difficult. Remove it.
avalonaz's Avatar
avalonaz avalonaz is offline
Computer Specs
Junior Member with 3 posts.
THREAD STARTER
 
Join Date: Dec 2011
Location: Arizona
Experience: Beginner
19-Dec-2011, 01:06 AM #8
Thank you for such prompt help here, I have deleted and quarantined, so guess I will find out the next boot up what happens. This may be a very good thing. Merry Christmas. Alana
Snagglegaster's Avatar
Account Disabled with 1,906 posts.
 
Join Date: Sep 2006
Experience: Between Vast & Half-Vast
19-Dec-2011, 01:11 AM #9
Merry Christmas to you, and welcome to Techguy, by the way!
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,533 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
19-Dec-2011, 01:27 AM #10
Welcome and Happy Holidays
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑