1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New How to you block PUP malware?

Discussion in 'Virus & Other Malware Removal' started by 4dsmom, Jul 31, 2019.

Advertisement
  1. 4dsmom

    4dsmom Thread Starter

    Joined:
    Dec 5, 2000
    Messages:
    632
    How to you block PUP malware? Malwarebytes comes up wit this report, (see attached file), I delete them and next day they are back.
    Thanks for any suggestions.
    dsmom

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 6069 Mb
    Graphics Card: Intel(R) HD Graphics 4400, 1024 Mb
    Hard Drives: C: 931 GB (872 GB Free);
    Motherboard: HP, 2B2C
    Antivirus: Microsoft Security Essentials, Enabled and Updated
     

    Attached Files:

  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,648
    First Name:
    Frank
    Are you quarantining those 25 threats and then restarting your computer?

    If you're using Malwarebytes Anti-Malware 3.8.3.2965(most current version) correctly, they shouldn't return.

    --------------------------------------------------------------
     
  3. 4dsmom

    4dsmom Thread Starter

    Joined:
    Dec 5, 2000
    Messages:
    632
    I am using the trial premium version 3.8.3. I have quarantining and deleting and restarting. They show up each day after the scan,
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,578
    They are browser extensions in Chrome. If you continue to use the application the extension is connected with it will continue to reappear and be detected. Check your browser extensions and see what might be linked to those detections. A PUP will be anything that can make changes to your system or is supported by adware and it's not always malware. If it's something you want to keep then you can add it to exclusions in MalwareBytes or turn off PUP detections.

    https://blog.malwarebytes.com/detections/pup-optional/
     
  5. 4dsmom

    4dsmom Thread Starter

    Joined:
    Dec 5, 2000
    Messages:
    632
    OK Thank you very much
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,578
    I just realized you're not running genuine Windows. :(
     
  7. 4dsmom

    4dsmom Thread Starter

    Joined:
    Dec 5, 2000
    Messages:
    632
    I am running Windows 7. I had Windows 10 replaced with 7 and it is a licensed copy.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,578
    Looking back it turns out it was the Office program you were using that wasn't genuine. For some reason the operating system was flagged. I've removed that notation but would like to verify that the Windows 7 installation is genuine so please do the following.

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  9. 4dsmom

    4dsmom Thread Starter

    Joined:
    Dec 5, 2000
    Messages:
    632
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-*****-*****-XGP7R
    Windows Product Key Hash: BlQK8Sl2fBboUFAigqlbaHD3cVs=
    Windows Product ID: 55041-152-9583296-86441
    Windows Product ID Type: 6
    Windows License Type: Volume MAK
    Windows OS version: 6.1.7601.2.00010100.1.0.048
    ID: {6C468E70-E251-421C-A591-38C5450DDE93}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Professional
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_ldr.190612-0600
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{6C468E70-E251-421C-A591-38C5450DDE93}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-152-9583296-86441</PID><PIDType>6</PIDType><SID>S-1-5-21-1920213799-2242712140-2258195311</SID><SYSTEM><Manufacturer>HP</Manufacturer><Model>550-153w</Model></SYSTEM><BIOS><Manufacturer>AMI</Manufacturer><Version>A0.09</Version><SMBIOSVersion major="2" minor="8"/><Date>20160113000000.000000+000</Date></BIOS><HWID>F50B3F07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, Professional edition
    Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
    Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 55041-00172-152-958329-03-1033-7601.0000-3132018
    Installation ID: 018955839115295362257315455946388375468532519126042955
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: XGP7R
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 8/1/2019 7:51:35 PM
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 5:27:2019 10:53
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:
    HWID Data-->
    HWID Hash Current: MgAAAAEAAgABAAEAAAACAAAAAwABAAEAonbQN1KaplIUibw7vnQmkHo5ZmBi4dqLyPY=
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HPQOEM SLIC-CPC
    FACP HPQOEM SLIC-CPC
    DBGP HPQOEM SLIC-CPC
    HPET HPQOEM SLIC-CPC
    MCFG HPQOEM SLIC-CPC
    FPDT HPQOEM SLIC-CPC
    FIDT HPQOEM SLIC-CPC
    MSDM HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,578
    Thank you for posting that but unfortunately it only confirms that the operating system is not running on a valid license. A Volum MAK license is only for use by orgnizations and not for end-users.
     
  11. 4dsmom

    4dsmom Thread Starter

    Joined:
    Dec 5, 2000
    Messages:
    632
    I was not aware of that. I purchased the Windows 7 software on Amazon, I was sent a link to download from and told it legitimate by the tech that installed it for me. If it isn't licensed, why am I able to receive and download Microsoft updates ect?
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,578
    I didn't say it wasn't genuine or licensed. It may be genuine but it's not valid for personal use. It's for deployment by corporations on multiple machines up to a certain maximum. End users (personal use) cannot use a volume license. That doesn't mean it doesn't work but it's still a violation of the licensing agreement which we don't support.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1230813

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice