Malware, can’t remove

Topic

New Reply

Malwarebytes detects malware on my computer. I have it remove them, but when I rerun they appear again. I tried to attach a picture, but can’t figure out how. They all have to do with:
“PUP.TidyNetwork”

Any ideas? Thanks.

Gunter

Reply | Quote

Replies

Try uninstalling TidyNetwork: You can easily uninstall TidyNetwork from your Windows Control Panel

Bruce

Reply | Quote

Did uninstall TidyNetwork, but result still the same. Removing thru malwarebytes has no effect, they reappear. I won’t be able to shut down until the market closes, so I’ll know more tomorrow.

Reply | Quote

You might want to go through the steps listed here:
http://malwaretips.com/blogs/tidy-network-virus/

Jerry

Reply | Quote

Tried to uninstall anything related, didn’t work. Finally deleted the folder “tidynetwork.com” from “usersnameappdatalocal”. Now malwarebytes doesn’t find anything anymore, hope that fixed it.

Reply | Quote

try doing it in safe mode

Reply | Quote

Now having the same problem with “PUP.Dialupass”. Found with malwarebytes, removed, immediately reappears. Not found in uninstall list or search in windowsexplorer.

Got a message in Chrome Browser “Warning Your Chrome Browser have Serious Secure Bugs! Please update NOW (sic)” from “malest.com” also not found in uninstall list. Did find malest.com in my Documents and setting, app data, local; it was installed today (6/30).

Reply | Quote

Got a message in Chrome Browser “Warning Your Chrome Browser have Serious Secure Bugs! Please update NOW (sic)” from “malest.com” also not found in uninstall list. Did find malest.com in my Documents and setting, app data, local; it was installed today (6/30).

I think that one is a rogue site rather than a rogue program:

Bruce

Reply | Quote

This software is not a virus or a Trojan. It is detected as a “potentially unwanted program” (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Try this web site give you information about removing PUPs

http://www.mcafee.com/us/mcafee-labs/resources/pups-configuration.aspx

Reply | Quote

It may have been installed as a result of a Trojan.

I have a number of ‘PUPs’ on my system, by choice – they are all useful and legit. troubleshooting/recovery tools, none of which, as far as I’m aware “alter the security state of the computer on which they are installed”.

VikAZ, if you post the exact file name and location, we may be able to furnish you with further details on the detection.

Reply | Quote

I have a number of ‘PUPs’ on my system, by choice – they are all useful and legit. troubleshooting/recovery tools, none of which, as far as I’m aware “alter the security state of the computer on which they are installed”.

Why are they potentially unwanted then?

PUPs “…can still negatively affect the performance of computers and involve significant security risks.”

Dialupass can also be described as “legit”, but as its purpose is to retrieve otherwise hidden passwords it can certainly be regarded as a security risk.

Bruce

Reply | Quote

Potentially: capable of being or becoming but not yet in existence; latent

A software that isn’t running (ie. latent), like the many ‘PUPs’ I have on my drives here, ‘can negatively affect a computer/involve significant security risks’ how, exactly?

@ Gunter: Malest has the feel of an attack site; it was historically a spam-sending site, more recently classed as a ‘parked domain’ but the bills were paid up on it only last week so it could be hosting a currently undetectable (read new) malware infection method; the PC really needs full diagnostics run and professionally analysed.

http://www.mywot.com/en/scorecard/malest.com
http://zulu.zscaler.com/submission/show/315e3e4efc4f12922f1558b8e46a4e7a-1372715360
https://www.virustotal.com/en/url/38dcdebe4008f0c97d84f2c55ef5d5cbe2dbdd1d43ac239b29b58dcd97501571/analysis/1372714695/
http://www.google.com/safebrowsing/diagnostic?site=malest.com

Reply | Quote

Potentially: capable of being or becoming but not yet in existence; latent

A software that isn’t running (ie. latent),

Potentially unwanted, not potentially running.

like the many ‘PUPs’ I have on my drives here, ‘can negatively affect a computer/involve significant security risks’ how, exactly?

That rather depends on exactly which programs you’re talking about, and who else gets access to your computer.

Why do you call them PUPs if there’s no risk?

It was only said that “most users will want to be aware of them” (but you chose to ignore the privacy while questioning the security).

Bruce

Reply | Quote

My Rule of Thumb about Malwarebytes findings of PUPs is, if I did not specifically download and install the PUP, then it is indeed unwanted, not just potentially. I remove those items if possible. For those I want to keep, Malwarebytes has an Ignore List. NEVER use the Ignore List if the PUP is not something you specifically downloaded and installed on your computer!

If TidyNetworks was successfully removed, and if clearing the entire Chrome Cache and History clears up the Malest message, I’d declare victory and get on with my business. Cleanup with CCleaner’s Registry and Cleaner modules would also help, I think.

You can run Windows Defender Offline from a CD, which takes you outside of Windows for the best chance of detection and removal of any rootkits or bootkits. Safe Mode running of Malwarebytes Portable from a USB stick is another outside of Windows option. But I suspect in these two instances these measures would be overkill.

-- rc primak

Reply | Quote

Part of the problem is that you seem to be relying entirely on Malwarebytes Antimalware for your malware protection, which is not sufficient. The free version of that product is intended as a supplement to standard antimalware software, not as a replacement. You need to install a standard antimalware product such as avast!, AVG, etc. and then run scans with that product. For example, avast! has a full scan and a boot scan, so the combination of using those two can detect and remove just about anything. See http://windowssecrets.com/forums/showthread//151966-Ranking-and-reviews-of-free-antivirus-antimalware-software for suggestions of free antimalware software.

Reply | Quote

Dialupass is part of NirSoft utilities package. If you have that on your computer, that is probably why Dialupass is there. There is a description of what it does here:

http://www.nirsoft.net/utils/index.html#password_utils

It’s safe, unless you (or someone else using your computer) uses it for malicious purposes. If you don’t have any use for it, delete it. It won’t be in the Uninstall Program list, since it isn’t actually installed on the computer, aside from being on the hard drive.

If you delete it, do so manually. Use Windows Search or another search program and search for Dialupass (don’t add any extensions). Delete every instance of it.

Reply | Quote

The Nirsoft utilities are also downloaed with (?and into?) Windows System Control Center (WSCC).

Zig

Reply | Quote

The Nirsoft utilities are also downloaed with (?and into?) Windows System Control Center (WSCC).

Zig

Zig,

Thanks. That’s good to know. I wasn’t aware of WSCC until now.

Jim

Reply | Quote

Jim,

It’s a useful way of having all the Nirsoft and Sysinternals utilities in one place, easily updatable, with a convenient UI.

Zig

P.S.: Since you’re new here, I’ll draw your attention to the “Thanks” button at the bottom of your above reply.

Z

Reply | Quote

I’m the only one using this PC, been busy, vacation, sick, moving. Looks like I need to get an IT guy on this.

Reply | Quote

What else are you using besides Malwarebytes. I would also use Spybot S&D, SupereAntiSpyware, TDSSKiller for root kits and run all these in safe mode.

Reply | Quote