Generic PUP.z removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Deak689, Nov 16, 2008.

  1. Deak689

    Deak689 Private E-2

    First of all, thank you to all of the people associated with creating and maintaining this web resource site... I have truely found it valuable since only registering yesterday!

    Started out by seeking how to remove "Generic PUP.z" which my McAfee would attemt to remove, but could only partially remove and continued to show up in every scan while posting a directory path in the results which I could not manually locate.

    Have follow all of the steps for "Vista Cleaning Procedure"

    Also, DVD writer and cdrom device drivers have become corrupted, which may or may not be due to "Generic PUP.z?"
     

    Attached Files:

  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please attach the requested C:\ComboFix.txt log.

    You need to tell us exactly where it is being found. What file and what folder?

    Your logs are clean.
     
  3. Deak689

    Deak689 Private E-2

    Here is the filepath that McAfee is detecting the pup in:

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab


    Thank you!
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is just a temporary internet file from browsing. You can easily just delete it yourself or you can empty your browser cache.

    To flush your Internet Explorer Cache:
    • click Tools
    • Internet Options
    • Now on the General tab and click Delete Files and select Delete all Offline content too
    • Click OK.
    • When it finishes Click OK.

    Your logs are basically clean. We just have some minor details to take care of.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    After clicking Fix, exit HJT.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  5. Deak689

    Deak689 Private E-2

    System appears to be performing normal except for the continued detection of "generic pup.z" by McAfee scan at the exact same previously posted filepath.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not allow the GetLogs.bat program to run thru to completion or you allowed McAfee to get in the way of it running. Disable McAfee and do all of the below.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  7. Deak689

    Deak689 Private E-2

    System is running fine.

    Running manual scan with McAfee to see if "Generic Pup.z" is still detected.

    Will post McAfee scan results.

    TY
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your MGlogs.zip file is still not updated properly. You need to stop McAfee as it is probably getting in the way. The delete the current C:\MGlogs.zip file. Now download the current version of MGtools from here MGtools.exe Then make sure that you have UAC disabled as mentioned in the READ & RUN ME. If it is not disabled, you will have to disable it and then you must reboot. Now right click on the MGtools.exe that you just downloaded and select Run As Administrator. Make sure you let it finish running and do not let McAfee block anything from running. Then attach the new C:\MGlogs.zip file.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds