Should I use advanced or simple means to remove PUPs?

May 24, 2014
Pinterest Stumbleupon Whatsapp

My Malwarebytes scan tonight reported the following. Are they bad? Advice?

3 “PUP.Optional.Spigot.A” detections and
1 “PUP.Optional.MyEmoticons.A”

Long Story: I recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer. Free trial Avast comes up clean. Free Trial Malwarebytes is a bit different:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d],

Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtection, “C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.EXE” /autostart, , [062bb5a0b3c82412a25f003c31cf629e]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, , [062bb5a0b3c82412a25f003c31cf629e],
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Local\Temp\~sp8AD9.tmp, , [cd640451a0dbd26443bf2a1232ceb24e],

Physical Sectors: 0
(No malicious items detected)

(end)

I’ve quarantined all of the detections, but I haven’t removed any of them because, to be frank, I’m pretty computer stupid. I know that PUPs aren’t always necessarily dangerous, but a quick Google search has pulled up many sites stating that “Spigot” can be pretty dangerous. I know nothing about “MyEmoticons,” but I’d rather not have it on my computer if I don’t need it (to be honest, it sounds kinda spammy). I’ll admit, I’m kinda freaking out.

In terms of performance, I could say my computer is a bit slower than I remember, taking time to load web pages and such, but that may just be placebo. I’m not sure.

Should I just remove these via Malwarebytes and call it a day, or do you think this calls for a more thorough cleanse?

Ads by Google

  1. Dalsan M
    May 27, 2014 at 9:03 pm

    I would also install Anti-Toolbar to prevent some of the installations that cause PUP and browser hijacking. Also, setup the Guest account on your computer so that installations are not fully allowed. More information can be found here: http://answers.microsoft.com/en-us/windows/forum/windows_7-security/preventing-guest-users-from-installing-software/f4759d7d-299c-46ef-a417-ab9bdcb8a99f.

  2. Bruce E
    May 26, 2014 at 4:12 am

    Go to Programs and Features in Control Panel and look for entries for MyEmoticons and SearchProtection (they may also appear with spaces between the words). If you hadn't already run Malwarebytes and quarantined the files, you would most likely have seen at least one new toolbar in your preferred browser and IE (if that isn't already your default browser). If they are there, uninstall them. These are also what would be slowing page loads, etc.

    Also scan the list for any other programs your guests may have installed. In most cases, these toolbars are installed as "bonuses" with other programs.

    Next time, you should use a severely restricted guest account for other users to make it harder for this kind of crap to get installed on your machine.

  3. Hovsep A
    May 24, 2014 at 11:34 am

    yap you can use malwarebytes antimalware to remove, also scan superantispyware. Then use your registry cleaner tools.

    HitmanPro
    http://www.surfright.nl/en
    Unlimited free scanning and free 30-day version to remove detected malware
    Runs on Windows XP/2003/Vista/2008, Windows 7 and Windows 8