Sunday, September 8, 2013

WHAT ARE "PUP" AND "PUM" FILES?

email
I SEE A TON OF THESE ON VIRUS SCANS




Are these good, bad, or ugly? Let's look at PUP first. PUP can stand for "Potentially Unwanted Program" or, in the realm of the Sony "Playstation" it would be "Playstation Update Package".

I think we can discount the Playstation description when doing virus scans on a computer, but if these pop up on your virus scan it can be difficult to determine what their purpose is. On a PC, a "PUP" can be a Virus, Spyware, or Adware program. Because Anti-Virus programs can't determine whether it's good, bad, or ugly I usually select "CHECK ALL" to remove them.

PUM

PUM's are typically more dangerous, the letters standing for "Potentially Unwanted Modification" and usually are used for re-directing your browser to another website that may not look at all like where you wanted to go, or, looks just like the website and when you put in your login name and password the bad guys have it. 

This is usually done via "Proxy" which can be accomplished through several methods:
  • In Internet Explorer there is a proxy section [under Internet options] which can be activated and a specific IP address put in the proper place so you go there first.
  • In the HOSTS file the hacker can put various website names like Amazon, Chase, Walmart, Target, etc. and each website points to the same IP address, directing you to their fake server.
  • The registry can be hacked as well, and found in this location:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
In any case if you're scanning your PC with Malwarebytes and when it ends you see 203 viruses found, don't have a heart attack - they will most likely be PUP's and PUM's. There may be one that has been "check marked" because Malwarebytes could determine it was bad, and leave all the other unchecked, but my advice is to right-click on a check-box and select "Check all", then let the program delete them.

In the case of Malwarebytes it will have you do a restart right away. I would select NO, then go to My Computer, right-click on it and select properties, disable the restore points (which may now be infected) and THEN restart your computer. Once it's up and running go back and turn the restore points back on, go back to Malwarebytes, run another update, then select a FULL scan [ed.- just to be sure].

'Nuff Said,
Brian

No comments:

Post a Comment