cancel
Showing results for 
Search instead for 
Did you mean: 
astor
Level 7

Generic PUP.v & SafeBoot removal

Just saw the following entry in the Quarantined Potentially Unwanted Programs section.  Should I be concerned?

Generic PUP.v

Location:

C:\Users\Administration\AppData\Local\Temp\is357113909\64979978_stp\setup.exe

Registry Key

SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell,

SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell, Software\Microsoft\Internet Explorer\Main\Start Page, Software\Microsoft\Internet Explorer\Main\Start Page

I checked the registry and the value is just set to SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell

0 Kudos
12 Replies
catdaddy
Level 20

Re: Generic PUP.v & SafeBoot removal

If McAfee detected it and Quarantined it. I would open McAfee UI and go to Navigation, then quarantined and trusted items,Quarantined Potentially Unwanted Programs, select and delete/restart.

Herdprotect shows detections as well   Malware scan of rpdn9ric.x64.dll 8e518927746cd24c92dfacd4ea709e7154f43d56 - herdProtect

Then I would Run McAfee Getsusp, followed by Malwarebytes (Free) Version only .

The tools can be found here

Please post back your results...

All the very Best,

Regards,

Cliff

McAfee Moderator

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: Generic PUP.v & SafeBoot removal

I might add that this may be more appropriate being moved to Malware Discussion or Security Awareness to get more attention.

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: Generic PUP.v & SafeBoot removal

Before I move this @astor could you clarify which McAfee product you are using please?   Your header mentions SafeBoot and that's an Enterprise product, but maybe you mean something else by that.

Peter

Moderator

0 Kudos
catdaddy
Level 20

Re: Generic PUP.v & SafeBoot removal

Thanks Ex_Brit you could indeed be correct. Sorry ,my oversight.

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: Generic PUP.v & SafeBoot removal

Not really an oversight as it's a common expression.  I see that PUP was in temp files, just clear out the temps and it should be gone, I wouldn't worry too much about a PUP anyway - Possibly Unwanted Program - the choice really is yours whether to keep it or not.

0 Kudos
catdaddy
Level 20

Re: Generic PUP.v & SafeBoot removal

True....Personally I would rather Opt to remove it to prevent build-up of PUPS in my Quarantined folders. Having said that..I never seem to get any.

Cliff
McAfee Volunteer
0 Kudos
astor
Level 7

Re: Generic PUP.v & SafeBoot removal

To answer your question I'm using McAfee Security Center 12.8.

Not sure it's just coincidence but on the same day I noticed when I double click on a .bat file, instead of executing it, Notepad opens it in edit mode.  I fixed it by deleting the appropriate registry key after doing some research on the internet.

0 Kudos
exbrit
Level 21

Re: Generic PUP.v & SafeBoot removal


astor wrote:



To answer your question I'm using McAfee Security Center 12.8.



Not sure it's just coincidence but on the same day I noticed when I double click on a .bat file, instead of executing it, Notepad opens it in edit mode.  I fixed it by deleting the appropriate registry key after doing some research on the internet.


Thanks.  Have moved it to Malware Discussions > Home User Assistance as a more appropriate spot.    You can restore file associations easily enough, see: 

astor
Level 7

Re: Generic PUP.v & SafeBoot removal

Thanks for the link to fix file associations - I'll save the link as it might be useful if I have the same or similar problem in the future.

0 Kudos