4 Replies Latest reply on May 8, 2011 7:02 PM by spc3rd

    McAfee fails to catch PUP, despite SiteAdvisor's "green" rating on an Internet site


      Good afternoon,


      While checking out a game site on the Internet a couple of hours ago, I noticed the McAfee SiteAdvisor displayed the "green" checkmark (indicating the site was safe), and the McAfee dialog box did not indicate any problems with this site.  Yet, after logging-off the Internet and returning to my Desktop, I noticed some type of "Java" icon in my Taskbar which was not there previously.  I then ran a quick scan with Malwarebytes and lo and behold...I find it has detected the presence of a PUP.  After re-starting my computer (per Malwarebytes instructions), the "JAVA" icon disappeared from the Taskbar, and the PUP was deleted from the quarantine log.


      My concern is thisWHY did McAfee NOT detect the presence of this PUP and provide a warning about it?  I have attached a screenprint of the Malwarebytes log showing the PUP it found during the scan.  I have checked all of the McAfee logs and there is no reference to this event.


      Any feedback would be much appreciated!


      Message was edited by: spc3rd on 5/8/11 7:38:52 PM ADT
        • 1. Re: McAfee fails to catch PUP, despite SiteAdvisor's "green" rating on an Internet site

          PUP means Possibly Unwanted Program, so it really is asking you to decide do you want to keep it or not.   Whitesmoke Translator toolbar hasn't got very good reviews.  If you downloaded it on purpose you can most likely remove it in the normal manner through Control Panel/Programs.


          Or you may have inadvertently installed it as an option with something else and not noticed.


          Your decision really.


          Message was edited by: Ex_Brit on 08/05/11 9:22:42 EDT PM
          1 of 1 people found this helpful
          • 2. Re: McAfee fails to catch PUP, despite SiteAdvisor's "green" rating on an Internet site

            It's a PUP. A Potentially Unwanted Program. McAfee won't necessarily get rid of it, especially if you've done something to allow it onto your system. Their site is rated safe by SiteAdvisor, but the company's page on WOT is full of complaints about misleading advertising and unwanted side-effects of downloading their product.


            If you had Googled them or gone to their web site you would know what the company offers :

            WhiteSmoke makes English grammar correction software, translation software, and other specialized English writing tools. Free online software available.


            I doubt whether you could have acquired this PUP unless you downloaded something, either from WhiteSmoke or from somewhere else; in which case it's up to you to read carefully through all the legal stuff that usually comes up and has to be agreed to before a download can proceed. There's usually in cases like these clear indication of what you're going to get, but hidden away in the verbiage so you have to look for it.


            The forum at Bleepingcomputer has been asked about this one :

            The WhiteSmoke web site indicates it has worked in the field of English writing technologies since 2002 with a focus on products that enhance and correct grammar, spelling, and writing style. They also provide translation software and other other specialized English writing tools. These all appear to be legitimate programs. However, many users have reported they did not know how WhiteSmoke was downloaded or installed so its most likely being bundled with other software that is downloaded. The WhiteSmoke web site acknowledges they make their technology available through other channels, such as a browser-based text editor, and specialized OEM versions designed for integration with third party service providers. Malwarebytes' Anti-Malware added PUP.WhiteSmoke to its detection database in November 2010.


            Just another reason to be thankful for Malwarebytes, I suppose.


            No-one else mentions a Java icon, so I presume that this was related to whatever software you ended up with.


            Oh, and I should run a full McAfee scan anyway. Some users report they have ended up with a rootkit infection when downloading WhiteSmoke software from third-party sites :

            From our investigation and dealings with this software we are also finding many cases of it being reported with a TDSS rootkit infection after installation. So depending on where and how the software is downloaded such as a bundled package, the severity of system infection will determine how the disinfection process goes.

            1 of 1 people found this helpful
            • 3. Re: McAfee fails to catch PUP, despite SiteAdvisor's "green" rating on an Internet site

              Thanks very much for the insight, Peter!  Guess I will have to be even more diligent when on different Internet sites!

              • 4. Re: McAfee fails to catch PUP, despite SiteAdvisor's "green" rating on an Internet site

                My thanks to you as well Hayton!  I did go ahead and also run a full scan as you suggested with McAfee as well, but it did not find anything suspicious.  As I mentioned in my reply to Peter, I will just have to exercise more diligence when visiting websites (as well as reading the fine print!).