Results 1 to 5 of 5
  1. #1
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts

    Anyone heard of PUP.BundleInstaller.exe?

    I just ran a full scan with MBAM and it came up with 2 registry entries and 4 files relating to PUP.BundleInstaller.exe.
    I deleted and re-booted. Ran the scan again and there was:-

    C:\System Volume Information\_restore{9EC88F30-6429-4F23-82BC-665D81C9AF86}\RP372\A0104386.exe

    again. Deleted again, but it came back...again. I cannot access C:\System Volume Information, access denied. The curious thing is that this machine isn't used for surfing, it's only used to back-up laptops (neither of which are infected), and Windows updates of course. It also has Avast AV (up to date) and Windows firewall.

    I searched for this malware on WindowsSeven forum and found RogueKiller. Downloaded and ran that software. It didn't find the PUP cr*pware. After further searching I found another program, "SuperAntiSpyware," but do not know anything about it. Has anyone tried it? Or any other suggestions?

    David
    Last edited by Rhinoceros; 2012-05-26 at 18:22. Reason: typo

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    SuperAntispyware is good, So isn't Malwarebytes Antimalware and Spybot Search and Destroy.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    How to Remove PUP.BundleInstaller Virus

    PUP.BundleInstaller is a malicious spyware. Once infected, it will activate corrupt system processes and hide itself from firewall and anti-virus programs and steal your privacy. Also, it can lead to computer crashes, system freezes and data loss.

  4. #4
    4 Star Lounger
    Join Date
    Jun 2011
    Location
    Hampshire (the old one)
    Posts
    525
    Thanks
    21
    Thanked 72 Times in 62 Posts
    I too had this file - it turned out to be the file which downloaded my fax program installer from the website where I bought it. As I have the installer and registration code backed up (the company aren't trading any more) I just deleted it.

    Not saying it's the same in your case, though...

  5. #5
    4 Star Lounger
    Join Date
    May 2012
    Posts
    404
    Thanks
    0
    Thanked 49 Times in 39 Posts
    Quote Originally Posted by Rhinoceros View Post
    I just ran a full scan with MBAM and it came up with 2 registry entries and 4 files relating to PUP.BundleInstaller.exe.
    I deleted and re-booted. Ran the scan again and there was:-

    C:\System Volume Information\_restore{9EC88F30-6429-4F23-82BC-665D81C9AF86}\RP372\A0104386.exe

    again. Deleted again, but it came back...again. I cannot access C:\System Volume Information, access denied. The curious thing is that this machine isn't used for surfing, it's only used to back-up laptops (neither of which are infected), and Windows updates of course. It also has Avast AV (up to date) and Windows firewall.

    I searched for this malware on WindowsSeven forum and found RogueKiller. Downloaded and ran that software. It didn't find the PUP cr*pware. After further searching I found another program, "SuperAntiSpyware," but do not know anything about it. Has anyone tried it? Or any other suggestions?

    David
    A friend of mine had it on her system last night and she kept getting disconnected from WLM while we were chatting. Running Malwarebytes quarantined and deleted the file. Here's the relevant part of the log file.

    • Files Detected: 1
      C:\Users\Lola\Pictures\mal\Originals\4Sync_1.0.4.e xe (PUP.BundleInstaller.4S) -> Quarantined and deleted successfully


    You need to delete all your System Restore points because if you were to run it for any reason at some time in the future, you would reinstate the virus. That's because SR makes backups of all executables as well as system files. The virus will be one of them.

    You don't say what your operating system is, so follow instructions here: How to delete System Restore points

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •