locked
Why is every scan I do with malwarebytes showing a PUP from MS that I never agreed to have installed. RRS feed

  • Question

  • For instance, I use Startpage and the actual site is https://www.startpage.con/eng yet, when I enter this into my homepage and search engine, it suddenly changes to "do search" and now, speed bit and after running this by the owners of startpage they tell me this is not their doing.  It w/b considered malware or spyware.  I do realize MS knows this is a private search engine which protects the identity of the user but why should you all care about our losing that protection and infiltrate the program to deceptively change it?  Also, I have a private firewall which gets attacked and changed all of the time adding processes I see as very suspicious so I block or delete them (which should be the end of them) yet MS being the only possible entity capable of getting in and past these safeguards, choses to reintroduce them to my system, with no explanation in properties, no access without changing ownership and sometimes no image name or version indicated next to the application which makes me even more suspicious.  I would appreciate knowing what it is doing and why and who put there.  These are reasonable questions for the owner of the computer and windows operating system that was a considerable investment made by THEM (not YOU) with the understanding that their privacy was important to you and would be a priority.  Now, I have literally blocked IE and speedbit(?),sba.exe,sbi2.exe among others and am using firefox yet they seem to return daily in my processes anyway and with every cleaning I get quite a few temp internet files and cookies etc deleted from IE acct (which shouldnt even be running) AND, as mentioned above, with EVERY malwarebytes scan, I get a PUP or spyware which comes directly from a MS program or update....So, tell me, TRUTHFULLY and without all the BS,  WTF is up?
    Tuesday, November 18, 2014 4:50 PM

Answers

All replies

  • Hi,

    it looks like you have a type-o in the url.

    https://www.startpage.con/eng

    yes .... the internet is a con

    http://centralops.net/co/DomainDossier.aspx?addr_lkup=1&dom_whois=1&net_whois=1&dom_dns=1&traceroute=1&svc_scan=1&addr=startpage.com

    http://www.siteadvisor.com/sites/startpage.com

    go

    Tools>Manage Addons>Search Providers to remove their search provider or make another your default.

    go

    Start>Control Panel>Programs and Features to uninstall any unwanted/need addons that you may have been infected with.

    Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions. If you are a consumer looking for answers or to raise a question, it's highly recommended you head on over to http://answers.microsoft.com/en-us


    Rob^_^


    Wednesday, November 19, 2014 6:31 AM
  • Is it the same computer as in this other recent thread of yours?

    What "PUP...from a MS program or update?"

    When & why was MBAM installed?


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft


    Wednesday, November 19, 2014 8:14 PM
  • thank you for your reply.  regarding your first answer, I too noticed the type o when reading back my question.  I can assure you, it's not a pasted url so this was just a boo boo... I have done all that you suggested yet my system seems to be controlled by someone else.  Almost all of my permissions have booted me although I am an administrator I get denied access.  I have changed the search engines and watched when they change themselves back to the bogus one...for instance....I'll type in https://www.startpage.com/eng then after entering it will change to ...startpage.com/dosearch and I have contacted Startpage to see why and they insist it is malware so that's when I ran Mbam and got  PUP's all with the path to MS/IE... (I'm sorry I just and looked everywhere for the quarantined file and I believe it's removed after so many days).  I'm not lying though.  Every time I find anything that is causing a disturbance in my computer, it's MS related.  I wish I wasn't so paranoid but, yes, regarding my other post...this trusted installer guy just sort of implanted himself in most of my programs properties and has taken over control of the programs.  In some cases I cannot even move a program or delete something or even access/open it.  All my privileges are gone.

    Ok, I won't get any further into this.  It's clear I'm in the wrong section and probably sounding like an idiot.  I just wish I understood these things much better so I would just trust and let my computer do it's thing.  I just am too suspicious and now that I am on wifi, I feel like there is always someone messing with my machine...I turn off the wifi and block all incoming when I leave it for 5 minutes.  It's probably just me.  Sorry to have troubled you.  I'll fiigure it out someday.  Thanks for your time.

    Thursday, November 20, 2014 7:58 AM
  • startpage.com is legit but your ongoing infection is taking you elsewhere.

    AdwCleaner
    http://www.bleepingcomputer.com/download/adwcleaner/

    Junkware Removal Tool
    http://www.bleepingcomputer.com/download/junkware-removal-tool/

    MBAM Free (not MBAM Premium free-trial!)
    https://www.malwarebytes.org/free/

    HitmanPro (free trial)
    http://www.surfright.nl/en/hitmanpro

    My computer's infected! What do I do now?
    http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
     
    https://forums.malwarebytes.org/?showtopic=9573

    http://technet.microsoft.com/en-us/library/cc700813.aspx


    ~Robear Dyer (PA Bear) MS MVP-Windows Client since 2002 Disclaimer: MS MVPs neither represent nor work for Microsoft

    • Marked as answer by Yolanda Zhu Tuesday, November 25, 2014 10:21 AM
    Thursday, November 20, 2014 5:14 PM