Tales of Woe – PUPs that aren’t cute and cuddly

In a previous post, I told the story of a client whose PC was slowed to a crawl because he was running 3 Anti-Virus programs simultaneously. Well, this wasn’t his only problem!

Further investigation using Task Manager revealed a number of PUPs installed on his system. These aren’t the cute, fluffy kind – quite the opposite! PUPs are Potentially Unwanted Programs, and can have a seriously detrimental effect on your computer.

Here is what I found:

PUP #1 – Malware Crusher

Malware Crusher is a questionable ‘Malware Removal Tool’, that issues at best misleading and at worst fake reports that you are infected with malware. It runs scans after installing freeware or shareware apps, then “exaggerates the results in order to make the machine look like it is in a critical state, and the immediate removal of threats is necessary. However, as soon as users want to eliminate them, they find out that they need to purchase a licensed version of the program” according to www.2-spyware.com.

It modifies the Windows registry to carry out its underhand tactics, which could lead to a system crash. Altogether, not very nice!

PUP #2 – Driver Updater

Driver Updater seems to offer a useful service – it scans your system hardware and detects whether the drivers are up to date. The trouble, according to www.bleepingcomputer.com is that “when it detects an outdated driver, it displays it as if it’s a high severity problem, when in fact using an older driver may not cause an issue at all. If you attempt to update any of your drivers, though, it will first require you to purchase a license”.

It also offers “updates from different manufacturers for your detected components”. Not helpful, and again may cause system crashes.

PUP #3 – Auto Mechanic

Auto Mechanic states it scans Windows for Malware/Pup Threats, ways to Enhance System Performance, System/User Software Related issues, and Startup/Uninstall and User Items. Again though, it exaggerates the severity of issues, and forces you to purchase a licence before fixing them. Many of issues that are detected won’t cause a performance issue on the computer.

PUP #4 – AusLogic Disk Defragmenter

AusLogic Disk Defragmenter is actually a legitimate free tool. The problem is that some time ago a version of it was loaded with a Trojan that apparently ‘phones home’ to a server in Reston, Virginia. Some sources reckon it’s a CIA server called ‘Moe’. Whether or not this is true, and the CIA are cataloguing people’s files using a defragmenting tool, it’s still worrying that a piece of legitimate software would do such a thing.

While it used to be the case that regular disk defragmentation was a necessary chore, that’s not really the case these days, and you probably don’t need a third party tool other than the built in Windows Defragmenter to do it.

The Solution

I used MalwareBytes to scan the computer and Revo Uninstaller portable to uninstall them. As I said in a previous post, MalwareBytes is very good at picking up malware that others don’t. However, this client had more than one Anti-Virus installed, one of which was MalwareBytes! The problem was, as I pointed out previously, that multiple AV programs will battle it out with each other and it may have been that MWB just wasn’t able to win the battle!

The version of Revo Uninstaller I use runs as a Portable App from a memory stick, I then used CCleaner to tidy up any stray files left behind, again as a Portable App.

The Moral of the Story

You may be wondering how all of these nasties got onto the PC in the first place. Well, you may have gathered that the client thought of himself as security conscious (3 AV programs!), but in this case it was an example of a little knowledge being a dangerous thing. I imagine the following sequence of events:

  1. The client noticed that his system was running slowly (due to 3 AV programs running at the same time).
  2. He decided that a disk defrag was in order, and ran the Windows Defragmenter.
  3. This didn’t seem to have any effect, so he did a quick Google search and found a third party application that he thought would do the job (AusLogic Disk Defrag).
  4. Still no joy, so let’s search for ‘Speed up my system’. Aha! Auto Mechanic should do the job!
  5. Drat, it’s still slow. Must be a virus, and since my other 3 Anti-Virus programs haven’t found it, let’s search for something else. Malware Crusher – that sounds like the one!

Along the way, Driver Updater was installed as part of a bundle (probably alongside Auto Mechanic). Of course, this may not have been the exact sequence, but I would bet my next fee that it’s pretty close.

My Recommendations

First, you only need ONE Anti-Virus (see previous post).

Second, you don’t need anything that speeds up your PC (seriously, you don’t – you just need a regular maintenance routine). I’d be doing myself out of work if I detailed the full routine, but I imagine if you’re intelligent enough to be reading this you can find out for yourself (hint: it involves running updates on things…)

Third, defragmenting your disk might help if your disk is more than 50% full and you’re not running anything newer than Windows 7 (you should be – see a future post about this), but you only need the Windows Tool for satisfactory results.

Fourth, be careful what you install. Type the name of that piece of software into Google followed by the word ‘review’. It’s amazing what you will discover! Always check that whatever you’re installing doesn’t bundle other junk alongside it. Choose the ‘Custom Install’ option wherever possible and read each screen of the install dialogue carefully.

There are many really good guides to malware out there. Bleeping Computer’s is quite readable. Educate yourself and stay safe!