Author Topic: svchost.exe process and a bunch of PUM (and other stuffs)  (Read 139732 times)

0 Members and 2 Guests are viewing this topic.

Reply #60August 19, 2015, 09:01:25 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #60 on: August 19, 2015, 09:01:25 PM »
Hi Heantrad,

Quote from: Heantrad
Oh, okay, I'm just throwing ideas without much sense, as maybe some of them are right, but however.
You are hungry for knowledge, this is clearly not a bad thing. ;)

Quote from: Heantrad
Also, AdwCleaner detected this after entering (and almost downloading something from it. thanks to safeweb Norton) Solvusoft (didn't know it was malicious until a pair of days ago) it was removed succefully, any idead of what could it be?
It was a BHO belonging to PUP SupTab.

Regards.

Reply #61August 19, 2015, 11:46:13 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #61 on: August 19, 2015, 11:46:13 PM »
Hi Heantrad,

Quote from: Heantrad
Oh, okay, I'm just throwing ideas without much sense, as maybe some of them are right, but however.
You are hungry for knowledge, this is clearly not a bad thing. ;)

Quote from: Heantrad
Also, AdwCleaner detected this after entering (and almost downloading something from it. thanks to safeweb Norton) Solvusoft (didn't know it was malicious until a pair of days ago) it was removed succefully, any idead of what could it be?
It was a BHO belonging to PUP SupTab.

Regards.
SupTab... didn't know about it. What does it do and in which folder does is normally (for precaution, to check if something is going wrong).

Reply #62August 20, 2015, 02:56:32 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #62 on: August 20, 2015, 02:56:32 AM »
Hi Heantrad,

SupTab is a browser hijacker and is usually located in the following folders :
Quote
%ProgramFiles%\SupTab
%ProgramFiles%\XTab

Regarding the logs, it should not be present anymore.

Regards.

Reply #63August 20, 2015, 02:27:15 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #63 on: August 20, 2015, 02:27:15 PM »
Hi Heantrad,

SupTab is a browser hijacker and is usually located in the following folders :
Quote
%ProgramFiles%\SupTab
%ProgramFiles%\XTab

Regarding the logs, it should not be present anymore.

Regards.
Just checked, there isn't any folder named like that on my program files, thanks.

Reply #64August 20, 2015, 04:46:34 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #64 on: August 20, 2015, 04:46:34 PM »
Hi Heantrad,

You are welcome.
Regards.

Reply #65August 21, 2015, 02:05:03 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #65 on: August 21, 2015, 02:05:03 PM »
Hi Heantrad,

You are welcome.
Regards.
Forgot to ask, what browsers does it hijack?

Reply #66August 21, 2015, 03:28:12 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #66 on: August 21, 2015, 03:28:12 PM »
Internet Explorer.

Reply #67August 21, 2015, 05:39:19 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #67 on: August 21, 2015, 05:39:19 PM »
Internet Explorer.
Well, I use Chrome, so I think it would do anything is there was rests of it on my PC.
Anyways, by the name I supect is one of those sidebars that adds into your browser, but my Internet Explorer doesn't have any of those, so it's probably fine.
Also, what is all that about unistalling Flash, is has that many security fails?.
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.
« Last Edit: August 24, 2015, 10:58:41 PM by Heantrad »

Reply #68August 24, 2015, 05:34:55 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #68 on: August 24, 2015, 05:34:55 PM »
Hi Heantrad,

Quote from: Heantrad
Also, what is all that about unistalling Flash, is has that many security fails?.
You could uninstall it, but many sites won't work properly. I rather suggest you to keep it updated.

Quote from: Heantrad
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
Windows.old folder contain all the files you could safely delete. I advise you not to remove any "old" folders since the OS may still use them.

Quote from: Heantrad
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.
It seems safe.

Regards.

Reply #69August 24, 2015, 06:18:35 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #69 on: August 24, 2015, 06:18:35 PM »
Hi Heantrad,

Quote from: Heantrad
Also, what is all that about unistalling Flash, is has that many security fails?.
You could uninstall it, but many sites won't work properly. I rather suggest you to keep it updated.

Quote from: Heantrad
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
Windows.old folder contain all the files you could safely delete. I advise you not to remove any "old" folders since the OS may still use them.

Quote from: Heantrad
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.
It seems safe.

Regards.
I'm sure they don't use the folder, as it didn't get updated until I tried to delete it, then it deleted some files but some other are impossible to delete for some reason.
Also, I want to delete it because it occupies like 60 GB and I know that I had virus before changing the OS (I used to piracy a lot back then, now I don't because it always ends with me getting infected and now I can buy stuff without problems also).

Reply #70August 24, 2015, 06:45:46 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #70 on: August 24, 2015, 06:45:46 PM »
Hi Heantrad,

If you really want to delete the folder, you need to take ownership before to be able to delete it.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
takeown /f C:\Archivos de programa /r /d y && icacls C:\Archivos de programa /t /q /grant PAQUITO:FNow, you should be able to delete the folder.

Regards.

Reply #71August 24, 2015, 07:02:32 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #71 on: August 24, 2015, 07:02:32 PM »
Hi Heantrad,

If you really want to delete the folder, you need to take ownership before to be able to delete it.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
takeown /f C:\Archivos de programa /r /d y && icacls C:\Archivos de programa /t /q /grant PAQUITO:FNow, you should be able to delete the folder.

Regards.
The folder was created when I installed Windows 7, my previous OS was XP (I changed for all the end of support thing), I think none of the programs I have updated or used the folder, as it didn't update until I tried to delete it for the first time (and until SAS! detected a pair of viruses...).
Also, what does the code do?, I know, it's for giving me rights to delete the folder, but I mean what does the code do (each part).
« Last Edit: August 24, 2015, 07:26:48 PM by Heantrad »

Reply #72August 24, 2015, 07:45:25 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #72 on: August 24, 2015, 07:45:25 PM »
Hi Heantrad,

The first part of the script takes ownership of the directory, the second part gives full right to your account over the directory.
For a full explanation, please check takeown and icacls documentation pages at TechNet.

Regards.

Reply #73August 24, 2015, 08:04:02 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #73 on: August 24, 2015, 08:04:02 PM »
Hi Heantrad,

The first part of the script takes ownership of the directory, the second part gives full right to your account over the directory.
For a full explanation, please check takeown and icacls documentation pages at TechNet.

Regards.
So the first part selects the directory to execute the action of giving full right to my account on that folder, right?

Reply #74August 24, 2015, 08:14:34 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #74 on: August 24, 2015, 08:14:34 PM »
Quote
Takeown
Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.
Quote
Icacls
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.