• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Ever since the update to 22.5.2.15 I keep getting these on my Win 8.1 and XP systems. I never had them before and wonder why we are getting these now and should we just ignore them? Not sure what they are.

If it ain't broke, fix it 'til it is!

Replies

Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello MPSAN

You can send the files to www.virustotal.com and see what they say. You can also submit them to Norton as false positives and see what they say. We will start with that.

To report a false positive, please use this link

https://submit.symantec.com/false_positive/

Please come back and see let us know how you made out. Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

hi MPSAN

I have found the following information from Norton on the PUA's you mention you may like to have a look at the articles in the following links:

http://www.symantec.com/security_response/writeup.jsp?docid=2014-071713-4906-99

http://www.symantec.com/security_response/writeup.jsp?docid=2014-121213-2207-99

Michael

Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Well, I removed the downloader one from my system and will have to get the GEN3 one from my wife's system to see what that one says.

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

This is what I keep getting poped up. I can not check it because it is already off my drive D! It says that firefox has it too. Not sure what NS is doing and no, it is not quarantined.

Filename: cdbxp_setup_4.5.5.5666.exe
Threat name: PUA.DownloaderFull Path: d:\win8-1-downloads\cdbxp_setup_4.5.5.5666.exe

____________________________

____________________________


On computers as of
6/10/2015 at 10:54:09 AM

Last Used
7/24/2015 at 9:57:52 AM

Startup Item
No

Launched
No

Threat type: Security Risk. Programs that pose a security or privacy risk and are not already classified as malicious.


____________________________


cdbxp_setup_4.5.5.5666.exe Threat name: PUA.Downloader
Locate


Many Users
Thousands of users in the Norton Community have used this file.

Mature
This file was released 1 month ago.

Low
This file risk is low.


____________________________


Source: External Media

Source File:
firefox.exe

File Created:
cdbxp_setup_4.5.5.5666.exe

____________________________

File Actions

Infected file: d:\win8-1-downloads\ cdbxp_setup_4.5.5.5666.exe No fix attempted
____________________________


File Thumbprint - SHA:
cf7111b02791994db7f33e59f22db47e0e5ac7f885173e9144b41b5fb034834a
File Thumbprint - MD5:
Not available

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

I would submit them to Norton to see if they are false positives. I would also stop off at one of the free malware removal sites and get the computers checked out. Sometimes PUA and PUP's can show up as a result of some other  malware. It won't hurt to get them checked out.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users. The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Please come back and let us know how you made out. Thanks.




 

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Well, what I do not understand is why NS keeps warning me after I removed that file on my own. Why can't I make NS stop this even after I removed the file and cleared my Recycle Bin?

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

Do you have a back up connected? Stop off at one of the removal sites and let them tell you if your computer is clean or not..

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Not sure what you mean? I have an SSD for my main OS and have a HDD (drive D) where I had the download and my Marcium backups are stored. However, my backups are only of the C: drive, so they do not contain the file that NS says is on my D: drive. As I said it is NOT on my D rrive any longer.

 I did run MalwareBytes and it was clean. Does NPE still work?

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

In my post above I gave a link which lists about 5 free malware removal sites. I don't like to recommend NPE since it can come up with files that it says are infected. It is considered as an advanced tool. It should only be used under the supervision of a malware removal expert in my opinion. Sometimes malware can use the name of a windows file. If you delete that file, you could end up with a computer that can't be booted up. Having a restore point won't do you any good if you can't boot up your computer. Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

OK...I use Macrium to do a full Image, and have the recovery DVD so I am not too afraid of trying stuff. I saw some of the removal sites, but I thought that QUADS was a forum. Also, why does NS keep saying I have this file when I did remove it myself?

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Do you have 'Unresolved risks' in your history? Then first let Norton do it's job to solve. That might be cause of your popups.

As far as CDXPburner is concerned. If you look at the site in Google, you will see and orange warning, saying the site has a Secuirty Threat. So do not go there, untill it's solved!

If you later want to download CDXPBurner, you can download it from their site without the PUA, by using the 'Other download' link. Then select the version without OpenCandy (which is the PUA).

Regards, Hugo

W10 1809 and 1903 / W10 Insider / IE11 and FF 67, TB 60.7, NS 22.17, (Android 7 with NMS)
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

MPSAN:

OK...I use Macrium to do a full Image, and have the recovery DVD so I am not too afraid of trying stuff. I saw some of the removal sites, but I thought that QUADS was a forum. Also, why does NS keep saying I have this file when I did remove it myself?

Quads is not a forum, but a person.  Sadly, he is no longer with us as he has passed on, but he did create a malware removal forum that is still in business.

http://qmalwareremoval.freeforums.net/

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Thank you all for the replies.

I will see if there are unresolved issues. Yes, I did not tell NS to do anything, but was not sure what it would do if I told it to remove a file that was already gone. I did the update from cdbxp software so just wonder how I can see if I do Have Open Candy?

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Quick Question.

If I do choose to try NPE, will it give me a chance to not remove thing(s) it may find or will it do it automatically?

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

The way to see if you have Open Candy is to sign up at one of the Removal sites I gave you in that link. They will work with you and tell you exactly what to do. If you don't understand something, just tell them that and they will explain it. You will be working 1 on 1 with a malware removal expert who has been trained to do this. It is perfectly safe. You don't install the programs, you will just run them and you will be helped along the way. After the scan is done, you report to the person the scan results.

I have never used NPE but I think it may give you the choice. Remember it is an advanced tool that should be only used by an expert at removing malware. Since you are asking this about that program, then you are not an expert. I consider the use of this tool to be attempting a self fix which is frowned upon by the removal sites.  Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

MPSAN:  If I do choose to try NPE, will it give me a chance to not remove thing(s) it may find or will it do it automatically?

https://support.norton.com/sp/en/us/home/current/solutions/v69675421

Note: review Settings and Help on the Scan for Risks window and review caution note....  Note: removing malware is not the same as repairing changes made by malware

Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Thank You both.

I just wondered if NPE would scan and see if it came up with anything. Yes, I can go to the site(s) and see what they say. I believe I have PUA.DOWNLOADER that was in a version of cdburnerxp.

I can try to find the "best" site.

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

floplot

I can try Quals site and see what happens. I guess I need to add 1 more site login to my list.  :-)

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

Although I don't use ID Safe, I believe when you go to the site the first time, you will be asked if you want to add it to your list.

When you go to Quads site, just follow directions, ask what you don't understand, report any scans which won't run, and post any scans in the order they were given. They will give you the rules to follow. I haven't looked at the site since Quads has passed away, so I'm not sure if anything has changed since then. Just stick with them until they say your computer is clean. Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

Although I don't use ID Safe, I believe when you go to the site the first time, you will be asked if you want to add it to your list.

When you go to Quads site, just follow directions, ask what you don't understand, report any scans which won't run, and post any scans in the order they were given. They will give you the rules to follow. I haven't looked at the site since Quads has passed away, so I'm not sure if anything has changed since then. Just stick with them until they say your computer is clean. Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS 22.5.2.15 IE 11

OK, and I will let you know how it goes! I do use IDSafe, but meant that I had to come up with yet another username/password!  :-)

If it ain't broke, fix it 'til it is!
Kudos0

Re: Keep getting PUA.GEN3 and PUA.Downloader messages since update.

Hello

You can use the same username, just a different password. There is a Password Generator under Identity in NS/NSBU.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.