• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

PUA.DefaultTab

Whenever I start the Chrome browser, I get a pop-window that says "Auto-Protect is processing security risk PUA.DefaultTab."

When I look at the Security History, I see "Statistical Submission: PUA.DefaultTab (Presence)" with Recommended Action of "No Action Required". 

I ran the Norton Power Eraser tool and it did not fix whatever is causing this pop-up.

What is this and why do I keep seeing it?
How do I fix this?

A sample of the log entries for PUA.DefaultTab is below.
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:10:02 PM,Info,Statistical Submission: PUA.DefaultTab,Pending,No Action Required,2/18/2016 12:10:02 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab,"CSIDL_SYSTEM\grouppolicy\user\registry.pol  <br>Detection Digest:  <br>03 00 EA AF 19 01 01 03 00 42 C4 26 6B 5C 9B 00 .........B.&k\..  <br>EB 47 C2 FE 46 B2 81 E6 67 00 00 00 00 00 00 00 .G..F...g.......  <br>00 00 00 00 00 00 00 00 00 61 CC BC AF 04 03 00 .........a......  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 22 00 08 .............\"..  <br>01 12 04 56 6D 7A 42 1A 04 56 6D 7A 42 22 08 00 ...VmzB..VmzB\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00                                              .                 <br>"
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:08:48 PM,Info,Statistical Submission: PUA.DefaultTab,Pending,No Action Required,2/18/2016 12:08:48 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab,"CSIDL_SYSTEM\grouppolicy\user\registry.pol  <br>Detection Digest:  <br>03 00 EA AF 19 01 01 03 00 42 C4 26 6B 5C 9B 00 .........B.&k\..  <br>EB 47 C2 FE 46 B2 81 E6 67 00 00 00 00 00 00 00 .G..F...g.......  <br>00 00 00 00 00 00 00 00 00 61 CC BC AF 04 03 00 .........a......  <br>00 C8 19 03 06 00 01 02 04 00 00 00 06 22 00 08 .............\"..  <br>01 12 04 56 6D 7A 42 1A 04 56 6D 7A 42 22 08 00 ...VmzB..VmzB\"..  <br>00 00 00 00 00 00 00 2A 08 00 00 00 00 00 00 00 .......*........  <br>00                                              .                 <br>"
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),
2/18/2016 12:06:18 PM,Info,Statistical Submission: PUA.DefaultTab (Presence),Pending,No Action Required,2/18/2016 12:06:18 PM,Norton Security with Backup,Statistical Submission: PUA.DefaultTab (Presence),

Labels: Auto-Protect

Replies

Kudos0

Re: PUA.DefaultTab

Hello

Here is the write up about this PUA.

https://www.symantec.com/security_response/writeup.jsp?docid=2015-012222-0108-99

You shouldn't run the Power Eraser unless you are an expert and would know if you saw a real piece of malware and can tell the difference between a safe file.

The first thing to do is to run a full scan with your Norton product. If that doesn't find and fix the issue, then you can try the free version of Malwarebytes.

Download the free version, install and update then run a FULL scan.


You can find Malwarebytes here
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES

If that doesn't fix the issue, then it's time to visit one of the free malware removal sites.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users. The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Please stay with 1 site until they say your computer is clean.

Thanks.




 

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: PUA.DefaultTab

Malwarebytes found nine registry keys, three registry values and an empty folder. No "bad" files were found. After deleting the identified items, I ran Malwarebytes again and it found no issues. Nevertheless, the problem still exists. When I start the Chrome browser, I get a pop-up window that says "Auto-Protect is processing security risk PUA.DefaultTab.".

Is there anyway (a log?) to tell what is causing Norton Security to display this pop-up window?

_________________________________________

Malwarebytes Anti-Malware
Version: 2.2.0.1024
Malware Database: v2016.02.18.05
Rootkit Database: v2016.02.17.01
OS: Windows 8.1
CPU: x64
File System: NTFS
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 789472
Time Elapsed: 31 min, 36 sec

Registry Keys: 9
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [88a5134f0e8b7cba49d69806e61cb947], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [88a5134f0e8b7cba49d69806e61cb947], 
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [88a5134f0e8b7cba49d69806e61cb947], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3290228, , [af7eb5ad0d8cb97d7d51fad1eb1801ff], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3290228, , [2c018ad8a1f85adc7e5027a431d2ee12], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}, , [cf5e352d22774de9577998499c6709f7], 
PUP.Optional.Conduit, HKU\S-1-5-21-1196421659-1218206747-399808548-1002\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [1815da88a4f5c86ef547bc21fe050bf5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-1196421659-1218206747-399808548-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [50ddfe644554cd6999078957f40f5ba5], 
PUP.Optional.PriceGong, HKU\S-1-5-21-1196421659-1218206747-399808548-1002\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [e7461a486d2c95a196b37886bf44718f], 

Registry Values: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [f33a85dd66334bebe6f624e753b0a957]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}|AppName, JollyWallet-bg.exe, , [cf5e352d22774de9577998499c6709f7]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [fc31263cf7a26bcb34a8e5268b78b14f]

Folders: 1
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [ae7f2042d9c050e61ca9dce77c866997], 

---------------------------
 

Kudos0

Re: PUA.DefaultTab

Hello Mikey

With all of those PUPs and PUAs, I would recommend you to go to one of the free malware removal sites and have them help you to remove the malware and perhaps find the source of all of them.

I gave the link in my last post that lists the sites for you. Please stay with one site until they say your computer is clean.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: PUA.DefaultTab

Have you restarted your computer to allow Norton to finish dealing with the PUA? 

I note from the MBAM log you are using Win 8.1. If you use Windows 8/8.1 or 10, there can be an issue with the Fast Start feature.. See more information here.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: PUA.DefaultTab

Whenever I start the Chrome browser, the Auto-Protect pop-up message appears and Norton Security shows a "PUA.DefaultTab" entry in the history log as a "Statistical Submission". There is no indication that Norton Security is going to do any "clean-up" activity.

"Fast Startup" is not enabled. A Restart or Shutdown/Power On does not solve this issue.

A Norton Security "Full System Scan" finds nothing.

Kudos0

Re: PUA.DefaultTab

Hello

This is why I have asked you to visit one of the free malware removal sites.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: PUA.DefaultTab

I believe BPMikey is just mere answering the question asked by peterweb. There is no indication there he refuse to visit the malware removal forum.

Tan.

cheers!
Kudos0

Re: PUA.DefaultTab

Entries for the following two System Registry Keys and Values were in C:\WINDOWS\System32\GroupPolicy\User\Registry.pol. These caused the Norton Security PUA.DefaultTab Statistical Submission. The two CLSIDs do not exist anywhere in the System Registry. There was no executable code causing the Norton Security PUA.DefaultTab Statistical Submission. Removal of the C:\WINDOWS\System32\GroupPolicy\User\Registry.pol file resolved this issue.

Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID;{7F6AFBF1-E065-4627-A2FD-810366367D01}
Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID;{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

This thread is closed from further comment. Please visit the forum to start a new thread.