I had Norton 360 for a few years on my XP desktop, Win7 laptop, and Win7 desktop; and had never used 360's backup features. So I bought NIS and yesterday -- on each of the 3 machines, I installed NIS, downloaded the latest version, and ran a full scan.
The very first time I opened Chrome on the XP desktop after the NIS install, I opened my local TV station's website. Before I'd done anything else, a Norton pop-up came up telling me that the SweetPacks extension is safe! I never asked for SweetPacks, and it is a known PUP.
So I ran rKill and AdwCleaner. Then I restarted my desktop, meaning to run Malwarebytes. But first, I tried opening Chrome to google.com; and immediately I got two Norton popups in a row: SweetPacks is safe, the Conduits New Tab plugin is safe. Now I have two PUPs!
What is going on? Is there a problem with Norton, or may some of my Norton settings be bad?
I now am afraid to get online on my other two machines.
BTW, I cannot figure out how to see my Norton history in this version, and what should my "Sonar" settings be (whatever those are!)?
Please help!
BTW, here's the Conduit's location: C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.20_0\Search\plugins\npConduitNewTabPlugin.dll
I had Norton 360 for a few years on my XP desktop, Win7 laptop, and Win7 desktop; and had never used 360's backup features. So I bought NIS and yesterday -- on each of the 3 machines, I installed NIS, downloaded the latest version, and ran a full scan.
The very first time I opened Chrome on the XP desktop after the NIS install, I opened my local TV station's website. Before I'd done anything else, a Norton pop-up came up telling me that the SweetPacks extension is safe! I never asked for SweetPacks, and it is a known PUP.
So I ran rKill and AdwCleaner. Then I restarted my desktop, meaning to run Malwarebytes. But first, I tried opening Chrome to google.com; and immediately I got two Norton popups in a row: SweetPacks is safe, the Conduits New Tab plugin is safe. Now I have two PUPs!
What is going on? Is there a problem with Norton, or may some of my Norton settings be bad?
I now am afraid to get online on my other two machines.
BTW, I cannot figure out how to see my Norton history in this version, and what should my "Sonar" settings be (whatever those are!)?
Please help!
BTW, here's the Conduit's location: C:\Documents and Settings\username\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.3.20_0\Search\plugins\npConduitNewTabPlugin.dll
Thanks, glad to hear that. BTW, I found the history via the taskbar icon.
1) Using IE, I had downloaded an update to Paint.net, which Norton gave a green (okay) pop-up, so I installed the update. A couple of hours later, after I'd removed the above-mentioned PUPs, I got a red Norton notification that the Paint.net update was unsafe and was being quarantined. I uninstalled Paint.net (for now). Why did this take two hours for Norton to figure out? In that
window, the PUPs (which I'm assuming had come from the Paint.net update) sneaked through.
2) How do I protect against PUPs in the future, please? Can I use my Norton product, or is there another you would recommend which won't conflict with Norton?
3) Sonar was off by default. Should I turn it on, and if so, what should the settings be?
I would turn ON the Sonar feature. It would not have helped with the PUPs, but it does give maximum protection from your Norton Product.
PUPs are usually downloaded alongside a legitimate download. Often there is a check box on the download page that the user does not notice, and the 'extras' get downloaded and instaled. It could be something that came with your Paint.net. Although a PITA, they are not harmful to the user's system.
Malwarebytes free version is a recommended secondary scanner that is compatible with Norton, and it should find most PUPs. Many of us run a full system scan as often as we feel necessary, maybe once a week or two.
I ran AdwCleaner and Malwarebytes, and they cleaned up the PUPs, but SweetPacks came back on the next system restart. Do you have any experience with the AdwCleaner function named Hosts Anti-Pup/Adware? Might it prevent the installation of PUPs in the first place?
Peerhaps try following the procedure in this article which puts together the two stages of removal and stopping it coming back and specifically references Chrome
Stopping it coming back seems to be a matter of disabling it in the Add-Ons listing of your Browser.
Note that I'm not a malware expert and I know nothing about Step 5 Hitman Pro except for seeing the name from time to time so see if anyone has any comments. Nor do I know that specific help site's reputation.
A good way to stop PUPS being installed in the first place, is when downloading software, always download from the developer's site not a third party one, when possible. Secondly, try using the advanced Custom option rather than the standard installation, as you'll often find things like the Conduit Toolbars included. Using the Custom option, allows you to untick the addons you don't want.
I ran AdwCleaner and Malwarebytes, and they cleaned up the PUPs, but SweetPacks came back on the next system restart. Do you have any experience with the AdwCleaner function named Hosts Anti-Pup/Adware? Might it prevent the installation of PUPs in the first place?
Thank you for your help.
Look for Conduit in the Windows Control Panel Programs list. If there, uninstall it.
Thanks, all. I used Add/Remove Programs, adwCleaner, and Malwarebytes; but they still kept coming back.
Then I disabled the SweetPacks extension and used IoBit Uninstall to get rid of SweetPacks (again!) and Conduit. Then I reran adwCleaner and Malwarebytes and restarted computer multiple times, opening Chrome each time. Now all looks good.
Thanks again to Bombastus, peterweb, huwyngr, and F4E. It's great that so many in this community pitched in to help paranoid me.
paranoid1, if you think your problem has been solved, would you mark the post you think heped the most, and Click on Accept as Solution ? This could help others, who may come across the same situation.
Look for Conduit in the Windows Control Panel Programs list. If there, uninstall it.
I did that a few days ago and it worked. I was getting some PUP's that were detected in my overnight MBAM scans that were being quarantined and removed without problems, but they would re-appear again the next morning after another ovenight scan.
I looked at the MBAM log info and the PUP's were being generated / replicaed, etc, from the parent folder which was an unwanted toolbar installation .exe file.
I uninstalled the toolbar from the Control Panel "Uninstall" page and the PUP's are gone.
When I was dicsussing this subject at another anti-malware forum and had described what I had seen the last few days, one of the senior members at that forum stated emphatically::
"PUP's do not replicate".
I don't dispute that at all since I'm only an average "joe" PC user but from the perception of an average user, where one sees repeated PUP's being detected in one's scheduled scan results, it can appear that this is happening.
Look for Conduit in the Windows Control Panel Programs list. If there, uninstall it.
I did that a few days ago and it worked. I was getting some PUP's that were detected in my overnight MBAM scans that were being quarantined and removed without problems, but they would re-appear again the next morning after another ovenight scan.
I looked at the MBAM log info and the PUP's were being generated / replicaed, etc, from the parent folder which was an unwanted toolbar installation .exe file.
I uninstalled the toolbar from the Control Panel "Uninstall" page and the PUP's are gone.
When I was dicsussing this subject at another anti-malware forum and had described what I had seen the last few days, one of the senior members at that forum stated emphatically::
"PUP's do not replicate".
I don't dispute that at all since I'm only an average "joe" PC user but from the perception of an average user, where one sees repeated PUP's being detected in one's scheduled scan results, it can appear that this is happening.
From what I understand, and I defer to Quads correcting me if I am wrong, the Conduit program may be the vehicle for the installation of the PUPs. So the PUPs themselves do not repilcate, but some other program does that part.
I did that a few days ago and it worked. I was getting some PUP's that were detected in my overnight MBAM scans that were being quarantined and removed without problems, but they would re-appear again the next morning after another ovenight scan.