PUP appfish

malwarebytes-pup-screenshotPUP appfish: a reader asks…

Hi Chris, after taking your advice and installing Malwarebytes Anti-Malware, I got my first malware alert – should I always delete what it finds? It found 2 items on my Windows 7 Dell laptop.

If you check the Malwarebytes’ program settings under Detection and Protection you’ll see a section called “Non-malware Protection’ where you can choose how Malwarebytes treats things that aren’t guaranteed malware, but could be harmful to your computer. These are Potentially Unwanted Programs (PUP) and Potentially Unwanted Modifications (PUM). I suggest that these two settings be set to treat these detections as malware.

dell-system-detect-screenshotIn the case of the two PUPs identified in your screenshot, the first one is from Dell – that’s a program that you probably installed when you visited http://support.dell.com and chose to have the support website detect your system for you (rather than finding and typing the Service Tag). Since that particular program operates similar to other malware and isn’t required for normal computer use, Malwarebytes flagged it as a potentially unwanted program. DellSystemDetect is not harmful, but does use system resources even when you’re not using it, so for most people I’d suggest removing it.

search-protect-by-conduitThe second PUP is, to mix metaphors, a fish of a different color. A quick google search on “search protect appfish” will show you that it is a browser hijacker put out by Conduit – I’ve seen a lot of unwanted junk from this company. This app doesn’t protect your searching, it actually changes your search engine from whatever you set to the Conduit search engine. In this case, you most definitely want to remove it, but removing it may not be as simple as just leaving it checked and clicking the Remove Selected button in Malwarebytes. In this case, Search Protect appfish may have insinuated itself into your web browser‘s settings, so you’ll also want to remove it from there. Before you click the Remove Selected button in Malwarebytes, leave that window open but go through the below steps first.

win7-programs-and-features-uninstall-a-program-screenshotThe first step in removing malware and unwanted programs should always be to open Microsoft’s built-in Programs and Features, an applet on the Control Panel. In Windows 7, you can just click the Start button and type “uninstall a program” – that will show search results and the first entry is Uninstall a program, so just press your keyboard’s Enter key to run that applet. That shows you a list of (almost) all the programs installed on your computer. Look down this list and click on any program you want to uninstall it, then click the Uninstall link above the list. Remove all unneeded programs one at a time, waiting until the uninstall routine is done before going on to the next one.

Advertisement

You may or may not find Search Protect appfish on this list. Malware creators work very hard to hide their apps from your view, making it harder for you to remove it. If you don’t find it on this list, then your next step is to remove it from your web browser:

  • gear-iconIn Internet Explorer, click the Gear icon and choose Manage add-ons. Go to the Search Providers list (select that on the leftside of the window that opens), and remove all entries that aren’t search engines you want to use. If the default search engine is Conduit’s, first change the default to another search engine – for example, click on Google or Bing and click the button at the bottom ‘Set as default’. Then click on the Conduit entry and click the ‘Remove’ button at the bottom.
  • hamburger-airvent-menu-iconIn Google Chrome, click the hamburger icon (3 horizontal lines), and click Settings. On the tab that opens, click the Manage Search Engines button. Hover your mouse over your preferred default (for example, Google), and if a Make Default button appears, click it. Then look down the list, hover your mouse over each item and click the X that appears to remove it. Feel free to be aggressive in removing all search engines from this window that you don’t need, and certainly any that you don’t recognize.
  • hamburger-airvent-menu-iconIn Mozilla Firefox, click the hamburger icon (3 horizontal lines), and click Options. On the tab that opens, click the Search menu item (on the left-side). click open the box for Default Search Engine and pick the one you want (Google, Bing, Yahoo or whatever). Now go down the list under One-click search engines and highlight any search engine you want, thenclick the Remove button at the bottom. Rinse and repeat for all search engines on this list. Feel free to be aggressive in removing all search engines from this window that you don’t need, and certainly any that you don’t recognize.

Once this is done, go back to Malwarebytes and click the Remove Selected button after making sure the Search Protect appfish item checkbox is checked. Once this is done, restart your computer, open Malwarebytes and perform another scan. Malware is very tricky and will often try to hide itself in multiple places, so repeated scans may be needed to remove it. The process is:

  1. malwarebytest-scan-screenshotRestart your computer
  2. Run Malwarebytes to scan your computer (after making sure it’s updated)
  3. Remove any malware (and most PUP/PUM detections it finds).

Rinse and repeat until the Malwarebytes scan shows nothing detected. I know it’s a pain to do all the above, so once your system is clean, you should upgrade to Malwarebytes Anti-Malware Premium so it’ll provide full-time protection to help prevent these things from getting on your system in the first place. As any doctor (or sensible person) will tell you, an ounce of prevention is worth a pound of cure!

 

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.