Solved What is PUP.Optional.Legacy, and where is the repeated infecton coming from?

Daniel Burkus

Posts: 161   +7
I have a reasonably new Samsung PC, running Windows 7. I have ESET Nod32 Anti-virus, and also run Malwarebytes, Spybot S&D, SUPER Anti-spyware, CCleaner, and AdwCleaner at least several times per week (daily if I can afford the interruption of my work), Sophos Virus Removal Tool weekly, and Dr. Web one or two times per month. Everything is generally clean, except that occasionally AdwCleaner detects what they claim is malware (none of the others show this, however), and sometimes Dr. Web finds that the HOSTS file "has been corrupted." I do not know if the two are related, but suspect that there might be a link because when the AdwCleaner detection appears, if I run Dr. Web, that also detects a change in the HOSTS file.

AdwCleaner is detecting the following 6 changes to the Windows registry (every time they are exactly the same):

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com

What is PUP.Optional.Legacy, and where is the infection coming from? This, as I said, is the only detection that ever shows up, on any of the anti-malware programs that I run. How can I avoid reinfection (I use Firefox as my browser of choice, so are there any changes that I should be making there)? I have not really noticed any problems with my PC -- it works very well, and there is no difference (that I can see) between its performance in the infected state versus how it works immediately after these keys have been deleted. I do not usually surf the internet, except when I need a specific image file for inclusion in my translations, and this infection appears to originate from there. Aside from not searching for things that I need (which are presumably in the public domain), is there any way to avoid this kind of infection -- would, for example, saving the images as screen captures and then turning those into files, be a help?

At any rate, thank you very much for taking the time to read this, and for any help that you may be able to offer.


-- Daniel M. Burkus



AdwCleaner's latest scan report is attached below.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.0.0
# -------------------------------
# Build: 11-21-2019
# Database: 2019-11-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-03-2019
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2623 octets] - [10/07/2019 09:06:05]
AdwCleaner[C00].txt - [2607 octets] - [10/07/2019 09:08:46]
AdwCleaner[S01].txt - [1375 octets] - [10/07/2019 23:35:59]
AdwCleaner[S02].txt - [1436 octets] - [12/07/2019 07:47:41]
AdwCleaner[S03].txt - [1497 octets] - [12/07/2019 19:30:12]
AdwCleaner[S04].txt - [1558 octets] - [13/07/2019 09:04:49]
AdwCleaner[S05].txt - [1619 octets] - [13/07/2019 09:07:55]
AdwCleaner[S06].txt - [2182 octets] - [14/07/2019 09:24:09]
AdwCleaner[C06].txt - [2294 octets] - [14/07/2019 09:24:45]
AdwCleaner[S07].txt - [2018 octets] - [15/07/2019 11:46:05]
AdwCleaner[C07].txt - [2166 octets] - [15/07/2019 11:46:38]
AdwCleaner[S08].txt - [1924 octets] - [15/07/2019 11:49:53]
AdwCleaner[S09].txt - [1985 octets] - [18/07/2019 01:36:28]
AdwCleaner[S10].txt - [2802 octets] - [18/07/2019 10:30:50]
AdwCleaner[C10].txt - [2878 octets] - [18/07/2019 10:31:18]
AdwCleaner[S11].txt - [2168 octets] - [19/07/2019 06:29:58]
AdwCleaner[S12].txt - [2229 octets] - [20/07/2019 09:46:02]
AdwCleaner[S13].txt - [2290 octets] - [21/07/2019 00:17:43]
AdwCleaner[S14].txt - [3107 octets] - [22/07/2019 23:40:40]
AdwCleaner[C14].txt - [3183 octets] - [22/07/2019 23:42:58]
AdwCleaner[S15].txt - [2473 octets] - [23/07/2019 22:14:38]
AdwCleaner[S16].txt - [3366 octets] - [27/07/2019 00:07:06]
AdwCleaner[C16].txt - [3444 octets] - [27/07/2019 00:08:17]
AdwCleaner[S17].txt - [2732 octets] - [27/07/2019 23:04:03]
AdwCleaner[S18].txt - [3549 octets] - [28/07/2019 05:57:23]
AdwCleaner[C18].txt - [3627 octets] - [28/07/2019 05:57:36]
AdwCleaner[S19].txt - [2915 octets] - [28/07/2019 15:33:57]
AdwCleaner[S20].txt - [2976 octets] - [29/07/2019 09:09:06]
AdwCleaner[S21].txt - [3037 octets] - [30/07/2019 11:56:30]
AdwCleaner[S22].txt - [3098 octets] - [30/07/2019 17:23:50]
AdwCleaner[S23].txt - [3159 octets] - [31/07/2019 00:33:43]
AdwCleaner[S24].txt - [3220 octets] - [01/08/2019 22:37:07]
AdwCleaner[S25].txt - [3281 octets] - [02/08/2019 07:27:37]
AdwCleaner[S26].txt - [3342 octets] - [03/08/2019 11:15:55]
AdwCleaner[S27].txt - [4159 octets] - [04/08/2019 07:50:23]
AdwCleaner[C27].txt - [4237 octets] - [04/08/2019 07:50:38]
AdwCleaner[S28].txt - [4281 octets] - [04/08/2019 12:27:24]
AdwCleaner[C28].txt - [4359 octets] - [04/08/2019 12:28:02]
AdwCleaner[S29].txt - [3647 octets] - [04/08/2019 12:41:07]
AdwCleaner[S30].txt - [3708 octets] - [04/08/2019 15:39:46]
AdwCleaner[S31].txt - [3769 octets] - [04/08/2019 19:42:25]
AdwCleaner[S32].txt - [3830 octets] - [05/08/2019 22:31:12]
AdwCleaner[S33].txt - [3891 octets] - [07/08/2019 09:29:08]
AdwCleaner[S34].txt - [3952 octets] - [08/08/2019 11:23:21]
AdwCleaner[S35].txt - [4013 octets] - [08/08/2019 21:39:55]
AdwCleaner[S36].txt - [4074 octets] - [09/08/2019 15:41:34]
AdwCleaner[S37].txt - [4135 octets] - [09/08/2019 22:14:32]
AdwCleaner[S38].txt - [4196 octets] - [11/08/2019 07:16:47]
AdwCleaner[S39].txt - [5013 octets] - [11/08/2019 18:36:58]
AdwCleaner[C39].txt - [5091 octets] - [11/08/2019 18:37:27]
AdwCleaner[S40].txt - [4379 octets] - [11/08/2019 22:18:15]
AdwCleaner[S41].txt - [4440 octets] - [12/08/2019 12:20:34]
AdwCleaner[S42].txt - [4501 octets] - [13/08/2019 00:49:03]
AdwCleaner[S43].txt - [4562 octets] - [14/08/2019 11:19:25]
AdwCleaner[S44].txt - [4623 octets] - [15/08/2019 18:54:48]
AdwCleaner[S45].txt - [4684 octets] - [15/08/2019 23:43:39]
AdwCleaner[S46].txt - [4745 octets] - [17/08/2019 11:08:37]
AdwCleaner[S47].txt - [4806 octets] - [18/08/2019 20:00:18]
AdwCleaner[S48].txt - [4867 octets] - [19/08/2019 17:30:45]
AdwCleaner[S49].txt - [4928 octets] - [19/08/2019 19:53:53]
AdwCleaner[S50].txt - [4989 octets] - [21/08/2019 06:43:48]
AdwCleaner[S51].txt - [5050 octets] - [22/08/2019 11:12:05]
AdwCleaner[S52].txt - [5111 octets] - [22/08/2019 14:26:34]
AdwCleaner[S53].txt - [5928 octets] - [24/08/2019 09:09:40]
AdwCleaner[C53].txt - [6006 octets] - [24/08/2019 09:09:53]
AdwCleaner[S54].txt - [5294 octets] - [24/08/2019 22:38:54]
AdwCleaner[S55].txt - [5355 octets] - [25/08/2019 15:24:12]
AdwCleaner[S56].txt - [6172 octets] - [26/08/2019 10:25:40]
AdwCleaner[C56].txt - [6250 octets] - [26/08/2019 10:26:25]
AdwCleaner[S57].txt - [5538 octets] - [28/08/2019 14:41:43]
AdwCleaner[S58].txt - [5599 octets] - [29/08/2019 15:26:19]
AdwCleaner[S59].txt - [5660 octets] - [30/08/2019 22:39:00]
AdwCleaner[S60].txt - [5721 octets] - [31/08/2019 10:16:00]
AdwCleaner[S61].txt - [5782 octets] - [01/09/2019 08:58:23]
AdwCleaner[S62].txt - [5843 octets] - [01/09/2019 14:23:07]
AdwCleaner[S63].txt - [5904 octets] - [02/09/2019 23:52:21]
AdwCleaner[S64].txt - [5965 octets] - [03/09/2019 08:53:37]
AdwCleaner[S65].txt - [6026 octets] - [04/09/2019 06:08:40]
AdwCleaner[S66].txt - [6087 octets] - [04/09/2019 22:50:29]
AdwCleaner[S67].txt - [6148 octets] - [05/09/2019 09:26:10]
AdwCleaner[S68].txt - [6209 octets] - [06/09/2019 23:15:54]
AdwCleaner_Debug.log - [580911 octets] - [06/09/2019 23:17:02]
AdwCleaner[S69].txt - [6332 octets] - [06/09/2019 23:18:10]
AdwCleaner[S70].txt - [7150 octets] - [08/09/2019 08:09:36]
AdwCleaner[C70].txt - [7228 octets] - [08/09/2019 08:09:54]
AdwCleaner[S71].txt - [6516 octets] - [09/09/2019 00:43:38]
AdwCleaner[S72].txt - [6577 octets] - [09/09/2019 09:37:31]
AdwCleaner[S73].txt - [6638 octets] - [09/09/2019 22:57:00]
AdwCleaner[S74].txt - [6699 octets] - [11/09/2019 01:17:07]
AdwCleaner[S75].txt - [6760 octets] - [12/09/2019 21:40:33]
AdwCleaner[S76].txt - [6821 octets] - [12/09/2019 22:34:01]
AdwCleaner[S77].txt - [6882 octets] - [13/09/2019 18:58:32]
AdwCleaner[S78].txt - [7699 octets] - [15/09/2019 13:01:46]
AdwCleaner[C78].txt - [7777 octets] - [15/09/2019 13:02:04]
AdwCleaner[S79].txt - [7821 octets] - [15/09/2019 21:15:25]
AdwCleaner[C79].txt - [7899 octets] - [15/09/2019 21:15:45]
AdwCleaner[S80].txt - [7187 octets] - [17/09/2019 21:56:02]
AdwCleaner[S81].txt - [7261 octets] - [20/09/2019 14:30:06]
AdwCleaner[C81].txt - [7429 octets] - [20/09/2019 14:31:43]
AdwCleaner[S82].txt - [7371 octets] - [21/09/2019 17:17:24]
AdwCleaner[S83].txt - [7432 octets] - [21/09/2019 18:04:11]
AdwCleaner[S84].txt - [7493 octets] - [21/09/2019 23:31:49]
AdwCleaner[S85].txt - [8310 octets] - [22/09/2019 08:55:00]
AdwCleaner[C85].txt - [8388 octets] - [22/09/2019 08:55:26]
AdwCleaner[S86].txt - [7676 octets] - [24/09/2019 12:23:56]
AdwCleaner[S87].txt - [8493 octets] - [24/09/2019 22:35:15]
AdwCleaner[C87].txt - [8571 octets] - [24/09/2019 22:36:10]
AdwCleaner[S88].txt - [7859 octets] - [26/09/2019 06:53:50]
AdwCleaner[S89].txt - [7920 octets] - [26/09/2019 19:53:43]
AdwCleaner[S90].txt - [7981 octets] - [26/09/2019 20:37:32]
AdwCleaner[S91].txt - [8042 octets] - [27/09/2019 15:21:38]
AdwCleaner[S92].txt - [8103 octets] - [28/09/2019 21:53:47]
AdwCleaner[S93].txt - [8164 octets] - [29/09/2019 11:21:01]
AdwCleaner[S94].txt - [8981 octets] - [29/09/2019 22:32:39]
AdwCleaner[C94].txt - [9059 octets] - [29/09/2019 22:33:47]
AdwCleaner[S95].txt - [8347 octets] - [01/10/2019 22:51:50]
AdwCleaner[S96].txt - [8408 octets] - [02/10/2019 20:15:06]
AdwCleaner[S97].txt - [8469 octets] - [03/10/2019 12:29:31]
AdwCleaner[S98].txt - [8530 octets] - [04/10/2019 19:50:49]
AdwCleaner[S99].txt - [9347 octets] - [05/10/2019 08:45:45]
AdwCleaner[C99].txt - [9425 octets] - [05/10/2019 08:46:02]
AdwCleaner[S100].txt - [8714 octets] - [05/10/2019 17:58:47]
AdwCleaner[S101].txt - [8776 octets] - [06/10/2019 09:26:11]
AdwCleaner[S102].txt - [9594 octets] - [07/10/2019 22:31:15]
AdwCleaner[C102].txt - [9673 octets] - [07/10/2019 22:34:23]
AdwCleaner[S103].txt - [8962 octets] - [08/10/2019 22:07:03]
AdwCleaner[S104].txt - [9780 octets] - [13/10/2019 12:20:27]
AdwCleaner[C104].txt - [9859 octets] - [13/10/2019 12:21:45]
AdwCleaner[S105].txt - [9148 octets] - [14/10/2019 14:32:50]
AdwCleaner[S106].txt - [9210 octets] - [14/10/2019 21:21:34]
AdwCleaner[S107].txt - [9272 octets] - [16/10/2019 08:07:01]
AdwCleaner[S108].txt - [9334 octets] - [17/10/2019 09:51:58]
AdwCleaner[S109].txt - [10152 octets] - [18/10/2019 22:58:44]
AdwCleaner[C109].txt - [10232 octets] - [18/10/2019 22:58:55]
AdwCleaner[S110].txt - [9522 octets] - [19/10/2019 22:14:00]
AdwCleaner[S111].txt - [10340 octets] - [20/10/2019 19:25:00]
AdwCleaner[C111].txt - [10420 octets] - [20/10/2019 19:25:14]
AdwCleaner[S112].txt - [9710 octets] - [22/10/2019 00:23:47]
AdwCleaner[S113].txt - [9772 octets] - [25/10/2019 22:53:25]
AdwCleaner[S114].txt - [10590 octets] - [26/10/2019 21:49:42]
AdwCleaner[C114].txt - [10670 octets] - [26/10/2019 21:53:02]
AdwCleaner[S115].txt - [10716 octets] - [29/10/2019 16:02:11]
AdwCleaner[C115].txt - [10796 octets] - [29/10/2019 16:04:13]
AdwCleaner[S116].txt - [10086 octets] - [30/10/2019 15:56:27]
AdwCleaner[S117].txt - [10149 octets] - [30/10/2019 22:49:39]
AdwCleaner[S118].txt - [10212 octets] - [31/10/2019 23:10:15]
AdwCleaner[S119].txt - [10275 octets] - [01/11/2019 11:18:13]
AdwCleaner[S120].txt - [10338 octets] - [02/11/2019 00:06:04]
AdwCleaner[S121].txt - [11157 octets] - [03/11/2019 05:49:26]
AdwCleaner[C121].txt - [11237 octets] - [03/11/2019 05:50:07]
AdwCleaner[S122].txt - [10527 octets] - [05/11/2019 09:33:02]
AdwCleaner[S123].txt - [10590 octets] - [06/11/2019 09:41:00]
AdwCleaner[S124].txt - [10653 octets] - [06/11/2019 16:32:36]
AdwCleaner[S125].txt - [11472 octets] - [09/11/2019 06:58:12]
AdwCleaner[C125].txt - [11552 octets] - [09/11/2019 06:58:30]
AdwCleaner[S126].txt - [10842 octets] - [09/11/2019 21:22:24]
AdwCleaner[S127].txt - [10905 octets] - [12/11/2019 15:19:45]
AdwCleaner[S128].txt - [10968 octets] - [12/11/2019 20:38:50]
AdwCleaner[S129].txt - [11031 octets] - [14/11/2019 07:16:25]
AdwCleaner[S130].txt - [11094 octets] - [14/11/2019 16:59:01]
AdwCleaner[S131].txt - [11157 octets] - [15/11/2019 08:51:53]
AdwCleaner[S132].txt - [11976 octets] - [15/11/2019 23:59:37]
AdwCleaner[C132].txt - [12056 octets] - [16/11/2019 00:02:13]
AdwCleaner[S133].txt - [12102 octets] - [17/11/2019 23:46:21]
AdwCleaner[C133].txt - [12182 octets] - [17/11/2019 23:46:47]
AdwCleaner[S134].txt - [11472 octets] - [20/11/2019 08:09:31]
AdwCleaner[S135].txt - [11535 octets] - [24/11/2019 06:28:34]
AdwCleaner[S136].txt - [12354 octets] - [24/11/2019 11:15:54]
AdwCleaner[C136].txt - [12434 octets] - [24/11/2019 11:21:32]
AdwCleaner[S137].txt - [11724 octets] - [24/11/2019 22:33:02]
AdwCleaner[S138].txt - [11787 octets] - [27/11/2019 18:28:58]
AdwCleaner[S139].txt - [11850 octets] - [28/11/2019 07:53:44]
AdwCleaner[S140].txt - [11913 octets] - [29/11/2019 20:23:13]
AdwCleaner[S141].txt - [11976 octets] - [30/11/2019 07:34:29]
AdwCleaner[S142].txt - [12039 octets] - [30/11/2019 18:28:13]
AdwCleaner[S143].txt - [12858 octets] - [03/12/2019 12:37:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C143].txt ##########
 
Last edited:
PUP.Optional.Legacy is a generic detection name by AdwCleaner for potentially unwanted programs (PUPs) that have not been classified by family yet.
Those in your log come from Internet Explorer. Basically they're not seriously dangerous but it's a good thing you clean them. They can come simply from surfing, accepting cookies etc.
I wouldn't worry too much about this particular issue.
 
Hi, Broni! Thank you very much for your reply!

Ok, now I understand. Then I guess the best thing to do is just run AdwCleaner along with the other anti-malware programs every now and then, to get rid of these things whenever they happen to show up.

I hope you are well, and finding yourself in the holiday spirit!

Thank you, again, for your help. Please have a great day!

-- Daniel M. Burkus
 
Back