IDP.HELU.JSDown18

Viruses & Threats
3

Thank you Balasubramanian.

My PUP was turned on.  I guess Malware just did a better job.  Since the fix I notice Pop Up advertising messages have stopped.

Thank you for your kind support.

4

Hello John,

We have been reported about this threat detection.
I see that you have subscribed for AVG Internet Security - Unlimited (1 year subscription).
Hence, request you to get our additional support on this matter.
An email instruction has been sent which will help you to get connected with them.
If the email is not found in inbox do check in spam and junk folders.

5

Hello John,

We have been reported about this threat detection.
I see that you have subscribed for AVG Internet Security - Unlimited (1 year subscription).
Hence, request you to get our additional support on this matter.
An email instruction has been sent which will help you to get connected with them.
If the email is not found in inbox do check in spam and junk folders.

7

Thank you Balasubramanian.

My PUP was turned on.  I guess Malware just did a better job.  Since the fix I notice Pop Up advertising messages have stopped.

Thank you for your kind support.

6

How I fixed IDP.HELU.JSDown18

I downloaded and ran the trial Malwarebytes Premium.

It found a wide range PUP malware that have been missed by AVG

For the record below is a copy of the log.


-Log Details-
Scan Date: 3/11/18
Scan Time: 12:05 PM
Log File: 8bf7fd32-2524-11e8-ab18-3065ec7eca2e.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4298
License: Trial

-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User:

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313921
Threats Detected: 19
Threats Quarantined: 19
Time Elapsed: 4 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 11
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [1984], [440037],1.0.4298
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarantined, [1984], [440037],1.0.4298
PUP.Optional.SearchManager, HKU\S-1-5-21-3602088944-3577592955-2911726661-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarantined, [1984], [440037],1.0.4298
PUP.Optional.WinYahoo, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{A0C1F6AA-497E-4136-B35C-9F71D6AD76CE}, Quarantined, [58], [182758],1.0.4298
PUP.Optional.WinYahoo, HKU\S-1-5-21-3602088944-3577592955-2911726661-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{A0C1F6AA-497E-4136-B35C-9F71D6AD76CE}, Quarantined, [58], [182758],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{A0C1F6AA-497E-4136-B35C-9F71D6AD76CE}, Quarantined, [58], [182758],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{A0C1F6AA-497E-4136-B35C-9F71D6AD76CE}, Quarantined, [58], [182758],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{D494CDF5-8513-481A-B32B-A155FD352862}, Quarantined, [58], [308967],1.0.4298
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [1984], [260991],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN{D494CDF5-8513-481A-B32B-A155FD352862}, Quarantined, [58], [308968],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered cicel, Quarantined, [58], [308968],1.0.4298

Registry Value: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{A0C1F6AA-497E-4136-B35C-9F71D6AD76CE}|URL, Quarantined, [58], [182758],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{D494CDF5-8513-481A-B32B-A155FD352862}|PATH, Quarantined, [58], [308967],1.0.4298
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{A0C1F6AA-497E-4136-B35C-9F71D6AD76CE}|URL, Quarantined, [58], [182758],1.0.4298

Registry Data: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [58], [293461],1.0.4298

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered cicel.job, Quarantined, [58], [308966],1.0.4298
PUP.Optional.SearchManager, C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1984], [440037],1.0.4298
PUP.Optional.Babylon, C:\USERS\TONY\DOWNLOADS\UNLOCKER1.9.2.EXE, Quarantined, [1695], [76260],1.0.4298


Physical Sector: 0
(No malicious items detected)


(end)

1

Hi Team,
I have been getting repeated pop-ups which tell me that MAMA.TXT has been moved to my Quarantine.  
Treat name:  IDP.HELU.JSDown18
Process:       C:\PROGRAMDATA{8A7A4F19-0038-C5DF-86FE-5B9D1CBCD053}\MAMA.TXT
Detected by: Behaviour Shield
Status:         Moved to Quarantine| Open Quarantine

When I open the quarantine there is nothing in there.
Please advise if this is dangerous  or if not how do I stop the pop-ups

2

Hello Anthony,

The false detection of AVG are now fixed.
The PUP's detected by Malwarebytes are (Potentially Unwanted Programs) that aren't necessary to run on the PC.
It is not a real threat for the PC.
However, PUP's detection scanning are available with AVG too.
It has to be enabled to detect the PUPs.
You can find it on "Scan Computer" gear icon "settings" of AVG interface.
Thank you.