Heuristic Suspect, Potentially Unwanted Software.

Leave comments / LPI, PUP, Superfluous, Suspect / Through / 1 minute read
109 811
5 / 5 - (2 votes)

Heuristic Suspect, Potentially Unwanted Optional Software.

Some rather suspicious software is installed with the same installation key in the registry, this is notably the case of “BonanzaDeals”, “SaveSense” or “Duuqu Group”. 

It installs as a program and it loads every time the system starts. The program falls into the category of Optional Potentially Unwanted Software (LPI/PUP).


Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.


Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections. The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.

TECHNICAL ELEMENTS

  Features

- It installs as a program (O42)
– It creates multiple “Software” registry keys,
- Adds additional folders (O43),

 Preview in reports

Recorded on: 16/04/2016
O42 – Software: Google Update Helper – (.BonanzaDeals.) [HKLM][64Bits] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 – Software: Software Update Helper – (.Google Inc..) [HKLM][64Bits] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 – Software: Google Update Helper – (.SaveSense.) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 – Software: Duuqu Update Helper – (.Duuqu Group.) [HKLM][64Bits] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 Alias

PUP.Optional.SaveSense
PUP.Optional.BonanzaDeals
Adware.Framefox

HOW TO REMOVE Suspicious Heuristic?

Delete with Windows

Delete with ZHPCleaner

   Delete with ZHPSuite

Responsibility :   The principle of absence of responsibility of the original site, with regard to the contents of the targeted target sites, is recalled by the judgment of September 19, 2001 of the Paris Court of Appeal. The comments I make here reflect my opinion and are suggestions - the visitor is not obliged to follow them.

Share
Tweet
whatsapp
Share
Pin it

About the Author

Nicolas Coolman is a French IT and IT security expert with a degree in software engineering. It specializes in scanning and disinfecting malware, including adware, ransomware, Trojans and other types of unwanted software. Nicolas Coolman is also the creator of several computer security tools, such as "ZHPCleaner" and "ZHPDiag", which are widely used by users to scan and clean malware from their Windows operating systems. Nicolas Coolman is very active in the IT security community and regularly shares his knowledge and findings on his website and on security forums. His expertise is recognized by many users and IT professionals, and he is considered a reference in the field of combating malware.

Similar publications

Leave comments

Back to top