PUP.Optional.FindingDiscount is Malwarebytes’ detection name for a potentially unwanted program (PUP), specifically a browser hijacker. Some vendors categorize it as adware. PUP.Optional.FindingDiscount targets Windows systems.
PUP.Optional.FindingDiscount is advertised as a helpful program that displays coupons for sites that users are visiting. It also displays ads that lead to the installation of more questionable programs. PUP.Optional.FindingDiscount comes bundled with other programs. It can be downloaded with software hosted on third-party software providers.
Malwarebytes protects users from PUP.Optional.FindingDiscount by using real-time protection.
Malwarebytes blocks the bundlers that include PUP.Optional.FindingDiscount
Malwarebytes can detect and remove PUP.Optional.FindingDiscount without further user interaction.
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.
If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.
A Malwarebytes log of removal will look similar to this:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/13/2015 Scan Time: 2:43:58 PM Logfile: mbamPriceFindings.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.13.04 Rootkit Database: v2015.02.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 330755 Time Elapsed: 27 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.FindingDiscount.A, C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe, 720, Delete-on-Reboot, [ef096ab38208b383970c6c28cc37a759] PUP.Optional.RuntimeManager.A, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, 4816, Delete-on-Reboot, [8c6c7da0573368ceebba2e66f50e6f91] Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.FindingDiscount.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FindingDiscount, Quarantined, [ef096ab38208b383970c6c28cc37a759], PUP.Optional.RuntimeManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeManager, Quarantined, [8c6c7da0573368ceebba2e66f50e6f91], Registry Values: 1 PUP.Optional.RuntimeManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RUNTIMEMANAGER|ImagePath, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe -service, Quarantined, [8c6c7da0573368ceebba2e66f50e6f91] Folders: 3 PUP.Optional.FindingDiscount.A, C:\Program Files (x86)\Windows Discount, Delete-on-Reboot, [0bed61bc7317152156f8265f60a335cb], PUP.Optional.FindingDiscount.A, C:\Program Files (x86)\Windows Discount\FindingDiscount, Delete-on-Reboot, [0bed61bc7317152156f8265f60a335cb], PUP.Optional.RuntimeManager.A, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager, Delete-on-Reboot, [7f795bc21872ba7c0153790cdc27d52b], Files: 3 PUP.Optional.OpenSoftwareUpdater, C:\Users\{username}\Desktop\gpsetup2.exe, Quarantined, [ab4d120bc4c6cc6a111e41a3c53cf30d], PUP.Optional.FindingDiscount.A, C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe, Delete-on-Reboot, [ef096ab38208b383970c6c28cc37a759], PUP.Optional.RuntimeManager.A, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, Delete-on-Reboot, [8c6c7da0573368ceebba2e66f50e6f91], Physical Sectors: 0 (No malicious items detected) (end)
You may see these entries in FRST logs:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:47574 ProxyEnable: [HKCU] => Internet Explorer proxy is enabled. ProxyServer: [HKCU] => http=127.0.0.1:47574 R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [345088 2015-02-05] () [File not signed] R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [214016 2015-02-05] () [File not signed]
Select your language