PUP.Optional.FindingDiscount is Malwarebytes' detection name for a potentially unwanted program (PUP), specifically a browser hijacker. Some vendors categorize it as adware. PUP.Optional.FindingDiscount targets Windows systems.
PUP.Optional.FindingDiscount is advertised as a helpful program that displays coupons for sites that users are visiting. It also displays ads that lead to the installation of more questionable programs. PUP.Optional.FindingDiscount comes bundledwith other programs. It can be downloaded with software hosted on third-party software providers.
Malwarebytes can detect and remove PUP.Optional.FindingDiscount without further user interaction.
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.
A Malwarebytes log of removal will look similar to this:
MalwarebytesAnti-Malwarewww.malwarebytes.orgScanDate:2/13/2015ScanTime:2:43:58PMLogfile:mbamPriceFindings.txtAdministrator:YesVersion:2.00.4.1028MalwareDatabase:v2015.02.13.04RootkitDatabase:v2015.02.03.01License:FreeMalwareProtection:DisabledMaliciousWebsiteProtection:DisabledSelf-protection:DisabledOS:Windows8.1CPU:x64FileSystem:NTFSUser:{username}ScanType:ThreatScanResult:CompletedObjectsScanned:330755TimeElapsed:27min,18secMemory:EnabledStartup:EnabledFilesystem:EnabledArchives:EnabledRootkits:DisabledHeuristics:EnabledPUP:EnabledPUM:EnabledProcesses:2PUP.Optional.FindingDiscount.A,C:\Program Files(x86)\Windows Discount\FindingDiscount\findingdiscount.exe,720,Delete-on-Reboot,[ef096ab38208b383970c6c28cc37a759]PUP.Optional.RuntimeManager.A,C:\Program Files(x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe,4816,Delete-on-Reboot,[8c6c7da0573368ceebba2e66f50e6f91]Modules:0(Nomalicious items detected)RegistryKeys:2PUP.Optional.FindingDiscount.A,HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FindingDiscount,Quarantined,[ef096ab38208b383970c6c28cc37a759],PUP.Optional.RuntimeManager.A,HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeManager,Quarantined,[8c6c7da0573368ceebba2e66f50e6f91],RegistryValues:1PUP.Optional.RuntimeManager.A,HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RUNTIMEMANAGER|ImagePath,C:\Program Files(x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe -service,Quarantined,[8c6c7da0573368ceebba2e66f50e6f91]Folders:3PUP.Optional.FindingDiscount.A,C:\Program Files(x86)\Windows Discount,Delete-on-Reboot,[0bed61bc7317152156f8265f60a335cb],PUP.Optional.FindingDiscount.A,C:\Program Files(x86)\Windows Discount\FindingDiscount,Delete-on-Reboot,[0bed61bc7317152156f8265f60a335cb],PUP.Optional.RuntimeManager.A,C:\Program Files(x86)\Windows NT\Accessories\RuntimeManager,Delete-on-Reboot,[7f795bc21872ba7c0153790cdc27d52b],Files:3PUP.Optional.OpenSoftwareUpdater,C:\Users\{username}\Desktop\gpsetup2.exe,Quarantined,[ab4d120bc4c6cc6a111e41a3c53cf30d],PUP.Optional.FindingDiscount.A,C:\Program Files(x86)\Windows Discount\FindingDiscount\findingdiscount.exe,Delete-on-Reboot,[ef096ab38208b383970c6c28cc37a759],PUP.Optional.RuntimeManager.A,C:\Program Files(x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe,Delete-on-Reboot,[8c6c7da0573368ceebba2e66f50e6f91],PhysicalSectors:0(Nomalicious items detected)(end)
You may see these entries in FRST logs:
ProxyEnable:[.DEFAULT]=>InternetExplorerproxy isenabled.ProxyServer:[.DEFAULT]=>http=127.0.0.1:47574ProxyEnable:[HKCU]=>InternetExplorerproxy isenabled.ProxyServer:[HKCU]=>http=127.0.0.1:47574R2 FindingDiscount;C:\Program Files(x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [3450882015-02-05]()[Filenotsigned]R2 RuntimeManager;C:\Program Files(x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [2140162015-02-05]()[Filenotsigned]
Select your language