Jump to content
Sign in to follow this  
MrWhispers

Win32/Bundled.Toolbar.Yandex.J

Recommended Posts

I keep getting popups from this past week several times even tho I click clean it keeps showing on several applications...

most recent was from steam, and windows explorer,

I've used steam for many many years I know its safe same with windows explorer so what gives???

the popups are really annoying...

I've seen it on other applications as well...
This is a false positive or what is happening ESET...

It made me freak out and install several other alternative scanners to remove it but found nothing.

  • spybot
  • malwarebytes
  • superantispyware
  • norton power eraser
  • emsisoft emergency kit

has been going on for at least a week now...

ran scans everywhere for hours nothing comes up showing this Bundled.Toolbar.Yandex.J ...
 

 

Yandex.J.png

Edited by MrWhispers

Share this post


Link to post
Share on other sites

Based on the Eset alert shown, Eset is finding that the .tmp file downloaded/created by Steam is a PUA. It is also possible that some other process is creating the .tmp file and Steam as part of its normal processing is trying to access the .tmp file.

If you believe it is a false positive, you will have to submit the .tmp file to Eset for analysis and final determination as to that status.

Edited by itman

Share this post


Link to post
Share on other sites

Please gather logs with ELC but also select "quarantined files" to be collected.

I'd expect the dropped file to be a bittorent or utorrent client containing the said toolbar.

Share this post


Link to post
Share on other sites

@MrWhispers, Are you browsing the internet using Steam?

Share this post


Link to post
Share on other sites

@MrWhispers

For what I know you were the one that enable "potentially unsafe applications" in Eset Options because that doesnt come enable by default, also you probably decide to enable "potentially unwanted applications" during Eset Installation.

I personally dont like to use "potentially unsafe applications" and "potentially unwanted applications" because these options cause a lot of annoying popups and false positives.

For me this options are good if you are a person that install things without reading what you are installing, pretty much if you are a person that install things by clicking "Next" on everything without read.

For example with "potentially unwanted applications" enable I wasnt able to install uTorrent because I keeped getting popups everytime I try to install it, I selected "clean" and that made uTorrent setup crash.

https://support.eset.com/kb2629/?locale=en_US&viewlocale=en_US

https://support.eset.com/kb2629/?locale=en_US&viewlocale=en_US

Edited by razorfancy

Share this post


Link to post
Share on other sites
Quote

I personally dont like to use "potentially unsafe applications" and "potentially unwanted applications" because these options cause a lot of annoying popups and false positives.


Quite the contrary, potentially unsafe or unwanted applications should have virtually 0 false positives since these detections are created by humans after a deep analysis of applications.
Enabling detection of pot. unsafe applications combined with enabling password protection on machines that are the target of RDP attacks when the attacker typically disables protection and then runs ransomware can save the user from getting his or her files encrypted in case the attacker manages to get into the system.

Share this post


Link to post
Share on other sites
28 minutes ago, Marcos said:


Quite the contrary, potentially unsafe or unwanted applications should have virtually 0 false positives since these detections are created by humans after a deep analysis of applications.
Enabling detection of pot. unsafe applications combined with enabling password protection on machines that are the target of RDP attacks when the attacker typically disables protection and then runs ransomware can save the user from getting his or her files encrypted in case the attacker manages to get into the system.

If "potentially unsafe applications" and "potentially unwanted applications" were that good of options they would be enable by default when we install Eset.

For example like I said before with "potentially unwanted applications" enable I wasnt even enable to install uTorrent because I keeped getting popups everytime I try to install it, I selected "clean" and that made uTorrent setup crash.

When I install something I am not the type of person that installs toolbars and other programs that come in the application setup that I want to install so I dont need Eset to give me annoying poppus about toolbars that makes the setup crash.

Also with "potentially unwanted applications" enable I wasnt even able to enter https://www.baixaki.com.br/ home page without getting annoying popups.

Edited by razorfancy

Share this post


Link to post
Share on other sites
5 minutes ago, razorfancy said:

If "potentially unsafe applications" and "potentially unwanted applications" were that good of options they would be enable by default when we install Eset.

For example like I said before with "potentially unwanted applications" enable I wasnt even enable to install uTorrent because I keeped getting popups everytime I try to install it, I selected "clean" and that made uTorrent setup crash.

When I install something I am not the type of person that installs toolbars and other programs that come in the application setup that I want to install so I dont need Eset to give me annoying poppus about toolbars that makes the setup crash.

Also with "potentially unwanted applications" I wasnt even able to enter https://www.baixaki.com.br/ home page without getting annoying popups.

It would be better to install software that won't throw at you useless toolbars that would end up giving you ads or pop-ups , ditch uTorrent , there are better alternatives like Qbittorrent(based on uTorrent) or Deluge (open source).

It made your setup crash because ESET tried to clean the toolbar from the installer , so the installer crashed.

uTorrent uses that way to force you upgrading into a paid version where there are no ads/toolbars.

Edited by Rami

Share this post


Link to post
Share on other sites
39 minutes ago, Rami said:

It would be better to install software that won't throw at you useless toolbars that would end up giving you ads or pop-ups , ditch uTorrent , there are better alternatives like Qbittorrent(based on uTorrent) or Deluge (open source).

It made your setup crash because ESET tried to clean the toolbar from the installer , so the installer crashed.

uTorrent uses that way to force you upgrading into a paid version where there are no ads/toolbars.

I know thats why I dont enable those options + like I said I do not install toolbars and other programs that come in the application setup that I want to install.

Also I dont care about the ads that I get in uTorrent when I am with uTorrent interface open, its absolutely fine for me, I dont click on the ads and like you said is a way of trying to make people pay for the Pro version.

For example the type of ads that I dont like is the ones that Avast Free has because even when I am not with the Avast Interface open I get a lot of annoying ads while I am using other applications and that type of ads are the ones that really annoy me.

Edited by razorfancy

Share this post


Link to post
Share on other sites

Software that gives you Ads/Pop-ups doesn't deserve to stay in your PC in my opinion , that's why stick to a torrent client that won't give you ads/toolbars/pop-ups , If you are used to uTorrent interface then Qbittorrent is based on it and open source , give it a try.

Share this post


Link to post
Share on other sites
Quote

If "potentially unsafe applications" and "potentially unwanted applications" were that good of options they would be enable by default when we install Eset.

Enabling potentially unwanted applications requires user's consent mainly for legal reasons.

As for potentially unsafe applications, the detection is disabled by default because it covers legitimate tools that can be misused in the wrong hands, e.g. to kill AV processes and subsequently run malware.

The example you mentioned is not FP and there was a good reason to detect it because of opt-out installation of toolbars. Even when a guy distributing it claimed there's no reason to detect it, we prove that it was really PUA-related:

image.png

That said, calling "false positives" something that the detection is actually supposed to detect is not right. Both PUA / PUsA detections are optional.
If you think that benefits of using a particular PUA outweigh possible risks, you can exclude the PUA from detection by its detection name:

image.png

Re. baixaki.com.br, it used to host malware and PUAs in the past. Since it appears that it's been cleaned in the mean time, it will be removed from blacklist.

 

Share this post


Link to post
Share on other sites
28 minutes ago, Marcos said:

That said, calling "false positives" something that the detection is actually supposed to detect is not right.

You are right there, I shouldnt said that is false positives, should have just said that are annoying popups, that for me are more annoying than the ads that I get when I am with uTorrent interface open + like I said I am not the type of person that installs toolbars and other programs that come in the application setup that I want to install so I dont need Eset to give me annoying poppus that crashes the setup just because of toolbars that I am not going to install anyway.

Edited by razorfancy

Share this post


Link to post
Share on other sites
2 minutes ago, razorfancy said:

You are right there, I shouldnt said that is false positives, should have just said that are annoying popups, that for me are more annoying than the ads that I get when I am with uTorrent interface open + like I said I am not the type of person that installs toolbars and other programs that come in the application setup that I want to install so I dont need Eset to give me annoying poppus about toolbars that makes the setup crash.

The solution is easy. If you often download PUAs and are ok with not blocking them, disable PUA detection and ESET will not notify you. Or you can set cleaning to strict cleaning so that you are not prompted for an action upon detection.

Share this post


Link to post
Share on other sites
6 minutes ago, razorfancy said:

You are right there, I shouldnt said that is false positives, should have just said that are annoying popups, that for me are more annoying than the ads that I get when I am with uTorrent interface open + like I said I am not the type of person that installs toolbars and other programs that come in the application setup that I want to install so I dont need Eset to give me annoying poppus that crashes the setup just because about toolbars that I am not going to install anyway.

Just avoid software that will throw at you toolbars and ads/pop-ups.

Share this post


Link to post
Share on other sites

Appears to be sorted...

switched bitclients, odd the version I was using for the past 2 years never got alerts must be a PUA update that flagged it recently. even tho its a portable slimware version with no ads toolbars whatsoever. 

 

thanks for the input guys cheers! 

Share this post


Link to post
Share on other sites
4 hours ago, MrWhispers said:

Appears to be sorted...

switched bitclients, odd the version I was using for the past 2 years never got alerts must be a PUA update that flagged it recently. even tho its a portable slimware version with no ads toolbars whatsoever. 

 

thanks for the input guys cheers! 

It might be maybe because that uTorrent is known to host ads in their program, anyway it's better that you have switched.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×