I've found two different computers with a Price(Something) PUP .dll in a temp directory, that I recently reformatted and put Windows 7 64-bit SP1 on.
I'm mildly concerned. I'm using up-to-date software, and the only things I have installed, when I freshly re-install Win7, is, I download:
Waterfox (
https://www.waterfoxproject.org/)
Malwarebytes (
http://www.malwarebytes.org/ -> redirect to
www.malwarebytes.com)
CPU-Z (seached for it, but I always go to the "Official site", cpuid.com)
Crystal Disk Mark (searched for it, but I always go to "Crystal Dew World" - official homepage / site)
And then sometimes, ImgBurn (
http://www.imgburn.com, scroll down to download link in news section, download from the imgburn.com mirror, always deny PUP installation when prompted)
But I'm wondering if I'm getting it from a drive-by JavaScript ad, possibly on this site, because in the same temp directory, there's an osutils.vbs script in another sub-directory, and something looks like it was downloading "payloads" into little sub-dirs.
Edit: I always get the .ZIP standalone version of CPU-Z and CDM, and unzip them manually into my Downloads directory.
This is a VERY recent happening, too, last week pretty-much. Because I was doing a bunch of test installs the last few weeks of Win10 on my 3rd Skylake rig, to test out various SSDs and benchmark them. One of the benchmarks that I do is a Malwarebytes scan, which normally comes up clean, unless I've downloaded ImgBurn, then it finds the "OpenCandy" PUP in the installer, usually. But this is different.
Edit: And I DON'T install Flash Player, or Java.
Edit: The reason that I think that it might be a drive-by ad from this site, is, I've recently stopped installing NoScript, because it seems to break some pages (even with an "allow all"). So I've been seeing ads on this site.
Facebook
Twitter