Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, January 16, 2012

PUP.CNET.Adware.Bundle (Uninstall Guide)

Tell your friends:
PUP.CNET.Adware.Bundle stands for potentially unwanted program, CNET's own installer that wraps a limited number of Windows software downloads in a CBS Interactive/CNET bundle which attempts to download and install sponsored software, mostly toolbars (at least it's the Blekko toolbar at the moment). In other words, when you download a program from you may get CNET's proprietary installer, not the the software's installer. The downloaded file name begins with cnet_ or cnet2_, here's an example: cnet2_freeocr_exe.

If you install recommended toolbar or any other utility, 3rd party advertisers may track what you do on the internet to target you with products. That's the main reason why CNET's installer is detected by some anti-virus products as adware, PUP.CNET.Adware.Bundle and even a Trojan, although there are others. First of all, it can be a violation of a program's distribution terms. Secondly, users are likely to blame the software authors if something goes wrong with the sponsored software. But it's clearly CNET's fault.

The actual installation is a 4 step process. The logical progression of CNET's wrapper software makes it very easy to accept sponsored software by default, especially for unwary users who don't take much notice of installer screens and tend to simply click Next, Next, Next. This is the third major problem with PUP.CNET.Adware.Bundle - all the special offers and extras are enabled by default, what is known as an 'Opt Out' system.

In our case, PUP.CNET.Adware.Bundle wanted us to install Blekko toolbar and change our default search engine to

  • Adware.Downloader-207, ClamAV
  • Adware.Downware.130, DrWeb
  • Win32.Trojan, eSafe
  • Win32/InstallCore.D, NOD32
  • PUP.CNET.Adware.Bundle, Malwarebytes' Anti-Malware
Some people say it's a terrible idea while others are more tolerant of such practice. In terms of computer security, PUP.CNET.Adware.Bundle isn't a huge security threat. Although, CNET may attempt to install software detected as adware by some anti-virus products, it's actually nothing more than PUP. It's not spyware. After all, you can simply uninstall both CNET's installer and sponsored software from your computer. Besides, it's always a good idea to download software directly from the official website whenever possible. Or you can click the "Direct Download Link" instead of "Download Now" and you will get a 'pure' installer, without extras.

By the way, what do you think about this new installer method? Good luck and be safe online!

Scan your computer with recommended anti-malware and clean-up software:

Download recommended anti-malware and clean-up software and run a full system scan to make sure that your computer is not infected with malicious or potentially unwanted applications and that your files are not corrupted before proceeding with the uninstall process.

Tell your friends:


ausworkshop said...

It says this is an uninstall guide. I read the whole thing and still have no idea how to uninstall it. I've paid for the full version of superantispyware and it keeps coming back every scan even after I click remove. very annoying!

Admin said...

I don't know if SUPERAntispyware can detect it. I listed four antimalware programs that are currently detecting this adware. If you want to remove it for free use Malwarebytes.

Anonymous said...

I never trusted cnet, and will never download anything from them. I suppose to download a driver from cnet. But instead I got pup.cntinstaller Trojan.Agent/Gen.Frauder (file cnet2_20041110100122765_SM997MB_exe.exe), which I did not click on it. I will never go to their site, or do with anything they associate with.

Anonymous said...

I just removed this
pupwin32installcore-am(pup)along with simular names from my computer with Avast Free program. It worked good!

Anonymous said...

SuperAntispyware does detect it. But after "deleting" it and rebooting the computer, the trojan shows right back up.