Jump to content

JLMichels

Members
  • Content Count

    7
  • Joined

  • Last visited

About JLMichels

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I removed Java and turned off sync on the Chrome settings. I was unable to figure out how to "reset sync". I didn't see any such choice on Chrome settings or Google Dashboard. In any case the Pups were back this morning. Help! Jordan
  2. I posted these files as a reply to a previously started topic. But now I see it is preferred to post them as a new topic. The txt files from Malwarebytes and adwcleaner are pasted on that previous topic. FRST.txt Addition.txt
  3. Here is report from Malwarebytes. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/19/19 Scan Time: 8:11 PM Log File: ffe51930-6319-11e9-8901-10604b65962c.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10248 License: Premium -System Information- OS: Windows 10 (Build 17134.706) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 438096 Threats Detected: 26 Threats Quarantined: 0 Time Elapsed: 11 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SearchEncrypt.Generic, HKU\S-1-5-21-3112735609-2398618125-4238892646-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oodblefojaocanejnikhhjcglbaelpbp, No Action By User, [14753], [448980],1.0.10248 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\_metadata, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\css, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OODBLEFOJAOCANEJNIKHHJCGLBAELPBP, No Action By User, [14753], [448980],1.0.10248 File: 18 PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OODBLEFOJAOCANEJNIKHHJCGLBAELPBP\3.4.3.5_0\MANIFEST.JSON, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\css\tooltip.css, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon128.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon16.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon16_disabled.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon48.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\input-checked.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\input-unchecked.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\si-logo.png, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\bg.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\page-protection.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\panel.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\savesettings.js, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\_metadata\verified_contents.json, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\background.html, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\panel.html, No Action By User, [14753], [448980],1.0.10248 PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\settings.html, No Action By User, [14753], [448980],1.0.10248 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. Sometimes two Pups. I was running up to date malwarebytes when this infection occurred. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted FromDocToPDF Deleted Search Encrypt Deleted ibiiaimghkbhffgkkdogldehnidojjga ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock *************************
  5. Sometimes two Pups. I was running up to date malwarebytes when this infection occurred. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft-office.en.softonic.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com ***** [ Chromium (and derivatives) ] ***** Deleted FromDocToPDF Deleted Search Encrypt Deleted ibiiaimghkbhffgkkdogldehnidojjga ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock *************************
  6. Pup keeps showing up within hours after clearing. I quarantene about 27 files with malwarebytes. Then run AdwCleaner which always finds 1 pup. I clear and restart. But it comes right back in a short while. What else do I need to do. Here is the log from AdwCleaner. # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-18.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-20-2019 # Duration: 00:00:16 # OS: Windows 10 Pro # Scanned: 27356 # Detected: 1 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy dhhjmlmdpcpiojiffodbldlkgcnaeogp ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.