Search the Community
Showing results for tags 'persistent'.
Found 3 results
Hello, I am having trouble with PUP.Optional.Legacy in Chrome. Tried multiple scanners, only AdwCleaner detects it I've been battling this beast for a while now. What I've done so far: I've clean installed windows twice. I have reset chrome settings multiple times. I have reset chrome sync multiple times.I have deleted cookies, preferences and all files from %LOCALAPPDATA% for Chrome. I have installed Chrome from the offline installer. I have cut the internet connection and did all of those steps again. I've narrowed it down to this: At first I thought it comes from my profile/sync. But I have done the steps below, without internet connection and it keeps coming back. It is somehow connected with the search engines/search providers of Chrome and/or Chrome settings. I can clean it with AdwCleaner, or manually remove the search engines from Chrome settings and it seems to disappear. But even if it does, after a few minutes, Chrome starts lagging, freezing a lot, and loading pages very, very slowly. I can tab out of Chrome and go to another browser, enter the web site and it will fully load, while in Chrome it is still loading. I run a scan with AdwCleaner - nothing, but I know it's there, my browser is lagging so bad... Here how it always comes back. Every time I click on "Reset settings" in Chrome, the adware/virus comes back. This additional search engines appear in the settings: And after a scan, these are the results: And here is the Log File from the scan: AdwCleaner[S70].txt I am not smart enough to handle this on my own. I need help.
First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
Hi everyone, My name is Ryan and I'm new to the community, and I'm coming to you all with some irritable reasons. I have had the most persistent malware infecting (I think only chrome - on Win 10) for the past 2 weeks with no avail. Currently I have used JRT, AdwCleaner, HitManPro, Malwarebytes and Avast. The last two never seem to detect anything, while the first three detect and delete, detect and delete, detect and delete... without permanently resolving my issue! I have removed all suspicious chrome extensions, reset my chrome several times, and even remain logged out of my chrome account with no avail - it keeps coming back essentially in the form of ad redirects. The most unusual element of this is whenever I click on any google docs urls it immediately turns into an ad redirect that malwarebytes blocks (even when not signed into chrome). I'm at a loss and not entirely sure what to do. I've attached some screenshots detailing some logs/readouts of what I've encountered so far in terms of problems. If there are any experts out here who can help me purge my chrome of this adware I would be overly appreciative (especially with regards to saving the money I'd have to spend on a computer guy). Best, Ryan P.S. HitManPro sometimes detects up to 25 tracers including the conduit, and I've managed to bring AdwCleaner to 3-4 each time. Funny thing is they usually detect nothing until I re-open chrome from my taskbar on Windows 10. The blocked site by malwarebytes is also the result of clicking a google docs link.