Jump to content

Search the Community

Showing results for tags 'persistent'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. Hello, I am having trouble with PUP.Optional.Legacy in Chrome. Tried multiple scanners, only AdwCleaner detects it I've been battling this beast for a while now. What I've done so far: I've clean installed windows twice. I have reset chrome settings multiple times. I have reset chrome sync multiple times.I have deleted cookies, preferences and all files from %LOCALAPPDATA% for Chrome. I have installed Chrome from the offline installer. I have cut the internet connection and did all of those steps again. I've narrowed it down to this: At first I thought it comes from my profile/sync. But I have done the steps below, without internet connection and it keeps coming back. It is somehow connected with the search engines/search providers of Chrome and/or Chrome settings. I can clean it with AdwCleaner, or manually remove the search engines from Chrome settings and it seems to disappear. But even if it does, after a few minutes, Chrome starts lagging, freezing a lot, and loading pages very, very slowly. I can tab out of Chrome and go to another browser, enter the web site and it will fully load, while in Chrome it is still loading. I run a scan with AdwCleaner - nothing, but I know it's there, my browser is lagging so bad... Here how it always comes back. Every time I click on "Reset settings" in Chrome, the adware/virus comes back. This additional search engines appear in the settings: And after a scan, these are the results: And here is the Log File from the scan: AdwCleaner[S70].txt I am not smart enough to handle this on my own. I need help.
  2. First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
  3. Hi everyone, My name is Ryan and I'm new to the community, and I'm coming to you all with some irritable reasons. I have had the most persistent malware infecting (I think only chrome - on Win 10) for the past 2 weeks with no avail. Currently I have used JRT, AdwCleaner, HitManPro, Malwarebytes and Avast. The last two never seem to detect anything, while the first three detect and delete, detect and delete, detect and delete... without permanently resolving my issue! I have removed all suspicious chrome extensions, reset my chrome several times, and even remain logged out of my chrome account with no avail - it keeps coming back essentially in the form of ad redirects. The most unusual element of this is whenever I click on any google docs urls it immediately turns into an ad redirect that malwarebytes blocks (even when not signed into chrome). I'm at a loss and not entirely sure what to do. I've attached some screenshots detailing some logs/readouts of what I've encountered so far in terms of problems. If there are any experts out here who can help me purge my chrome of this adware I would be overly appreciative (especially with regards to saving the money I'd have to spend on a computer guy). Best, Ryan P.S. HitManPro sometimes detects up to 25 tracers including the conduit, and I've managed to bring AdwCleaner to 3-4 each time. Funny thing is they usually detect nothing until I re-open chrome from my taskbar on Windows 10. The blocked site by malwarebytes is also the result of clicking a google docs link.
  4. We seem to have 4 VERY persistent infections. Mind Spark, Ask.com & others. No amount of cleaning gets rid of the problems! Please Help! After reinstalling Malwarebytes and scanning, it cleaned 327 items. Ran AdwCleaner it removed a bunch of threats. This morning 2 were right back so I ran AdwCleaner again and Hitmman pro after that and then 4 items were back. I am near my wits end!! The Hitman pro log is copied below. HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : ACER-PC Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : acer-PC\acer UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-03-29 15:34:42 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 2,076,381 Files scanned . . . . : 66,173 Remnants scanned . . : 421,941 files / 1,588,267 keys Suspicious files ____________________________________________________________ C:\WINDOWS\SysWOW64\ASock32.OCX Size . . . . . . . : 62,384 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.7 SHA-256 . . . . . : 5DB604CEEE5C4502F7FB4DB77CDBBA70F0783AF3A92389749040167384ECDC9F Product . . . . . : ASOCKET Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry ASocket Control Version . . . . . : 5.00.012 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\GetHst32.OCX Size . . . . . . . : 46,512 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.5 SHA-256 . . . . . : 37643B0F7D6B680B79CC6F53A34E4F655E5649AC83703C5531E6598950076ED6 Product . . . . . : GetHst Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet GetHst Control Version . . . . . : 5.00.007 Copyright . . . . : Copyright © 1996-1998 by Mabry Software, Inc. RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\Mftp32.ocx Size . . . . . . . : 75,696 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.8 SHA-256 . . . . . : 6249744A37B44608E569160B7281D34AFA6BFDF625FF60237C400067575F54A5 Product . . . . . : Mabry Internet FTP Control Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet FTP Control Version . . . . . : 5.00.015 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-4003829262-2848994777-1340562341-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.