Search the Community
Showing results for tags 'secure preferences'.
Found 3 results
Hi there, I have an infection on my PC from pup.optional.searchmanager. MWB is showing up 3 files in GOOGLE\CHROME\USER DATA\Default\Secure Preferences and 1 registry value in GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings I've tried all the methods in this post (sign out / reset sync / reset Chrome / deleting all other search engines in Chrome), but they keep showing back up. I've also tried AdWCleaner. It seems to find / quarantine / delete the files but they always show up again in the next scan. Also, I have another PC synced up to the same Chrome account and it's fine, there's nothing showing up on MWB scan on that one. Files attached. Any help would be appreciated 👍 Shaun Addition.txt FRST.txt MWBScanResult.txt
The problem is when ever I quarantine PUP.Optional.EasyLife after opening up chrome again it comes back if I scan again. it's located in C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default and it is the Secure Prefrences file. I think it's something to do with chrome sync which brings back the PUP after I reopen chrome. I don't want to clear my chrome sync data like passwords and bookmarks, anyone know how I can resolve this issue. maybe just edit the secure preferences file using notepad++ idk anyone else have this problem and figured out how to fix it? Scan Details: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/19 Scan Time: 5:27 PM Log File: 681693ce-9daf-11e9-a58d-0a002700000a.json -Software Information- Version: 188.8.131.5239 Components Version: 1.0.586 Update Package Version: 1.0.11388 License: Premium -System Information- OS: Windows 10 (Build 17763.557) CPU: x64 File System: NTFS -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 406235 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 5 min, 24 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.EasyLife, C:\USERS\USERNAME\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, , ,1.0.11388 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) I think this guy has the same probem https://forums.malwarebytes.com/topic/248833-pup-optionaleasylife/
When Malwarebytes finds some malicious (mostly adware or PUP) settings/startpages/searchengines in your Chrome, it will address this. (Note, Malwarebytes doesn't really delete the Chrome Secure Preferences file when a detection occurs) However, some of you may notice it will always come back after the Malwarebytes scan. In that case, it might be because you are still using an older version of Malwarebytes, and/or it's most likely because you have Chrome Sync enabled. The following instructions need to be done in the EXACT order as outlined below in this post. So first of all, make sure you have the latest version of malwarebytes installed: https://www.malwarebytes.com/mwb-download/ Perform another scan, make sure Google Chrome is closed, have it remove what it has found, reboot if being asked to. Then verify if the detection is gone. If not... then it's most probably because of Chrome Sync that is enabled. To deal with this, please follow the steps below in the exact order as outlined: Open your Chrome. Go to Settings > People > Sync and Google services (or alternatively, enter the following in the addressbar: chrome://settings/syncSetup) On the page, Click the Data from Chrome Sync as a first step, Then, click "Turn off" as a second step When you click the Turn off, Click the "Sign out" at the prompt. On the new tab that is still open, this is where your Chrome data is located on the server (alternatively, go to the following url: https://chrome.google.com/sync ) REFRESH that page!! - Because since you signed out of Chrome, if you don't refresh, resetting sync won't work and you'll get the error: "This Chrome settings page is no longer available" Sign in with your chrome credentials there. scroll below to the bottom of the page and click RESET SYNC Close your Chrome browser. Do NOT enable sync yet, as you need to perform another scan with Malwarebytes first in order to fix Chrome. Perform a new scan with Malwarebytes and let it delete what it has found. Reboot in case it asks to reboot. Verify after a next scan the detection doesn't occur anymore. If results come back clean, you can enable Google Sync again. It will ask for your username first, in order to log in - Once that is done, it should automatically enable Sync again. You can adjust the sliders what you want to sync. If you have multiple Operating systems, run malwarebytes on it first before logging back into Chrome. This to make sure the malware is also cleaned from the other PC(s). If not cleaned, it will sync the malware from the "uncleaned" PC back again to the server and then back to your clean PC.