Jump to content

Recommended Posts

Hi There!

 

MB does a scan each day and pretty much each day it shows PUP. Optiona.Spigot. A on the list.  Whenever I quarantine the file, I then delete it and after a restart and a scan, nothing shows up.  However when MB does a scan the next day, it shows back up.  What can I do to permanently del it from the system?

 

Thank you!

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hi,

How to get logs:

(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
Link to post
Share on other sites

Hi Mr Jürgen

 

Thanks lot for your quick res[ponse.

 

Please note that I am not very much computer literate. Thanks for patient.

 

I do not know what is MBAM - Sacn long mean.

 

Do you mean I have to do your step 1 below to get the MBAM-Scan-logfile?

 

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Kind and best regards

Shishir48
 

Link to post
Share on other sites

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 3

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 4

https://support.google.com/chrome/answer/3296214?hl=en

Step 5

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Can you please tell me which problems still persist now?
Link to post
Share on other sites

hi deeprybka!

 

please see below for the requested info.

 

Step 1

# AdwCleaner v3.216 - Report created 25/07/2014 at 21:31:32
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Derek - DINOO82
# Running from : C:\Users\Derek\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\zeqbs9vx.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [878 octets] - [14/07/2014 21:00:46]
AdwCleaner[R1].txt - [996 octets] - [15/07/2014 21:06:46]
AdwCleaner[R2].txt - [1116 octets] - [15/07/2014 22:35:06]
AdwCleaner[R3].txt - [1236 octets] - [16/07/2014 20:01:09]
AdwCleaner[R4].txt - [1429 octets] - [25/07/2014 21:30:27]
AdwCleaner[s0].txt - [938 octets] - [14/07/2014 21:03:16]
AdwCleaner[s1].txt - [1056 octets] - [15/07/2014 21:09:46]
AdwCleaner[s2].txt - [1178 octets] - [15/07/2014 22:39:02]
AdwCleaner[s3].txt - [1298 octets] - [16/07/2014 20:03:04]
AdwCleaner[s4].txt - [1352 octets] - [25/07/2014 21:31:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1412 octets] ##########
 
 

Step 2

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/25/2014
Scan Time: 9:34:22 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.26.01
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Derek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294444
Time Elapsed: 6 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Spigot.A, C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.yahoo.com?type=994519&fr=spigot-yhp-ch" ],), Replaced,[2bee693bb0cbbc7a81f704df39cb04fc]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Step 3
C:\$Recycle.Bin\S-1-5-21-2957042211-4044122406-3432932116-1001\$R3CQO1T.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2957042211-4044122406-3432932116-1001\$RFDHCDX.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2957042211-4044122406-3432932116-1001\$RGCMN6V.exe Win32/DownloadAdmin.G potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2957042211-4044122406-3432932116-1001\$RK0JOHT.exe Win32/DownloadAdmin.G potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-2957042211-4044122406-3432932116-1001\$RRLTAT3.exe a variant of Win32/CNETInstaller.B potentially unwanted application
Step 4
Done
Step 5
Can you provide the link for it? I tried clicking on the Scan icon and the Icon but nothing happened.  Please advise.
 
Thanks!
 

 

Link to post
Share on other sites

Files: 1

PUP.Optional.Spigot.A, C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.yahoo.com?type=994519&fr=spigot-yhp-ch" ],), Replaced,[2bee693bb0cbbc7a81f704df39cb04fc]

Hi, as you can see Malwarebytes detects only a "startup_url".

You can delete this entry manually.

Copy & paste the following text

chrome://settings/startup
into the chrome URL-line and delete : hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch

If it shows back up next day, then you should uninstall chrome with Revo, because one extention is most likely responsible for this issue. Afterwards reinstall chrome.

  • Please download and install revouninstaller.pngRevo Uninstaller Free

    note: there is no need to click anything on that page, the download will start automatically

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    Google Chrome
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete

    note: you may have to expand some folders by clicking the "+" mark

  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Your logs look clean. I don't see any indication that your computer is still infected.

That's it! abklatsch.gif

We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.