thedawnbringer Posted August 19, 2014 ID:868544 Share Posted August 19, 2014 Hello, I thought I had removed this earlier with the help from pondus, but it seems to keep coming back. I've noticed that it reappears on the Malwarebytes scan after I reload my Chrome browser settings (i.e. after I have reset my Chrome browser and then scanning after I have reloaded my personal settings). I'm concerned that this malware might be leeching personal information. Can someone please help me definitively remove PUP.Optional.Spigot.A? Thanks. Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2014 ID:868624 Share Posted August 19, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin.... Link to post Share on other sites More sharing options...
thedawnbringer Posted August 19, 2014 Author ID:868635 Share Posted August 19, 2014 I have attached the FRST and the Addition log.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:868668 Share Posted August 20, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link When update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Let me see those logs, also give an update on any remaining issues or concerns.. Kevinfixlist.txt Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:868695 Share Posted August 20, 2014 I have attached the four log files upon request. I have followed your instructions verbatim. I have re-scanned using Malwarebytes AFTER acquiring the JRT.txt log file, and the malware still remains.Fixlog.txt08-19-2014 Malwarebytes scan log.txtAdwCleanerS4.txtJRT.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:868807 Share Posted August 20, 2014 Do you mean the issue is still present with Chrome? if so do the following: Go to the following link: https://support.google.com/chrome/answer/3296214?hl=en follow the instructions and reset Chrome "Browser settings"Go to the following link: https://support.google.com/chromebook/answer/1281195?hl=en follow the instructions and customize "Sinc" in Chrome. Never have the option to "Sinc everything" selected, only sinc what you need.Go to the following link: https://support.google.com/chrome/answer/95314?hl=en follow the instructions to set the Homepage in Chrome.Go to the following link: https://support.google.com/chrome/answer/95426?hl=en follow the instructions and set your default "Search Engine" in Chrome.Go to the following link: https://support.google.com/chrome/answer/95582?hl=en follow the instructions to delete caches and other browser data in Chrome.Go to the following link: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb follow the instructions and install "Adblock Plus" to Chrome.Go to the following link: https://chrome.google.com/webstore/detail/flashblock/gofhjkjmkpinhpoiabjplobcaignabnl?hl=en follow the instuctions to install "FlashBlock" to Chrome.Go to the following link: https://chrome.google.com/webstore/detail/webutation/nfclfmabiojpommfcalfdgjjeaahnjbj?hl=en follow the instructions to install "Webutation" to Chrome. Let me know if the issue with Chrome is resolved, also if any remaining issues or concerns... Kevin... Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:868986 Share Posted August 20, 2014 After having followed your new set of instructions, PUP.Optional.Spigot.A is still being detected my Malwarebytes. I have attached the log of its scan. I noticed that some of the listed addresses were alternate search engines. I ended up removing all the suggested search engines from the list aside from the Google Default. I re-scanned afterwards and it is still being detected. Not sure what's up. I suppose that it's worth noting that I do not yet notice anything strange with my internet browsing (e.g. difficulty of establishing a home page, pop-ups, etc.). However, I am concerned that this thing might be leeching my personal content. Honestly, I'm still not sure what it is, and it's a bit frustrating to be unable to get rid of it. Any other suggestions? They are greatly appreciated. Thanks Kevin.08-20-14 Malwarebytes log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:869018 Share Posted August 20, 2014 If Spigot returns to only Google Chrome then maybe the best way forward is to clear and turn off Sinc, then do a clean install. Run the following first and see if we can find whatever we have missed previously: Download OTL from any of the following links and save to your desktop. http://itxassociates.com/OT-Tools/OTL.comhttp://oldtimer.geekstogo.com/OTL.exehttp://www.itxassociates.com/OT-Tools/OTL.scr Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7/8 accept UAC alert) When the window appears, underneath Output at the top, make sure Standard output is selected. Select Scan all usersChange Drivers to All Under the Extra Registry section, check Use SafeList In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Close out all browsers and turn off Security. Click Run Scan and let the program run uninterrupted. When the scan is complete, two text files will be created on your Desktop. OTL.Txt <- this one will be opened Extras.txt <- this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.Kevin Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:869027 Share Posted August 20, 2014 The log files were too long to post, so I have attached the log files instead.OTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:869035 Share Posted August 20, 2014 Those logs are clean... Run this please: download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit. http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit…. http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :regfindspigotspigot**spigot*:dirC:\Users\Brian Joo\AppData\Local\Google\Chrome\User Data\Default\Preferences /s Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt post that log, Kevin... Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:869037 Share Posted August 20, 2014 SystemLook 30.07.11 by jpshortstuffLog created at 16:14 on 20/08/2014 by Brian JooAdministrator - Elevation successful ========== regfind ========== Searching for "spigot"No data found. Searching for "spigot*"No data found. Searching for "*spigot*"No data found. ========== dir ========== C:\Users\Brian Joo\AppData\Local\Google\Chrome\User Data\Default\Preferences - Unable to find folder. -= EOF =- Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:869047 Share Posted August 20, 2014 does spigot still show up in Google Chrome? do you have any remaining issues or concerns... Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:869054 Share Posted August 20, 2014 Spigot never showed up through browsing; it was only noticed through MBAM. And yes, PUP.Optional.Spigot.A still shows up on MBAM. What could possibly be causing this? And what else should I do? I have attached the logs of the recent SystemLook log and the MBAM log.SystemLook.txt08-20-14 Malwarebytes log (5.37pm CST).txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:869056 Share Posted August 20, 2014 When MB scan is complete, if there have been detections, do you click Apply Actions to allow MBAM to clean what was detected? Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:869061 Share Posted August 20, 2014 I definitely do. I apply the selectable "Quarantine" action. Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:869067 Share Posted August 20, 2014 In reply #6 did you follow the instructions to reset Chrome "Browser Settings" that action does reset start up urls to the normal default list, that would normally remove entries such as spigot Link to post Share on other sites More sharing options...
thedawnbringer Posted August 20, 2014 Author ID:869070 Share Posted August 20, 2014 I reset the Chrome browser, re-scanned with MBAM, and still detected spigot. I have attached the log.08-20-14 Malwarebytes log (6.37pm CST).txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2014 ID:869072 Share Posted August 20, 2014 This is proving to be a right pain somewhere for sure, why it should reappear in the preferences after removal is definitely unexpected... Run the instructions at the following link for Chrome: http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/ If this fails the only way forward is a clean install of Chrome and start afresh.... Link to post Share on other sites More sharing options...
thedawnbringer Posted August 21, 2014 Author ID:869082 Share Posted August 21, 2014 I reset the Chrome browser, but to no avail once again. So I uninstalled the Chrome browser and re-scanned with MBAM. Sure enough, it didn't detect Spigot. So I re-installed Chrome, logged in, and re-scanned. However, Spigot was detected again. Am I to believe that this thing has infected my Chrome/Gmail account? If so, would reformatting even fix it? I have attached the two MBAM logs. The earlier one is after I uninstalled Chrome. The later one is after re-installing and logging in.08-20-14 Malwarebytes log (7.15pm CST).txt08-20-14 Malwarebytes log (7.31pm CST).txt Link to post Share on other sites More sharing options...
thedawnbringer Posted August 21, 2014 Author ID:869120 Share Posted August 21, 2014 So after running several tests (of scanning after enabling different features of Chrome), I've narrowed the cause down to the syncing aspect. If I do not have any boxes checked for syncing, then I can restore Chrome to my personal settings without MBAM detecting Spigot. However, as soon as I sync up, Spigot reappears. (SIDENOTE: I just realized that I haven't tested to see whether Spigot appears if I have only one random box checked for syncing.) Just what the heck is going on here? It seems like the issue has something to do with my Google profile? I'm not tech savvy enough to know what is causing the issue. But it has something to do with syncing the Chrome browser to my Google account. Also, since there doesn't seem to be any file labeled Spigot on my computer, am I safe to assume that the detection is nothing and it's something I could ignore? This issue has been stressing me a great deal and taking up far too much time. Thanks. Link to post Share on other sites More sharing options...
kevinf80 Posted August 21, 2014 ID:869231 Share Posted August 21, 2014 In reply #6 I gave a link regarding "syncing" the default setting is usually sync everything, that is a bad option to have set. Spigot is classed as a "browser hijacker" it is not really classed a malicious per se, but definitely must be removed.Spigot usually comes bundled with free software, that is probably the easiest way to pick up the unwanted nuisance. The best way to find out the cause of re-infection is totally unsync all entries, then enable one at a time until the culprit is found. It maybe a quicker option to create a new browser user profile for Chrome, go to the following link for instructions, expand the "windows" option... https://support.google.com/chrome/answer/142059?hl=en Another good link to have is "how to export/import bookmarks" go to the following link for instructions... https://support.google.com/chrome/answer/96816?hl=en-GB Let me know how you progress, also if there are any remaining issues or concerns.. kevin.. Link to post Share on other sites More sharing options...
thedawnbringer Posted August 21, 2014 Author ID:869508 Share Posted August 21, 2014 So I followed the new instructions from your most recent post, and as I was syncing up various things before I detected Spigot again. I got up to three (Bookmarks, Passwords, Themes), before adding a fourth (History) that caused Spigot to be detected. I then took it off, cleaned, and oddly, with the original three syncs, Spigot was again detected. I then noticed the "Delete this user" button next to the "Import Bookmarks and settings..." button. I assumed that the previous instructions I followed was indicating just that (Reply #21), so I went ahead and deleted myself from the browser. I then logged back in without realizing that the "Sync All" option was selected (since it's the default setting). I, for the hell of it, decided to scan using MBAM after the syncing, and surprisingly, Spigot is no longer detected. For the past hour or more, I have been resetting my browser, messing with the sync options, restarting my laptop, logging onto different websites, browsing the net, all to see whether Spigot will be detected once more. Fortunately, it seems like it's gone for good. What's odd is that my Google profile is fully synced once more, and still no Spigot (unlike all the times before). I have no idea what caused this error/detection, but I'm glad that it's no longer an issue for me to be concerned with. Thanks Kevin for helping me out along the way. Cheers. P.S. I have attached the most recent scan log from MBAM showing that nothing is detected after having logged in with my Google profile, synced all, and have browsed.08-21-2014- Malwarebytes log (3.50pm CST).txt Link to post Share on other sites More sharing options...
kevinf80 Posted August 21, 2014 ID:869512 Share Posted August 21, 2014 I guess you`ve just found the reason why I stopped using Chrome as my default browser, I only have it for research when issues happen in logs I work. One point is very much certain, I never sinc anything whatsoever with Chrome.... All of the links pertaining to Chrome that I listed are well worth bookmarking for future reference, I have....lol. I suppose all we need to close out is run Delfix to clean up..... Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Activate UAC Remove disinfection tools Create registry backup Purge System Restore Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:C:\Windows\ERUNTWhen all is known to be well with your system you can delete that back up folder if you consider it as not needed... Next, Read the following link to fully understand PC security and best practices, you may find it useful....http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 If no remaining issues are we ok to close out..... Cheers, Kevin... Link to post Share on other sites More sharing options...
thedawnbringer Posted August 22, 2014 Author ID:869560 Share Posted August 22, 2014 Ran Delfix without any problems. Erased ERUNT without any problems. Ran MBAM after restarting, and Spigot is still not detected. So I think it's finally resolved. Thanks again Kevin for the support. Cheers. Link to post Share on other sites More sharing options...
kevinf80 Posted August 22, 2014 ID:869862 Share Posted August 22, 2014 You`re very welcome, take care and surf safe... Kevin.... Link to post Share on other sites More sharing options...
Recommended Posts