Jump to content

Removing PUP.Optional.Spigot.A


Recommended Posts

Hello,

 

I thought I had removed this earlier with the help from pondus, but it seems to keep coming back. I've noticed that it reappears on the Malwarebytes scan after I reload my Chrome browser settings (i.e. after I have reset my Chrome browser and then scanning after I have reloaded my personal settings). I'm concerned that this malware might be leeching personal information. Can someone please help me definitively remove PUP.Optional.Spigot.A? Thanks.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

 

When update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

 

 

  •  

     

  • Double click on Adwcleaner.exe to run the tool.

     

     

  • Click on Scan

     

     

  • Once the scan is done, click on the Clean button.

     

     

  • You will get a prompt asking to close all programs. Click OK.

     

     

  • Click OK again to reboot your computer.

     

     

  • A text file will open after the restart. Please post the content of that logfile in your reply.

     

     

  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

     

     

 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

 

 

  •  

     

  • Shut down your protection software now to avoid potential conflicts.

     

     

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

     

     

  • The tool will open and start scanning your system.

     

     

  • Please be patient as this can take a while to complete depending on your system's specifications.

     

     

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

     

     

  • Post the contents of JRT.txt into your next message.

     

     

 

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin

fixlist.txt

Link to post
Share on other sites

Do you mean the issue is still present with Chrome? if so do the following:

 

Go to the following link: https://support.google.com/chrome/answer/3296214?hl=en follow the instructions and reset Chrome "Browser settings"

Go to the following link: https://support.google.com/chromebook/answer/1281195?hl=en follow the instructions and customize "Sinc" in Chrome. Never have the option to "Sinc everything" selected, only sinc what you need.

Go to the following link: https://support.google.com/chrome/answer/95314?hl=en follow the instructions to set the Homepage in Chrome.

Go to the following link: https://support.google.com/chrome/answer/95426?hl=en follow the instructions and set your default "Search Engine" in Chrome.

Go to the following link: https://support.google.com/chrome/answer/95582?hl=en follow the instructions to delete caches and other browser data in Chrome.

Go to the following link: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb follow the instructions and install "Adblock Plus" to Chrome.

Go to the following link: https://chrome.google.com/webstore/detail/flashblock/gofhjkjmkpinhpoiabjplobcaignabnl?hl=en follow the instuctions to install "FlashBlock" to Chrome.

Go to the following link: https://chrome.google.com/webstore/detail/webutation/nfclfmabiojpommfcalfdgjjeaahnjbj?hl=en follow the instructions to install "Webutation" to Chrome.

 

Let me know if the issue with Chrome is resolved, also if any remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

After having followed your new set of instructions, PUP.Optional.Spigot.A is still being detected my Malwarebytes. I have attached the log of its scan. I noticed that some of the listed addresses were alternate search engines. I ended up removing all the suggested search engines from the list aside from the Google Default. I re-scanned afterwards and it is still being detected. Not sure what's up.

 

I suppose that it's worth noting that I do not yet notice anything strange with my internet browsing (e.g. difficulty of establishing a home page, pop-ups, etc.). However, I am concerned that this thing might be leeching my personal content. Honestly, I'm still not sure what it is, and it's a bit frustrating to be unable to get rid of it. Any other suggestions? They are greatly appreciated. Thanks Kevin.

08-20-14 Malwarebytes log.txt

Link to post
Share on other sites

If Spigot returns to only Google Chrome then maybe the best way forward is to clear and turn off Sinc, then do a clean install. Run the following first and see if we can find whatever we have missed previously:

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7/8 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Close out all browsers and turn off Security.
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin

Link to post
Share on other sites

Those logs are clean... Run this please:

 

download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:regfindspigotspigot**spigot*:dirC:\Users\Brian Joo\AppData\Local\Google\Chrome\User Data\Default\Preferences /s 
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

post that log,

 

Kevin...

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 16:14 on 20/08/2014 by Brian Joo

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "spigot"

No data found.

 

Searching for "spigot*"

No data found.

 

Searching for "*spigot*"

No data found.

 

========== dir ==========

 

C:\Users\Brian Joo\AppData\Local\Google\Chrome\User Data\Default\Preferences - Unable to find folder.

 

-= EOF =-

Link to post
Share on other sites

This is proving to be a right pain somewhere for sure, why it should reappear in the preferences after removal is definitely unexpected... Run the instructions at the following link for Chrome:

 

http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

 

If this fails the only way forward is a clean install of Chrome and start afresh....

Link to post
Share on other sites

I reset the Chrome browser, but to no avail once again. So I uninstalled the Chrome browser and re-scanned with MBAM. Sure enough, it didn't detect Spigot. So I re-installed Chrome, logged in, and re-scanned. However, Spigot was detected again. Am I to believe that this thing has infected my Chrome/Gmail account? If so, would reformatting even fix it?

 

I have attached the two MBAM logs. The earlier one is after I uninstalled Chrome. The later one is after re-installing and logging in.

08-20-14 Malwarebytes log (7.15pm CST).txt

08-20-14 Malwarebytes log (7.31pm CST).txt

Link to post
Share on other sites

So after running several tests (of scanning after enabling different features of Chrome), I've narrowed the cause down to the syncing aspect. If I do not have any boxes checked for syncing, then I can restore Chrome to my personal settings without MBAM detecting Spigot. However, as soon as I sync up, Spigot reappears. (SIDENOTE: I just realized that I haven't tested to see whether Spigot appears if I have only one random box checked for syncing.)

 

Just what the heck is going on here? It seems like the issue has something to do with my Google profile? I'm not tech savvy enough to know what is causing the issue. But it has something to do with syncing the Chrome browser to my Google account.

 

Also, since there doesn't seem to be any file labeled Spigot on my computer, am I safe to assume that the detection is nothing and it's something I could ignore? This issue has been stressing me a great deal and taking up far too much time. Thanks.

Link to post
Share on other sites

In reply #6 I gave a link regarding "syncing" the default setting is usually sync everything, that is a bad option to have set. Spigot is classed as a "browser hijacker" it is not really classed a malicious per se, but definitely must be removed.

Spigot usually comes bundled with free software, that is probably the easiest way to pick up the unwanted nuisance. The best way to find out the cause of re-infection is totally unsync all entries, then enable one at a time until the culprit is found.

 

It maybe a quicker option to create a new browser user profile for Chrome, go to the following link for instructions, expand the "windows" option...

 

https://support.google.com/chrome/answer/142059?hl=en

 

Another good link to have is "how to export/import bookmarks" go to the following link for instructions...

 

https://support.google.com/chrome/answer/96816?hl=en-GB

 

Let me know how you progress, also if there are any remaining issues or concerns..

 

kevin..

Link to post
Share on other sites

So I followed the new instructions from your most recent post, and as I was syncing up various things before I detected Spigot again. I got up to three (Bookmarks, Passwords, Themes), before adding a fourth (History) that caused Spigot to be detected. I then took it off, cleaned, and oddly, with the original three syncs, Spigot was again detected.

 

I then noticed the "Delete this user" button next to the "Import Bookmarks and settings..." button. I assumed that the previous instructions I followed was indicating just that (Reply #21), so I went ahead and deleted myself from the browser. I then logged back in without realizing that the "Sync All" option was selected (since it's the default setting). I, for the hell of it, decided to scan using MBAM after the syncing, and surprisingly, Spigot is no longer detected. For the past hour or more, I have been resetting my browser, messing with the sync options, restarting my laptop, logging onto different websites, browsing the net, all to see whether Spigot will be detected once more. Fortunately, it seems like it's gone for good. What's odd is that my Google profile is fully synced once more, and still no Spigot (unlike all the times before). I have no idea what caused this error/detection, but I'm glad that it's no longer an issue for me to be concerned with.

 

Thanks Kevin for helping me out along the way. Cheers.

 

P.S. I have attached the most recent scan log from MBAM showing that nothing is detected after having logged in with my Google profile, synced all, and have browsed.

08-21-2014- Malwarebytes log (3.50pm CST).txt

Link to post
Share on other sites

I guess you`ve just found the reason why I stopped using Chrome as my default browser, I only have it for research when issues happen in logs I work. One point is very much certain, I never sinc anything whatsoever with Chrome....

 

All of the links pertaining to Chrome that I listed are well worth bookmarking for future reference, I have....lol.

 

I suppose all we need to close out is run Delfix to clean up.....

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  •    
  • Activate UAC
       
  • Remove disinfection tools
       
  • Create registry backup
       
  • Purge System Restore
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629
 

If no remaining issues are we ok to close out.....

 

Cheers,

 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.