r49floyd Posted July 21, 2016 ID:1052043 Share Posted July 21, 2016 Screen Shot of the MalwareBytes history file is attached. I keep quarantining this threat but it keeps coming back every time MalwareB runs. Apparently the quarantine is not working. Just worried that something else might be going on. Would like to make this go away? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 21, 2016 ID:1052071 Share Posted July 21, 2016 Hello and Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
r49floyd Posted July 22, 2016 Author ID:1052283 Share Posted July 22, 2016 Thanks for responding! I downloaded and ran the tool Requested files are attached. Please let me know what you think? Thanks!. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 24, 2016 ID:1052522 Share Posted July 24, 2016 Scan with ZOEK Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one) Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool. Wait patiently until the main console will appear, it may take a minute or two. In the main box please paste in the following script:createsrpoint; autoclean; emptyclsid; chrdefaults: emptyalltemp; ipconfig /flushdns >>"%temp%\log.txt";b Make sure that Scan All Users option is checked. Push Run Script and wait patiently. The scan may take a couple of minutes. When the scan completes, a zoek-results logfile should open in notepad. If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive) Post its content into your next reply. Link to post Share on other sites More sharing options...
r49floyd Posted July 26, 2016 Author ID:1052747 Share Posted July 26, 2016 Allright! Ran the above instructions and Zoek completed as described. My system rebooted and I ran MalwareBytes ScanNow. That came up empty! I read the log zoek-results, but didn't get much from it. So...a couple of questions please? What do you think this pup.optional.winyahoo issue is all about? What is it designed to do? Any ideas on how it got there? Is it really gone? I'm happy to pay you for your time and trouble...please give me an indication of what you feel is a reasonable amount? Thank You! I appreciate your time and consideration!! Rfloyd zoek-results.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 26, 2016 ID:1052822 Share Posted July 26, 2016 (edited) 16 hours ago, r49floyd said: What do you think this pup.optional.winyahoo issue is all about? It is nothing but aggressive marketing from Yahoo. They probably have their affiliates that push their search engine in every possible way including malware. Probably not 100% true, but just my 2 cents. Quote What is it designed to do? Promote Yahoo. Quote Any ideas on how it got there? Some malware families do this, you were infected with one named Conduit. They infected some Google Chrome components that store settings you should see when you open you browser. Quote Is it really gone? Yup, it should be gone now. If not, please let me know. Quote I'm happy to pay you for your time and trouble...please give me an indication of what you feel is a reasonable amount? I am a volunteer and people donate various amounts, so anything you feel is reasonable is appreciated. Thank you! Edited July 26, 2016 by TwinHeadedEagle Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2016 Root Admin ID:1054789 Share Posted August 5, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts