Jump to content

"There is a Recommended Update for this PC"


Recommended Posts

The ones you posted in your previous post. These were block notifications from Malwarebytes (it blocked a connection from being established). Do you still get them?

Also, has the pop-up comeback yet or not?

Link to post
Share on other sites
  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

Unfortunately there's nothing I can do right now since your logs do not show any signs of that infection. What I'm really curious about though is how the pop-up was removed the second time, since neither you or I touched it.

Link to post
Share on other sites

It is possible that this pop-up is generated by a webpage, and closing it will just remove it. You only receive it while browsing the web, and not when you boot your computer, right? That would be my guess.

Link to post
Share on other sites

I know we are, but sadly, there are no traces of that infection in your logs at all. I'll ask my colleagues if they have any idea.

Link to post
Share on other sites
  • 2 weeks later...

Do you have the process and file location like the 2 others? What were you doing when the pop-up appeared?

Link to post
Share on other sites

Well I saw the pop-up screenshot, but I didn't see the filename and path in the first link.

Run the following fix.

Also, I have an idea of what we could do to see what process create/drop that file on your system, but it's quite a longshot for now.

fixlist.txt

Link to post
Share on other sites

Nothing as always.... Let's see the Registry.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
    48F37EAF-6C5B-1217-01C3-37FF25ABCB67
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;

Looks like we might have to go with the longshot solution after this.

Link to post
Share on other sites
Quote

Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by Nick (29-07-2017 16:33:18)
Running from C:\Users\Nick\Downloads
Boot Mode: Normal

================== Search Registry: "48F37EAF-6C5B-1217-01C3-37FF25ABCB67" ===========


====== End of Search ======

 

Link to post
Share on other sites

Just a heads up to tell you that I haven't forgotten about you. Currently exploring a solution to find what drops the file (setup.log) and creates the folder on your system. We might use Moo0 File Monitor.

http://www.moo0.com/?top=http://www.moo0.com/software/FileMonitor/

Even ProcMon would work, but the log could be really huge.

Edited by Aura
Link to post
Share on other sites

You can delete this folder manually:

C:\Program Files (x86)\Common Files\Totolesec

Also, can you .zip the C:\FRST\Quarantine folder and upload it to the same link I provided? The task we deleted should be there, so I can take a look at it.

Link to post
Share on other sites

Alright. Usually did it come back systematically after every reboot, or it could lay low for a few days before coming back?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.