Jump to content

"There is a Recommended Update for this PC"


Recommended Posts

The ones you posted in your previous post. These were block notifications from Malwarebytes (it blocked a connection from being established). Do you still get them?

Also, has the pop-up comeback yet or not?

Link to post
Share on other sites

  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

Unfortunately there's nothing I can do right now since your logs do not show any signs of that infection. What I'm really curious about though is how the pop-up was removed the second time, since neither you or I touched it.

Link to post
Share on other sites

It is possible that this pop-up is generated by a webpage, and closing it will just remove it. You only receive it while browsing the web, and not when you boot your computer, right? That would be my guess.

Link to post
Share on other sites

  • 2 weeks later...

Well I saw the pop-up screenshot, but I didn't see the filename and path in the first link.

Run the following fix.

Also, I have an idea of what we could do to see what process create/drop that file on your system, but it's quite a longshot for now.

fixlist.txt

Link to post
Share on other sites

Nothing as always.... Let's see the Registry.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
    48F37EAF-6C5B-1217-01C3-37FF25ABCB67
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;

Looks like we might have to go with the longshot solution after this.

Link to post
Share on other sites

Just a heads up to tell you that I haven't forgotten about you. Currently exploring a solution to find what drops the file (setup.log) and creates the folder on your system. We might use Moo0 File Monitor.

http://www.moo0.com/?top=http://www.moo0.com/software/FileMonitor/

Even ProcMon would work, but the log could be really huge.

Edited by Aura
Link to post
Share on other sites

You can delete this folder manually:

C:\Program Files (x86)\Common Files\Totolesec

Also, can you .zip the C:\FRST\Quarantine folder and upload it to the same link I provided? The task we deleted should be there, so I can take a look at it.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.