Jump to content

PUP Optional PSScriptLoad EncJob keys keep returning

Recommended Posts

log of the following keys and register values are continually detected and removed by anti- malware , but these keys / registry values are the result ,of the virus on the registary

not removing the keys results in powershell opening a window and running a script , which i cant see before its gone from screen

after the script has run i found that it corrupted display driver , and forced a Blue screen of death when ever the pc returned from sleep / hibernation mode 

I am yet to find the true script command being run or whats keeps placing the keys and thus running the powershell script back on the registry , it would be nice to solve 

log of the keys that are detected and removed attached





malware virus log dump 22_6_17.txt

Link to post
Share on other sites

Hello and :welcome:


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

  • Staff

I would like to request two files from you. These seem to be the culprits.





If you can zip those and attach them here.

Attached is a fixlist.txt Please download this and put in the same directory where frst is(desktop) if followed above. .

Open frst and hit fix.

Please attach the fix results and the two files requested in your next reply.


Run a scan with mbam. It may detect the above one more time.

Reboot and run another mbam scan. It should no longer be detected.







Link to post
Share on other sites

hi rich

the 2nd file of


is not there ,the Addition.txt file confirms " no File <======= ATTENTION "  from initial scan dump

(refer page capture pic of addition.txt file)

The file Grmilychubosy has been zipped and is attached

fix applied , which removed Grmilychubosy file  and keys looking at the fixlog.txt

Notes ; the PUP keys were found/ removed by a scan prior to the fix being applied - no other things were detected even after doing 9 hour custom scan

after applying the fix , Mbam now finds  adware.elex malware is found ( 1247 files in total ) see removed _results attached for ref

- these were not ever seen prior by any scans , by 4 other malware programs that are in use on the system

- reset now to be done  and this post sent prior to reboot










remove _results.txt

Link to post
Share on other sites

  • Staff

Please start a new thread. We are working adding these to mbam.


@dodgysoftware Do you have the initial log still when the pups were removed and the 080 task?

Would like to see what i can adjust to get all this.

3.x i suspect probably wouldnt have had to much issue with this. It has an updated engine which can handle multiple special fixes better then 2.x

On a hunch i am updating a couple defs now that should get both tasks.


Edited by shadowwar
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.