Jump to content
cert15

PUP.Optional.WinYahoo Removal Failed

Recommended Posts

I am running Malwarebytes premium and winyahoo is not being removed when I run a scan.  Initally it also found "conduit".  It would remove quarantine it, but would then find it again when I reran the scan.  I eventually found the conduit search engine when following the chrome reset synch process.  After removing conduit from search it is no longer being found by malwarebytes.  Winyahoo is found, but not removed.  I have run the recommended clean program, Farstx64 and multiple malwarebyte scans.  I run the scans as the administrator with McAfee not running.  Anyhelp you can give me to remove winyahoo. 

Addition 11-12 528cst.txt

FRST 11-12 528cst.txt

Mbam after chrome sync reset and all search engines removed except google.doc

Share this post


Link to post
Share on other sites

Aura, thanks for your help, but winyahoo still isn't being removed.  I had already followed the sync instructions before I added the topic, but was still hopeful.  I tried to delete the problem manually, but was unable to read or edit the file to do that.  It requires SQL.  If I attach the file can you edit it and then send it back to me in an email.

Well it won't allow me to attach the file since it isn't in an acceptable format.  What do I do now.  winyahoo is a form of trojan, so I can't just ignore it.

I have Malwarebytes premium running real time, so it must be pretty bad to do this. 

Do you have any other suggestions for me.  apparently winyahoo can collect data and send it off somewhere, so I have to remove it.  This is my primary computer that is hooked up to carbonite and where I would do banking.  Now I am afraid to sign in to my bank.

 

 

Share this post


Link to post
Share on other sites

Can you provide me screenshots of your new tab, search engines and on start-up settings in Google Chrome? Basically the same screenshots that are in the second post of the thread I linked.

Share this post


Link to post
Share on other sites

I'm missing the new tab and "Other search engines" settings.

Share this post


Link to post
Share on other sites

I'm missing "On start-up", which is below "Search engine".

8V1ZhJG.png

Share this post


Link to post
Share on other sites

It's all good, no worries :)

Now let's try something. Are you aware that you have 2 Google Chrome profiles: Default and Profile 3? Do you know which one you're currently using? According to your FRST log, it would be Profile 3.

Edited by Aura

Share this post


Link to post
Share on other sites

No I didn't know there were 3.   I knew that I was called user 2 on my computer, but only noticed that recently.  I figured that was because I received an Acer Switch computer from my late brother and when I signed on to his machine I kinda became the 2nd user.   You need you to know that I have several computers..  Dell 11-3147, Toshiba 45T and the one that is a problem a Samsung  R-580  - 7 years old.  Normally the Toshiba and Samsung are used and sync firefox and chrome.  I also have a smart phone Samsung S5 that syncs.

Not sure if any of this matters, but thought you should know

None of this may be the cause of having 3 profiles.  I do know my name used is S Wo..  Does changing the name change the profile.  I just removed my husbands account from my computer. Not sure if that would change anything.  I restarted after I removed his account and then reran malwarebytes.  No change.

 

 

Share this post


Link to post
Share on other sites

Let's try something. Rename the following folder to "Default_OLD"

C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
Rename to ->
C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default_OLD

Once done, open Google Chrome. Are your settings (extensions, bookmarks, etc.) still there?

Share this post


Link to post
Share on other sites

I can be here at my computer until 11:40 cst and then need to leave for an appointment -  just incase you are available to work on this right now.

 

Share this post


Link to post
Share on other sites

Alright, delete the Default_OLD folder, and now run a new scan with Malwarebytes. Nothing should be detected anymore.

Share this post


Link to post
Share on other sites

Yeah!! its gone.  So I don't need a default folder apparently.   Thank you so much for your help with this.  I found another folder in chrome called profile 3.  so I guess that is where the system is looking  to for bookmarks etc.  Not sure how that happened.  Guess that's not a problem though.

 

Share this post


Link to post
Share on other sites

There will be no Default folder, yes. Your whole Google Chrome profile is in the Profile 3 folder. We confirmed that when we renamed to Default folder to Default_OLD and opened Google Chrome to see whether or not your settings were still there.

And no problem cert, you're welcome :)

Stay safe!

Share this post


Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.