Jump to content

cannot get rid of PUP.Optional.Spigot, & malicious website outbound attack

LizinPa

By LizinPa
in Resolved Malware Removal Logs

 Share

Recommended Posts

LizinPa

LizinPa

Posted
Posted

I have been experiencing two (& maybe 3) potentially related problems: 1) Beginning around Nov. 8, Malwarebytes (Premium 3.3.1) has been identifying PUP.Optional.Spigot during its daily scan. When I click "quarantine," Google Chrome abruptly shuts down. I restart Chrome, and then Malwarebytes finds Spigot again on its next scan. I did check my Google Chrome extensions, and nothing suspicious shows up there. 2) On Nov. 20, Malwarebytes repeatedly blocked a malicious website, outbound. As the attached logs document, all but one was from File: C:\Windows\System32\svchost.exe; the other, from File: C:\Windows\System32\spoolsv.exe. 3) This may or may not be related, but -- on Nov. 21, a fraudulent charge was made to one of my credit cards, which I had used to make an online reservation on Nov. 15. It's quite a coincidence if it's unrelated, in that the charge was made less than 24 hours after the malicious website "attack."

So -- help! I am very cautious online, have Malwarebytes running every day, have Norton Internet Security doing daily scans . . . yet obviously our computer has been infected &/or there is a malicious DNS server. We do have a wifi network - not sure whether KRACK could have played a role?? In any case, I am wondering how to deal with this problem -- specifically, whether it is something I should be able to deal with myself (with instructions from someone much more tech-savvy than I :-) )? Or??

Thanks in advance for any guidance.

 

Malwarebytes logs 11 22 17.docx

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
31 minutes ago, LizinPa said:

Thanks in advance for any guidance.

:welcome:

Follow the instructions in the thread below, it should solve your issue.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Quote

IP Address: 255.255.255.255

That was a bad database update that has been corrected.

Edited by Porthos
Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
9 minutes ago, LizinPa said:

Do you think that will solve the malicious-website-outbound problem

Get the Chrome issue first and make sure your database is up to date.

Since this got moved to malware removal I will bow out now. If you keep having issues follow the below instructions.

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

  1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
  2. Download FRST and save it to your desktop
    NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  4. Press the "Scan" button
  5. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
  6. NEXT: Create and obtain an mb-check log
  7. Download MB-Check and save to your desktop
  8. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
  9. This will produce one log file on your desktop: mb-check-results.zip
  10. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area
Link to post
Share on other sites
LizinPa

LizinPa

Posted
  • Author
Posted

OK -- I went through the processes described in "Chrome Secure Preferences detection always comes back, " and it did not solve the problem. That is, I quarantine PUP.Optional.Spigot, but it keeps coming back (in C:\USERS\ANN OR LIZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [647], [454814],1.0.3329). I also scanned our laptop, which is connected via home wifi network, and on which we use the same Google & gmail accounts as the desktop. The laptop had not been scanned in a long time; Malwarebytes found 55 threats -- many of them PUP.Optional.Spigot, in numerous locations. The Malwarebytes quarantine got rid of 54 of the 55; as with the desktop, the only one I can't get rid of is the one connected to Chrome. I did not reenable sync. 

Logs created via FRST and MB-Check are attached.

I am concerned about a couple of things:

1) how to get rid of PUP.Optional.Spigot (on both the desktop and the laptop)

2) whether PUP.Optional.Spigot could have been the cause of the malicious website outbound attack described in my initial post, or whether I need to be concerned about our DNS server, too, and doing something different to deal with that.

Thanks in advance for any guidance/assistance!

mb-check-results.zip

Link to post
Share on other sites
LizinPa

LizinPa

Posted
  • Author
Posted

Hi! Now that the Thanksgiving holiday is over, will someone be able to help me with this? FYI, I've checked our DNS servers (router & local ones on both computers) and all seems to be fine. Still having the problem with PUP.Optional.Spigot. When I quarantine it, Chrome shuts down. Thanks in advance for any help.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept