Jump to content

Adwcleaner detects Pup.Optional.Legacy and won't let me remove it

Recommended Posts

I accidentally clicked on a shady link a few days ago and since then my computer has been acting funny. About an hour after I clicked the link , I got emails on all 4 of my Gmail accounts telling me to "resolve 1 security issue found on your account... We've upgraded our Security Checkup to strengthen the security of your account".... not sure if that's a coincidence and was automatically sent by google because they upgraded their systems, or if someone was trying to hack into my account or something....


Today, my computer restarted by itself and when it came back on it was running very slowly with physical memory running at 97% , wouldn't let me open any programs because it was just loading constantly and had two programs called HPSF.exe running at the same time that i'd never seen before.so i booted into safe mode and ran adwcleaner. It found a Pup.Optional.Legacy file located in C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\qethsoqa.default\invalidprefs.js

when i try to clean it with adwcleaner, it first tells me "Caught Unhandled Unknown Exception; terminating", then it starts to clean but stops at about 30% and doesn't progress any further no matter how long i wait


I ran  a threat scan on MalwareBytes (free edition) with Rootkit scan enabled, but it didn't find anything.


I've read that Pup.Optional.Legacy can be a keylogger, so I'm kind of nervous... Please help!

Edited by throwaway133
Link to post
Share on other sites

Hello throwaway133 and welcome to Malwarebytes...

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.



Link to post
Share on other sites

Hi Kevin, Sorry for the delayed response and thank you for the welcome. So I ended up running RogueKiller before i saw your reply and It detected the Pup that Adwcleaner was detecting and got rid of it. When I run Adwcleaner it doesn't show up anymore.. but i still feel like I might be infected. Here's my FRST scan





Edited by throwaway133
Link to post
Share on other sites

Cool.. Good to hear. My computer definitely seems to be working better and haven't noticed anything weird so far.

One thing though,  I was wondering if you could let me know if any of these plugins on my browsers are legit, I don't remember downloading  them and don't know why they're there

These are the one's I'm unsure of:  Norton Identity safe, slides, sheets, coupon alert installer, and chrome remote desktop viewer


Also,  It was a Google Hangout link that I clicked that looked like a legit hangout link, but the person who posted it later said they "altered it to a phishing link". When I clicked the link, it asked me if I wanted to leave youtube to visit a potentially harmful site, and I'd never seen a hangout link do that before. I accidentally clicked yes and it took me to an actual hangout room, so I'm confused why it would warn me like that. I thought only short url's could be phishing links


If I posted the link that i suspect is a phishing link, would you be able to tell if it was legit or not? Or is it against site rules to post suspected shady links?


Thanks again!


Edited by throwaway133
Link to post
Share on other sites

Google have a cleanup tool for Chrome, you could run that to check extensions and plugins:  https://www.google.com/chrome/cleanup-tool/

If you have links that you`re unsure of run them through VirusTotal see what feedback you get: https://www.virustotal.com/en/

Run the following to remove FRST and its folders..

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following item is the only one checked:

  • Remove disinfection tools <----- this will remove tools we have used and itself.

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…


Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.