Jump to content
Alice22

PUP.Optional.Legacy persistent, will not go away

Recommended Posts

Hello,

I am having trouble with PUP.Optional.Legacy in Chrome. Tried multiple scanners, only AdwCleaner detects it

I've been battling this beast for a while now. What I've done so far: I've clean installed windows twice. I have reset chrome settings multiple times. I have reset chrome sync multiple times.I have deleted cookies, preferences and all files from %LOCALAPPDATA% for Chrome. I have installed Chrome from the offline installer. I have cut the internet connection and did all of those steps again. 

I've narrowed it down to this:

At first I thought it comes from my profile/sync. But I have done the steps below, without internet connection and it keeps coming back. It is somehow connected with the search engines/search providers of Chrome and/or Chrome settings. I can clean it with AdwCleaner, or manually remove the search engines from Chrome settings and it seems to disappear. But even if it does, after a few minutes, Chrome starts lagging, freezing a lot, and loading pages very, very slowly. I can tab out of Chrome and go to another browser, enter the web site and it will fully load, while in Chrome it is still loading. I run a scan with AdwCleaner - nothing, but I know it's there, my browser is lagging so bad... 

Here how it always comes back.

Every time I click on "Reset settings" in Chrome, the adware/virus comes back.

1.PNG.f140a53791605dee4685e3518d834d0f.PNG

This additional search engines appear in the settings:

2.PNG.7b211768b1dc060cd715df5bcf486de4.PNG

And after a scan, these are the results:

3.PNG.df1c239073f0ae4221663f3527522544.PNG

And here is the Log File from the scan:

AdwCleaner[S70].txt

I am not smart enough to handle this on my own. I need help.
 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the AdwCleaner Help forum.

Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue:

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Chrome does add multiple search engines when installed and will add them back after reseting chrome settings and sometimes even after chrome updates they come back. I use chrome and I don't remember ever seeing one for ask though. Try clicking the three dots beside each search engine you don't want and it should give an option to remove them. After doing this run adwcleaner and malwarebytes and see if it comes back.

Edited by Gamerear21

Share this post


Link to post
Share on other sites
5 hours ago, Gamerear21 said:

Chrome does add multiple search engines when installed and will add them back after reseting chrome settings and sometimes even after chrome updates they come back. I use chrome and I don't remember ever seeing one for ask though. Try clicking the three dots beside each search engine you don't want and it should give an option to remove them. After doing this run adwcleaner and malwarebytes and see if it comes back.

I've done this a thousand times. They do not come back. However if I reset chrome, both AOL and Ask come back -> Run AdwCleaner -> it detects them as adware. Now since the last time I cleaned them, for some reason the browser is working fine - no slowing, freezing, lag spikes. I am scared that they will appear again sometime since I know they exist somewhere in browser/computer and resetting Chrome brings them back up.

Share this post


Link to post
Share on other sites

Ok I've installed AdBlock and Chrome has started lagging like crazy again. Loading pages very slowly and random freezing. I think the virus is trying to load/open stuff but can't because I've removed most of it and that causes the lagging. 

Please help me solve this, it's driving me crazy for a week now.

Share this post


Link to post
Share on other sites

Hello,

You can ignore this detection for now.

The Chrome slowness is more than likely due to something else - you should post a MB3 logfile too, and someone will assist.

Share this post


Link to post
Share on other sites

Hello,

Thanks for you reply, I'm not sure if this is the correct log you are referring to. Please clarify if it is, or if I should upload another file.

Thanks
 

Malwarebytes_Log.txt

Share this post


Link to post
Share on other sites

Hello,

At first, I forgot to install MB3, because of the clean windows install I did earlier and now after I installed it (MB3) again - a pop up appeared saying that a site was blocked.

Please find the report/log attached

Malwarebytes_Log2.txt

Share this post


Link to post
Share on other sites

Update:

Edge is slow too, at this point no browser is safe from this virus. I don't know what to do anymore, I've disabled sync on the accounts, re-installed Windows, re-installed browsers, anything I can think of doing I already did.. I noticed in the %APPDATA% Chrome folder, inside the extensions folder, there are some random folders creating themselves every now and then. None of my browsers have any extensions.

Extensions folder right now, after I deleted everything a few minutes ago:

1.JPG

Is this fixable? What am I supposed to do?

Edited by Alice22

Share this post


Link to post
Share on other sites

Hi,

On 7/18/2018 at 9:13 PM, Alice22 said:

Extensions folder right now, after I deleted everything a few minutes ago:

1.JPG

Is this fixable? What am I supposed to do?

This is a Chrome extension (related to Chrome Cast as far as I can see) - a safe one. It's currently not being detected by AdwCleaner nor Malwarebytes. So nothing to worry about.

As fr33tux said earlier:

On 7/12/2018 at 12:43 PM, fr33tux said:

The Chrome slowness is more than likely due to something else

When you say Edge is too slow, does it means that web pages are loading slowly or is it something else?

Edited by cocochepeau

Share this post


Link to post
Share on other sites

Hi,

Let me try to explain as best as I can how the browsers act..

Chrome: Works fine for a few minutes and then when trying to switch between tabs it freezes for about 2 to 10-15 seconds. I've noticed once I open a new tab and type in an address, and press enter - nothing happens. No page is loading. If I switch to another tab, and back to the previous one (where I typed the address) - there url field is empty. But once I type a web address for the second time - it starts loading very, very slowly and eventually it loads. Than back to the freezing tabs and having to type the url's twice.

Edge - pages stop responding popping up with a message to recover the page, but not too frequently. Switching between tabs is slow, although much faster than Chrome. In Edge, often when I start typing in a field (for example the YouTube search bar) it has a typewriter effect - 0.5 to 2 second delays between my press on the keyboard and the letter appearing on the search field. 

If there is anything else I can check or look out for, please let me know.

Share this post


Link to post
Share on other sites

Hello @AdvancedSetup

It doesn't work, I've followed through this guide many times now. It fixes the issue, but as soon as I add an extension or reset the browser's settings, it comes back. 

I just booted in Safe Mode, performed a disk cleanup (thought that may help), scanned with MB3, scanned with AdwCleaner - all clean. After that I did a reset on the Chrome settings, scanned with AdwCleaner - it was back. And this was in Safe Mode. I also reinstalled chrome for the thousand time now, and I got this blocked site pop up.

2.JPG.e2c751286070e82ea45122b16945fd32.JPG

Share this post


Link to post
Share on other sites

Okay, let's do a full removal of Google Chrome.

Please backup your Bookmarks to a safe location outside of all Google folders as we will be removing everything from Google.

Do you have or use any other Google products?

 

Share this post


Link to post
Share on other sites

After I disabled sync I still have the bookmarks on my phone. But I don't mind losing them.

I use Google Drive, Maps, Playstore, but nothing else besides Chrome (from Google) is installed on the computer.

Please describe how we are going to perform a full removal, because I already removed Chrome many times and re-installed Windows twice while trying to get rid of this virus.

Thanks ^^

Share this post


Link to post
Share on other sites

Just meaning that we will delete all from Google. If there is local data stored on your computer Google Drive it will probably delete it. I don't want to do that if you have data there.

 

Share this post


Link to post
Share on other sites

I do not have Google Drive installed on my computer. I access Drive through the Chrome browser.

Share this post


Link to post
Share on other sites

Okay, please go ahead then and uninstall Google Chrome from the Control Panel, Programs, Add/Remove. If it asks you about removing personal data say yes and remove all.

Once that's done please reboot the computer and run FRST and make sure you place a check mark on the Additions.txt check box too and post back both new logs. Then we'll continue from there.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Hello @Alice22

Sorry for the delay. I lost track of your post as the system did not remind me.

The following Fix will remove most traces of Google Chrome from your system.

 


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

 

Thanks

Ron

Share this post


Link to post
Share on other sites

Do you have an Android phone or another computer with Google Chrome on it?

Please ensure that all sync settings on your phone are disabled and clear private data for Google and Browser

 

https://www.samsung.com/hk_en/support/mobile-devices/how-to-disable-enable-auto-sync/

 

https://www.companionlink.com/support/kb/How_to_turn_off_Google_Sync_on_an_Android_device

Then let me have you run the following one more time now that Chrome is gone and disabled on other devices too.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Hi @AdvancedSetup

I had Chrome on my laptop so I completed all of the steps we did on the PC on the laptop too. Also disabled sync and cleared private data for Google and Browser and my phone.

All devices are with disabled sync and cleared data and after a scan with MB3 and AdwCleaner they all look clean. I synced my phone for the second time and cleared the synced Google data. After that - disabled sync again and cleared data again - just to be sure nothing was saved on Google's storage/cloud.

I left my saved passwords un-checked only, I hope that's okay? I can delete them too, if it's necessary.

Here are all of the files requested in the previous post:

MB3_Scan.txt
AdwCleaner[S107].txt
FRST.txt
Addition.txt

Share this post


Link to post
Share on other sites

So none of the other browser are experiencing any issues are they?
 

Please create a NEW System Restore Point on this computer. Then go ahead and download and install Chrome again and reboot the computer.

https://support.microsoft.com/en-us/help/4027538/windows-create-a-system-restore-point

Then browse the web and let me know if the issue has been removed

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.