Jump to content

AdwCleaner detects three PUPs that won't go away.

BabyVenom

By BabyVenom
in Resolved Malware Removal Logs

 Share

Recommended Posts

BabyVenom

BabyVenom

Posted
Posted

Hello,

Malware does not detect anything but running AdwCleaner gets me 

PUP.Optional.Legacy

PUP.Optional.SecuredSearches

PUP.Optional.SearchManager

I deleted all other search engines except Google. Deleted extensions I did not really need, reset sync, and ran a malware scan on Chrome. 

Everytime AdwCleaner scans and restarts my computer the three muusketeers are still there.

 

PLEASE HELP!1

AdwCleaner[C01].txt

MalwareScan.txt

Addition.txt

FRST.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)
Hello BabyVenom and welcome to Malwarebytes,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.



Let me see those logs, also tell me if there are any remaining issues or concerns...

Do you have system restore and Windows Defender turned off...?

Thanks,

Kevin.

fixlist.txt

Edited by kevinf80
Link to post
Share on other sites
BabyVenom

BabyVenom

Posted
  • Author
Posted (edited)

Hi kevinf80,

 

Thanks for the reply. I did as requested and posted the logs.

When I got into chrome, the browser let me know of extensions MSN Bing Search Engine and Secured Searche (first time It did that). I clicked remove for both of them. However running Adware again, as you can see in the log, still turns it up.

For windows defender I have all the services turned on except "Windows Defender Advanced Threat Protection service"

System restore it says the following:

 

OS (C:) (System)            On

PBR Image                     Off

image.thumb.png.da53e978c99291b796dc6e900f96d477.png

Fixlog.txt

Zelmara Scan.txt

AdwCleaner[S11].txt

Edited by BabyVenom
format
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Those issues showing in Security Center can be fixed by turning them on, have you done that...?

For Chrome, make fresh install as follows:

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Does that help
Link to post
Share on other sites
BabyVenom

BabyVenom

Posted
  • Author
Posted (edited)

Did all this exactly as you stated and these unwanted extensions keep showing up on reinstall. I attached the Malware Bytes Adware log. I click remove from Chrome for each and it still shows up on the scan. 

I also have windows security center fully on with all features.

These viruses or whateve they are, are worrying me !

image.png.858a041e0b99e28bc77d9f6190ef9738.png

image.png.4e27699c08a0e56413d1105fd67ce615.png

image.png.765a525b9eeca833b769f26e7b582c11.png

AdwCleaner[S14].txt

Edited by BabyVenom
Link to post
Share on other sites
BabyVenom

BabyVenom

Posted
  • Author
Posted (edited)

Well I followed that to a tee. For the first time upon restart AdwCleaner succesfully removed both PUP.Optional.Legacy: MSN Homepage and Bing Search and PUP.Optional.SecuredSearches. Log said it was deleted and a rescan turned up clean.

 

Then as soon as I open Chrome (all the settings good, no sync, etc) the same message shows that those two extensions have showed up and a rescan of AdwCleaner shows the same old same old. 

 

WTH!

 

I'm contemplating just not using Chrome. I don't know how malicious these are. I've noticed some of these threads with the same extensions, some seem to not get solved..

AdwCleaner[C19].txt

AdwCleaner[S20].txt

Edited by BabyVenom
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Those listings are not malicious, they are also only listed as "Default Settings" so if you were to reset Chrome to its Defaults, that`s what they would be... Unless you have any remaining concerns I guess we can clean up..

Uninstall Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Right click on FRST here: C:\Users\Krew\DesktopFRST64.exe and rename to uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Yes you can keep any program that you wish. Internet browsers, (such as Chrome) are preloaded with a default homepage, that could be Google.com or Bing.com or MSN, which open upon launching your Browser.  Where did you get Chrome from originally, was it preloaded when you bought your PC..?

I notice in your reply #5 your image from chrome shows "Another Program on your computer added an extension that may change the way Chrome works" MSN Homepage and Bing search engine are listed. That seems to indicate software you have is influencing how Chrome sets or lists Defaults...

Lets run your system in "Clean Boot" mode, that is all none Microsoft Services disable. In that mode reset Chrome home page to Google, and its Search engine to Google. When that is done reboot your system (still in clean boot) run AdwCleaner and see what it lists...

Clean boot instructions at the following link:

https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello again BabyVenom,

It means that none of the disabled none MS services are at fault, if you recall what was posted in your reply #5 about a program on your system adding an extension to Chrome. We`ve done a clean install of Chrome, all synced backups were reset so could not be at fault. It would be expected that a fresh install of Chrome would have the defaults set to Google home page and search engine...

Can you recall any software being installed before the onset of the current issue...?

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Thanks,

Kevin..

Link to post
Share on other sites
BabyVenom

BabyVenom

Posted
  • Author
Posted

That's what I thought too. A clean install should make google the homepage especially if I DLed it from google. 

Unfortunately I cant recall any program. If it is a software I downloaded I have no problem uninstalling them all. 

As a side note, previously I have deleted the extension files in the registry and local app data folders. Seems that didn't help. 

Here are the logs.

Addition.txt

FRST.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Delete this extension:

CHR HKU\S-1-5-21-215297119-1485851756-2461549699-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

When that is removed run AdwCleaner and remove all found entries, reboot and start Chrome again. Post fresh FRST log

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.