Jump to content

HKU s-1-5-21...can't be removed


Recommended Posts

Hi,

As of today, I've noticed that a registry file keeps being picked up by Malwarebytes and isn't removed by the program (there's 3 PUPs to, but they seem related to Chrome Sync). Can anyone please help me to remove this?

Addition.txt

FRST.txt

Malware report 191018.txt

I've attached the files I think I need to attach, but if you need anything else from me to get this sorted, please let me know.

Thanks in advance for any assistance. It looks like there's been some success for others with similarly titled problems so I'm hoping this can be resolved.

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your logs are clean.

This looks like a Syncing issue?

Are you Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back

After a restart of the computer run MBAM.

Let me know if the problem persists.


 

Link to post
Share on other sites

Hi Nasdaq, thanks for your response.

I've followed the instructions in the attached link and I'm still getting the same results. I've attached the report from a scan today.

Ultimately, I'm not too worried if you're saying there's nothing to panic about with these results. The only one I was really worried about was the registry value, as this has always been where other malware has been found in the past. I can see it references Chrome preferences so I'm happy to ignore and keep an eye on things if you say there isn't a particular issue related to this.

Thanks for your help

Malware report 211018.txt

Link to post
Share on other sites

Hi,

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
pilplloabdedfmialnfchjomjmpjcoej
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.