Jump to content

pup.optional.legacy

G22G

By G22G
in Resolved Malware Removal Logs

 Share

Recommended Posts

G22G

G22G

Posted
Posted

as the title says, I have absolutely no idea how to remove this from my pc :/ I took a scan with malwarebytes, found some other pup file, but then deleted it, then I tried to download  adwcleaner and it found quite a few files and deleted all but the pup.optional.legacy. I tried to remove it multiple times, but it keeps coming back after the restart.  I tried Zemana anitmalware as well, which didn't even find it. I would really like to get some help here from someone who knows about this stuff. I also reinstalled chrome, deleted cache in Edge, and in adwcleaner it says that the legacy file location is 'HKML/software/hola'. I installed FRST as well, I guess I just need the fixlist?  Thank you so much in advance.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post log(s) on which I can see what is not being removed by the program.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

fixlist.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Hola
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.


Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\hola_svc]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\hola_updater]
[HKEY_USERS\S-1-5-21-562642259-48603379-2362785591-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Daniel\Downloads\Hola-Setup.exe"-
[HKEY_USERS\S-1-5-21-562642259-48603379-2362785591-1002\Software\Opera Software\1dc0b4276d3bb097df86f76cccec03ea\PreferenceMACs\Opera Stable\extensions.opsettings]
"pkbffhpdalaceholagpcomhnigjjdfdb"=-

Restart the computer when completed.

You can delete the fixme.reg file when done.

Run MBAM and let me know if all is well.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi

This could be a Syncing issue if you are Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Link to post
Share on other sites
  • 2 weeks later...
G22G

G22G

Posted
  • Author
Posted

Hey Nasdaq, sorry for the very late reply, I have been so busy :/ I read the article and I have no devices synced.. I honestly dont know what is going on :( However, there's something I always wondered, why stuff that I have been searching for on youtube will suddenly pop up on my phone as recommendations? I checked the google account that i use on my phone, and it doesnt have syncing on :S

Link to post
Share on other sites
G22G

G22G

Posted
  • Author
Posted

Hello. I paste it here:

 

Farbar Recovery Scan Tool (x64) Version: 07.11.2018
Ran by Daniel (08-11-2018 00:16:33)
Running from C:\Users\Daniel\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion
Boot Mode: Normal

================== Search Registry: "Hola" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"installed_image"="C:\Program Files\Hola\app\image\Hola-Setup-x64-1.108.133.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"workdir"="C:\Program Files\Hola"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"browser"="hola_cr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"profiledir_hola_cr"="C:\Users\Daniel\AppData\Roaming\Hola\chromium_profile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"hola_cr"="68.0.3440.75.7"
[HKEY_USERS\S-1-5-21-562642259-48603379-2362785591-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Daniel\Downloads\Hola-Setup.exe"="0x5341435001000000000000000700000028000000C82F0800BD26090001000000000000000000030600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000004F84AD02000000000100000001000000"
[HKEY_USERS\S-1-5-21-562642259-48603379-2362785591-1002\Software\Opera Software\1dc0b4276d3bb097df86f76cccec03ea\PreferenceMACs\Opera Stable\extensions.opsettings]
"pkbffhpdalaceholagpcomhnigjjdfdb"="667021B47E02B4AD7AD8EC5D1327E6C16520A21960A4B7A758AB76384443DCEB"

====== End of Search ======

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted


Lets do this again. Delete the previous fixme.reg file is not already done.

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Quote

 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"installed_image"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"workdir"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"browser"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"profiledir_hola_cr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Hola]
"hola_cr"=-
[HKEY_USERS\S-1-5-21-562642259-48603379-2362785591-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Daniel\Downloads\Hola-Setup.exe"=-
[HKEY_USERS\S-1-5-21-562642259-48603379-2362785591-1002\Software\Opera Software\1dc0b4276d3bb097df86f76cccec03ea\PreferenceMACs\Opera Stable\extensions.opsettings]
"pkbffhpdalaceholagpcomhnigjjdfdb"=-

 

BEFORE you restart the computer please remove the Chrome syncing as I may be the reason these items have returned.

This could be a Syncing issue if you are Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Restart the computer when completed.

You can delete the fixme.reg file when done.

Let me know in a day or two if the problem returns.

Link to post
Share on other sites
G22G

G22G

Posted
  • Author
Posted

Hey. I did everything as you said, but the problem is, it was never gone, adwcleaner was never able to remove it. I ran the fixme.reg, and let the pc reboot, and when I did, adw cleaner just said threats detected: 1, threats removed: 0 ? I am not using chrome sync on any of my devices, and I have no idea what's going on..

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Difficult to find what AdwCleaner is seeing if nothing is reported.

Let check further.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

This scan may take an hour or two. Execute it when you know you will not need the computer.

ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.


Enable detection of potentially unwanted applications

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology


 

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.