PUP.Optional.Legacy - Chrome Extension won't go away

[NotPurp]

Wasn't aware that FileZilla was bundled with Malware so I went and installed it, I left to go the toilet while It was installing and when I came back, there was a program called Chromium on my desktop and I had a new google chrome extension. I immediately uninstalled/removed the extension + program and ran Microsoft Security Essentials which came up clean and then Malwarebytes which detected a few PUP.Optional.Legacy threats and removed them. I also ran Adwcleaner which detected a few more stuff afterwards. Now the problem is, a single PUP.Optional.Legacy keeps coming back no matter what I do, It's a google chrome extension that has something to do with Yahoo.

So far, I've tried disabling Google Sync on my computer and phone, resetting my chrome browser, reinstalling chrome and deleting the user data in /Local/ and /Roaming/ while running Adwcleaner each time to clean it but It keeps coming back when I open chrome. I've also ran full scans of microsoft security essentials and malwarebytes (with all the options ticked) which are now coming up clean. Malwarebytes isn't detecting anything else after the Iinitial scan I did. I've also tried Hitman Pro which comes up clean.

I am currently using firefox for now just to be safe. No PUP.Optional.Legacy unless I open chrome but I fear something is lurking in my computer.

[NotPurp]

I just checked the Adwcleaner log and this is what the extension was called

***** [ Chromium (and derivatives) ] *****

Deleted       Search and New Tab by Yahoo

[NotPurp]

This log is when I first used adwcleaner to scan for threats. The chromium thing is the only thing that keeps coming back

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-25-2019
# Duration: 00:00:23
# OS:       Windows 7 Professional
# Scanned:  31818
# Detected: 8

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy             C:\Users\Junne\AppData\Local\YSearchUtil
PUP.Optional.Legacy             C:\Users\Junne\AppData\Local\DriverToolkit

***** [ Files ] *****

PUP.Optional.Legacy             C:\Users\Junne\AppData\Roaming\Mozilla\Firefox\Profiles\l52cshws.default-1529574880783\searchplugins\Search Provided by Bing.xml
PUP.Optional.Legacy             C:\Users\Junne\AppData\Roaming\Mozilla\Firefox\Profiles\l52cshws.default-1529574880783\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverPack         HKCU\Software\drpsu
PUP.Optional.InstallCore        HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             Search and New Tab by Yahoo

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[NotPurp]

Addition.txt

FRST.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

[NotPurp]

I do not see the attached file.

[nasdaq]

Hi,

Sorry about that.

It's attached.

===

If the problem persistr check this out.

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Let me know what problem persists.
 

fixlist.txt

[NotPurp]

Here is the fixlog.txt

I'll download chrome now and see if it still shows up

Fixlog.txt

[NotPurp]

Okay! Just finished installing chrome, the "Search and New Tab by Yahoo" extension does not show up anymore. Going to try turning on sync now and see how it goes...

So far, nothing yet.

Thank you so much nasdaq, you are an actual lifesaver. I really appreciate it, I've been losing sleep over this problem for a few nights because of anxiety.

I hope I'm in the clear now, should I also change my passwords for everything just in case and may I contact you again If It happens to come back or something else pops up?

Thank you again!

 

[nasdaq]

Hi,

 

should I also change my passwords for everything just in case and may I contact you again If It happens to come back or something else pops up?

It's not recommended that the SAME password be used for all or some other  requiring password access.

You can check if your password(s) have been Pwned
https://haveibeenpwned.com/Passwords

How to Create a Strong Password (and Remember It)
https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
===

This topic will be closed in 6 days .
You can return if the problem returns during that time frame.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks