Jump to content

TheBrightTag Keeps Returning

Recommended Posts

AdwCleaner is finding and, presumably, cleaning TheBrightTag from my computer. However, after short periods of usage (sometimes hours; sometimes a few days), I find that my computer is again reinfected. I can usually tell because the system slows noticeably.

My Win10 PC is fully up-to-date and I generally think of myself as a safe user (I use VPN on public sites and am careful about phishing and similar attacks). Nevertheless, I cannot figure out how to completely eradicate this thing.

At @exile360 recommendation, I have downloaded and run FRST64. I am attaching logs from both FRST and ADW:

  1. ADW S35 Log shows infection this morning.
  2. ADW C35 Log shows log after running AdWCleaner (no infection)
  3. FRST 1 and Addition 1 logs were run (presumably no infection)
  4. ADW S36 Log shows where TheBrightTag infection returned this afternoon (I was on a plane and mostly disconnected from the internet during the ensuing 9 hours
  5. FRST2 and Addition 2 logs were run (after detection and before cleaning...therefore infected)
  6. ADWS37 Log shows log after running ADWCleaner again (no infection)

I just ran ADWCleaner scan again and it did NOT find anything. Nevertheless, I have little confidence that my system is completely eradicated.


Thanks much for any help.

FRST 2.txt Addition 1.txt FRST 1.txt Addition 2.txt AdwCleaner[S39].txt AdwCleaner[S38].txt AdwCleaner[S37].txt AdwCleaner[C35].txt AdwCleaner[S35].txt AdwCleaner[S36].txt

Share this post

Link to post
Share on other sites

Hello @Moirty

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.





Share this post

Link to post
Share on other sites

Please go ahead and restart the computer one more time and then run a new AdwCleaner scan and post back the new log


Share this post

Link to post
Share on other sites

Sadly. TheBrightTag has returned. ADWCleaner detects it again. I went ahead and cleaned it again. Log attached.

My work has been very limited since running the fix (nothing that should be 'risky').

Thanks for your continued assistance.



Share this post

Link to post
Share on other sites

In the 1 hour since I posted the previous message (and completed the ADWCleaner repair), TheBrightTag has returned to my system!


In that time I did the following: 

  •  Yammer, Skype Bus and MS-Teams are running on my system. I responded to MS-Teams messages.
  •  I ran the following programs: Word, Acrobat Reader, Quicken, Excel
  • Opened Edge and browsed to a single website
  • I browsed and copied a number of files using Windows 10 File Manager


Share this post

Link to post
Share on other sites

I guess uBlock Origin is working. I have not seen the malware return since it was installed.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.