Jump to content

I can not delete the adware in an key under folder of Chrome


Recommended Posts

I can not delete the adware in an key under folder of Chrome in the regestration editor, if I try to delete it is my access denied, if I want to change the owner the access is denied, and if I try it with the help of the registrar registry Manager to delete it, I get the error message ACCESS DENIED I want to delete the key permanently to eliminate the adware finally. The Adware cleaner is scanning the Adware but it can't remove it. I tried many programms but no one helped me, the Adware is still there. the Key Path is named: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.microsoft.browsercore

1.png

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

There may be more than just delete that file.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Let me know what problems persists.

Wait for further instructions

Link to post
Share on other sites

  • Root Admin

@nasdaq is in Europe and it's the weekend @Jack_Klauch

The FRST program is very safe to use. Please temporarily disable Defender or SmartScreen if needed and download it, run it, post back the requested logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
NativeDesktopMediaService (HKLM-x32\...\{FC44DE72-60F9-4BC1-B098-D2F6B5A06187}) (Version: 3.5.0 - Jetmedia) <==== ACHTUNG
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome

Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Hi,

The program must have been deleted without using the Add/Remove Programs applet.

It's only a entry from the Registry.

It's not active. If you wish to remove it from the Registry follow these instructions.

https://www.bleepingcomputer.com/tutorials/manually-remove-programs-from-add-remove-programs/

===

Click on the Fixlist.txt folder in the bottom of my previous post.

If you need it the the link is: 

https://forums.malwarebytes.com/applications/core/interface/file/attachment.php?id=277653

Link to post
Share on other sites

Hi,

This topic shows a solution to remove the com.microsoft.browsercore key.
https://answers.microsoft.com/en-us/windows/forum/all/network-administrator/2f1a3c46-2c09-4c54-94b6-43c6ee92ee0b?page=2

How to boot in the RE (Recovery Environment)

Boot the compromised PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Set you eyes on this option.
Reset Windows 10 OPTION ONE  Reset Windows 10
To Reset Windows 10 at Boot

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

Select in this order
"Troubleshoot" > "Advance Options" > "Command Prompt"


Once in the command prompt

Run the Regedit and delete the com.microsoft.browsercore key

Save, Exit,  Regedit.

Hope that helps.

Link to post
Share on other sites

https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErRfvnZgV8aMYC2HwSKrksZKwkmjwS4-u2vZVtAD0lsWdxB7uLqhpvwhkq2krqMV-CfIH3mfNYfAdhfQDRAm-80ZtZhyJoOLtsAjEhiegw8DTOCaLt89As4233GNuwZgkLwKuPVX_oE1YNiiNQOy6IDOQd1H5NhE3PG7fj0MJ6
                               

And

 

https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErRfvnZgV8aMYC2HwSKrksZKwkmjwS4-u2vZVtAD0lsWdxB7uLqhpvwhkq2krqMV-CfIH3mfNYfAdhfQDRAm-80ZtZhyJoOLtsAjEhiegw8DTOCaLt89As4233GNuwZgkLwKuPVX_oE1YNiiNQOy6IDOQd1H5NhE3PG7fj0MJ6

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.