Jump to content

Pup keeps recurring


Recommended Posts

Pup keeps showing up within hours after clearing. I quarantene about 27 files with malwarebytes. Then run AdwCleaner which always finds 1 pup. I clear and restart. But it comes right back in a short while. What else do I need to do. Here is the log from AdwCleaner.

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-20-2019
# Duration: 00:00:16
# OS:       Windows 10 Pro
# Scanned:  27356
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             dhhjmlmdpcpiojiffodbldlkgcnaeogp

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

Link to post
Share on other sites

Sometimes two Pups. I was running up to date malwarebytes when this infection occurred.

 

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft-office.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft-office.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Chromium (and derivatives) ] *****

Deleted       FromDocToPDF
Deleted       Search Encrypt
Deleted       ibiiaimghkbhffgkkdogldehnidojjga

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

Link to post
Share on other sites

Sometimes two Pups. I was running up to date malwarebytes when this infection occurred.

 

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft-office.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft-office.en.softonic.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Chromium (and derivatives) ] *****

Deleted       FromDocToPDF
Deleted       Search Encrypt
Deleted       ibiiaimghkbhffgkkdogldehnidojjga

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

Link to post
Share on other sites

Here is report from Malwarebytes.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/19/19
Scan Time: 8:11 PM
Log File: ffe51930-6319-11e9-8901-10604b65962c.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10248
License: Premium

-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 438096
Threats Detected: 26
Threats Quarantined: 0
Time Elapsed: 11 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.SearchEncrypt.Generic, HKU\S-1-5-21-3112735609-2398618125-4238892646-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oodblefojaocanejnikhhjcglbaelpbp, No Action By User, [14753], [448980],1.0.10248

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\_metadata, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\css, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OODBLEFOJAOCANEJNIKHHJCGLBAELPBP, No Action By User, [14753], [448980],1.0.10248

File: 18
PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\USERS\OFFICE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OODBLEFOJAOCANEJNIKHHJCGLBAELPBP\3.4.3.5_0\MANIFEST.JSON, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\css\tooltip.css, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon128.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon16.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon16_disabled.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\icon48.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\input-checked.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\input-unchecked.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\img\se\si-logo.png, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\bg.js, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\page-protection.js, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\panel.js, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\lib\savesettings.js, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\_metadata\verified_contents.json, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\background.html, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\panel.html, No Action By User, [14753], [448980],1.0.10248
PUP.Optional.SearchEncrypt.Generic, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodblefojaocanejnikhhjcglbaelpbp\3.4.3.5_0\settings.html, No Action By User, [14753], [448980],1.0.10248

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Hello @JLMichels and :welcome:

Please follow the directions on the following topic and let me know if that corrects the issue. You also have an old compromised version of Java. Please uninstall your Java. If possible try to use the computer without Java, but if you have to have it keep it up to date at all times. https://java.com

 

 

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin

Okay, please try the following method to clean up Chrome

 

Chrome

 

Reset Chrome back to defaults to completely clear out issues with Chrome.

  • Open Chrome and at the top right, click ellipse.png.2829aeeb2aea006bc956de077091and then More tools and then Extensions
  • Write down the list of Extensions installed.
  • Next, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
     
    • run_command.png
       
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks

chrome_files_folders.png.00938ead26fa2bd

 

Restart your computer now and make sure there are no longer any redirects or other browser issues and let me know the results

Thanks

Ron

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.