Scan finds same items daily though quarantined

[rundwald]

I have 32 items ( see att) that appear daily. I can't seem to delete them permanently, I must be doing something wrong, but with age cannot recall how I should proceed. Can someone, please help or remind me. The entries nearly all relate to PUPs, but how do I find the extension that is causing the problem and remove that to solve matter?

I am using Premium (free) 3.7.1

 

summary mbites.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The Chrome Sync could be the cause.

If the problem persists and Chrome is Synced with other Devices check this out.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Execute the suggested fix.
===========

If the problem is not solved please run this scan.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Wait for further instructions
====

[rundwald]

Despite having 3.7.1 I followed the instructions and unsynched Chrome. The items still persist.

FRST_17-05-2019 06.57.23.txt

Quote

 

 

Addition_17-05-2019 06.57.23.txt

[nasdaq]

Hi,

If you did not add this Chrome Extension pleas add the 2 line in the Fixlog.txt. Save the File. Do this before you run the fix.
CHR Extension: (mp10search) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopopnpbajbbidkeaghdigfefkenjjmc [2019-05-16]
CHR DefaultSearchKeyword: Default -> mp10

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome

Open Google Chrome, click on menu icon or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

If the problem persists your copy of Chrome may have been compromised

Remove Chrome from your Computer and reinstall a fresh copy later.

If not applicable pass and continue.
If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Re-install Chrome and the Bookmarks.
<<<>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

[rundwald]

Despite having 3.7.1 I followed the instructions and unsynched Chrome. The items still persist.

FRST_17-05-2019 06.57.23.txt

Quote

 

 

[rundwald]

I'm confused. What attachment do you refer to? I cannot find fixlog.txt anywhere. Do you mean fixlist.txt, as per link at bottom of page?

[nasdaq]

Refer to post no. 4. The fixlist.txt is attached. 

Follow the instructions when downloaded.

[rundwald]

Despite having 3.7.1 I followed the instructions and unsynched Chrome. The items still persist.

FRST_17-05-2019 06.57.23.txt

Quote

 

 

[nasdaq]

I was expecting the Fixlog.txt.

If you have downloaded the Fixlist.txt (post no. 4) and placed that file in the folder in bold

Running from C:\Users\Gordon\Downloads then you need to run the Farbar program and click the Fix button.

The Fixlog.txt log will be created.

===

Post the log and let me know if the problem persists.

 

 

[rundwald]

I am still floundering, but fixlog.txt is attached. None to sure I've got it right, and may have to abandon and perhaps just put up with problem.

Fixlog.txt

[nasdaq]

Hi,

If the problem persists try this.

It may be Ads from the notification on the bottom and  right side of some pages.
Next time you see an ad click on the notice on the right of the task bar.
If you see a setting wheel open it and change the setting to stop the notifications.

How to Disable Notifications in Google Chrome
https://gadgets.ndtv.com/apps/features/how-to-disable-notifications-in-google-chrome-643057

Add the site to your block list.

How did I get this.
https://forums.malwarebytes.com/topic/245131-random-i_bongacash-javascript-injection/

===

Let me know what problem persists and in which browse(s).

[rundwald]

The quarantine list reappeared, so I uninstalled Mbytes and cleaned any remaining debris vigorously, then reinstalled version with new download. At next daily scan the items surfaced again. I removed all extensions. Two daily scans since have reported clean.

I think the problem is solved.

[rundwald]

Thank you for your help!

[nasdaq]

Hi,

You did well but this one may have be the caused.

In post no.4 I suggested you remove this extension if it was not installed by you.
I think it was the culprit.

If you did not add this Chrome Extension pleas add the 2 line in the Fixlog.txt. Save the File. Do this before you run the fix.

Quote

CHR Extension: (mp10search) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopopnpbajbbidkeaghdigfefkenjjmc [2019-05-16]

Glad to see that all is well.

p.s.
If you reinstall the Chrome extension do it one at a time to make sure that it's not compromised.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks