Jump to content

Can't remove Spigot PUP from Chrome


Recommended Posts

Malware Bytes always finds 29 Spigot PUP threats, 1 in memory and 28 in system files on my Windows 10, 64 bit laptop, as listed on the attached report.  I don't find any extension in Chrome associated with Spigot to disable.  I've run the AdwCleaner, Malware Bytes, Hit Man Pro, and reset Chrome settings procedure you posted on the web.  That procedure might delete Spigot as long as I don't open Chrome, but as soon as I open Chrome, running Malware Bytes finds the 29 threats again.  I've seen your recent post regarding a 2-step, Chrome sync settings possible fix, but I don't understand it.  Recent Farbar files are attached.

malware report 26APR2019.txt Addition_16-05-2019 15.34.03.txt FRST_16-05-2019 15.34.03.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome

Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

If the problem persists and Chrome is Synced with other Devices check this out.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Execute the suggested fix.

Restart the computer normal.
===========

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Dear nasdaq,

Thank you for your reply.  I followed your initial procedure.  The resulting FSRT fixlog file is attached.  The only variation I made in the procedure was while in Chrome's "Reset & Cleanup", I performed a Cleanup first (with nothing found), followed by the Reset.  I then shut Chrome down, reopened it, and ran Malwarebytes as a test.  It found the same 29 Spigot PUPS as before.

I do not think that my Chrome is synced with any other devices, but please tell me how to confirm that.  I presume that if it is not synced with any other devices, your second procedure would not apply.

Fixlog_17-05-2019 17.45.18.txt

Link to post
Share on other sites

Hi,

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
hoigebnckkbpkkbnodiincmbeflhmhbd
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites

Good Morning!

Just to double-check: my laptop is only set up for a single user, me.  I presume I am running FRST as the Administrator.  If there is something else I should be doing, let me know.

Also note:  I do have Norton Antivirus and have not disabled it while running FRST.

Attached is the result of the Registry scan.

SearchReg.txt

Link to post
Share on other sites

Hi,

PUP.Optional.Spigot.Generic, HKU\S-1-5-21-3236419292-402543344-853073815-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|hoigebnckkbpkkbnodiincmbeflhmhbd,

It not in your computer. It in your CHROME\PREFERENCEMACS\Profile 1\

Reset Cjrome as suggested in post no 6.
 Make sure you restart the computer when done.
====

If the problem persists then Remove and re-install Chrome

Your copy of Chrome may have been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>

How is it now?

Link to post
Share on other sites

All Hail Glorious nasdaq, the solution to my 29 problems!  Malwarebytes now finds 0 PUPS.

A few notes:  Tried Chrome reset but it did no good.  (not sure what post no. 6 refers to?)

Went ahead with saving bookmarks and passwords, uninstalling and reinstalling Chrome.

For some reason, my Chrome already was enabled to export passwords as a .cvs, but I did have to work through the experimental chrome://flags to Enable the import passwords feature.

Many thanks again for your timely assistance!

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.