Jump to content
Joko

How to remove untsorce.cool adware?

Recommended Posts

Dear supporters,

Malwarebytes detects untsorce.cool and blocks it, but it does not find it as a threat. Neither does the AdwCleaner and a couple of other antivirus tools.
How can I get rid of this adware?

Thank you for your reply.

Best regards,
Joko

This is one of the Malwarebytes logs:

-Log Details-
Protection Event Date: 6/18/19
Protection Event Time: 10:08 PM
Log File: e34e03f8-9204-11e9-9694-80fa5b59ac77.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11122
License: Premium

-System Information-
OS: Windows 10 (Build 17763.557)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Adware
Domain: untsorce.cool
IP Address: 172.241.69.4
Port: [50867]
Type: Outbound
File: C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

Share this post


Link to post
Share on other sites

Hi,   :welcome:

My name is Maurice.   I will be helping and guiding you, going forward.

We need to get  additional information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.615.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

The Brave browser is encountering website block notices.

For Your Information:

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

 

No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).

 

Thank you.

 

Share this post


Link to post
Share on other sites

Good day Maurice,

Thank you for your quick reply. I have attached the zip. 
About the adware: I suspect that it is having a negative influence on my computer its performance. Also, since a couple of days, around the same time that I found out about this adware, the sleep function is not working anymore. Maybe it is not related. 

Best regards,
Joko

Mbst-grab-results.zip

Share this post


Link to post
Share on other sites

Thanks for the report !

This pc has Brave browser as the default browser.  Lets be sure to delete Cache files in that browser  ( as a starter).

You can do this via History menu > Clear Browsing Data… or using Ctrl + Shift + Delete keys on the keyboard.

image

And it will open the following dialog. Flip the switch for Cached image and file then click Clear button.

image

 

[ 2 ]

I would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close BRAVE browser  and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner.

 

Please download the current release for Malwarebytes AdwCleaner from here:
https://downloads.malwarebytes.com/file/adwcleaner

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.

 

You should then see a screen showing "Scan results".

Review what is listed. If something is listed that you know for sure is safe, then for that line, click the check-box on the left so that it is un-checked.

(NOTE, clicking the small right pointed little arrow, will cause the screen to refresh & show all line items . )

 

When ready, click on the button "Clean and repair".

If prompted to restart then click on "Clean & Restart Now".

 

When You see screen with "Your cleanup is complete", click on the View Log file button.

It should then show as a open window in your text editor ( normally Notepad).

Do a File >> Save As, given it a unique name and Save to your Desktop or some other permanent folder.

 

Kindly provide a copy of that run report. Attach it with reply.

 

When done with Adwcleaner, click the X button to Exit out.

[ 3 ]

This pc has Webroot Secure Anywhere.  It needs to treat Malwarebytes as a trusted application, so we can rule out any conflicts with Malwarebytes.

Could you also try configuring mutual exclusions in Malwarebytes and Webroot Secure Anywhere. The article linked below lists out the Malwarebytes files/folders to add as exclusions in Webroot:
https://support.malwarebytes.com/docs/DOC-1123

For instructions on configuring exclusions in Malwarebytes, please refer to: https://support.malwarebytes.com/docs/DOC-1130

Folders to add:

  • C:\Program Files\Webroot
  • C:\Program Files\Common Files\Webroot
  • C:\ProgramData\WRData


Files to add:

  • C:\WINDOWS\System32\drivers\WRkrn.sys
  • C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys


Be  sure the computer is restarted afterwards and check if this has any impact.

Keep me advised.   We can do more later, as needed.

Thank you,

Share this post


Link to post
Share on other sites

Hi,

Just checking in on you.  Have you applied my suggestions?  How are things?

Maurice

Share this post


Link to post
Share on other sites

Hi Maurice,

Thank you for checking up. That's appreciated!

The AdwCleaner did not deliver a threat result. Also I have not experienced the Adware again. I suspect that's because of the clearing of cached image and file data.Thank you for your advice. I have learned a new shortcut and some new trouble shooting steps.

With kind regards,
Joko

Share this post


Link to post
Share on other sites

Hi Joko.

That is very good.  I am glad to have helped.  We will mark the case for Closure.

All the best to you.

 

 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.