Jump to content

pup.optional.searchmanager infection x4


shaunoc1
 Share

Recommended Posts

Hi there, 
I have an infection on my PC from pup.optional.searchmanager. 
MWB is showing up 3 files in GOOGLE\CHROME\USER DATA\Default\Secure Preferences
and 1 registry value in GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings

I've tried all the methods in this post (sign out / reset sync / reset Chrome / deleting all other search engines in Chrome), but they keep showing back up. 


I've also tried AdWCleaner. It seems to find / quarantine / delete the files but they always show up again in the next scan. 
Also, I have another PC synced up to the same Chrome account and it's fine, there's nothing showing up on MWB scan on that one.

Files attached. Any help would be appreciated 👍
Shaun

Addition.txt FRST.txt MWBScanResult.txt

Link to post
Share on other sites

Hi,     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Lets make sure that you turned OFF the Sync option on Google.

Use Chrome browser  to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".


[ 2 ]

Let’s start by doing a new thorough scan with Malwarebytes for Windows.   The goal is to see whether there is an infection or P U P.

 

Let's do one new run with Malwarebytes for Windows.

Start Malwarebytes.

Click Settings. Click Protection tab & scroll down to Scan options.

On the section "Potential Threat Protection"
look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to
"Always detect PUPS ".

and

look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to
"Always detect PUM ".

and
scroll all the way down to the section Automatic Quarantine
On the line "Automatically quarantine detected malware" be sure it is ON



Then once all set there, click on SCAN button
Then insure Threat scan has a check mark. Then click Start scan.
Review the results list.
Then I would suggest you make sure all lines have a check mark

To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected)  to be selected for removal. Be sure each line is checked.

image.png.c390ccc1ab827c9d2b72dfe49907d433.png



Then you can proceed to click on the blue button Quarantine selected.


In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply 

 

Link to post
Share on other sites

Hi Maurice,
Thanks for your help with this 👍

Did all of the above; except for
"On the line "Automatically quarantine detected malware" be sure it is ON"  as it's not an option in the trial version. 

Performed the scan -- MWB found the same three files + reg entry again, screenshot attached. 
When I quarantined the files them it shut down Chrome; also it caused a reg change alert in Avira, screenshot attached. 
Scan report text file is attached too. 

Shaun

Screenshot-2019-09-04-10.37.jpg

Screenshot-2019-09-04-10.38.jpg

MWB_Scan_Result_04_09_2019.txt

Link to post
Share on other sites

The report file you attached looks to be from February.

 

I need to get fresh information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.4.0.623.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

Thank you.

Link to post
Share on other sites

Thanks for the report.   The last scan was run 4 Sept  and still shows a number of tagged items, like PUP.Optional.SearchManager.BITSRST

and involve Chrome

Lets do a custom cleanup for Chrome.

 

This fix is for shaunoc1   only.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply

Fixlist.txt

Link to post
Share on other sites

If you read that last scan report, do you see the notes ""No Action By User"".   ?

makes me wonder if you kept all the tagged lines check marked  and, then clicked on Quarantine selected.

 

Do another scan  like listed in reply above  https://forums.malwarebytes.com/topic/251187-pupoptionalsearchmanager-infection-x4/?do=findComment&comment=1332869

 

It is well worth the retry.

 

p.s.  The actual reports are best.   I do not need the screen grab images.  Those screen grabs cannot show all details.

Link to post
Share on other sites

Thanks Maurice -- 
I don't want to speak too soon but I think it's fixed. 
So initially I tried scanning again, same threats popped up as usual. 

So I tried doing a clean uninstall of Chrome as per this: 
https://pureinfotech.com/uninstall-chrome-windows-10/

I then ran MWB and nothing showed up. I reinstalled Chrome, synced with my account, just ran a fresh scan and still looks good. 
I'll keep an eye on it just in case, but it looks like a clean Chrome reinstall did the trick. 

Anyways -- Hope that's helpful to anyone else who encounters the same problem.
And thanks so much for all your help Maurice! 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.