Jump to content
Gavin_K

ADW cleaner failed and Malwarebytes does not see.

Recommended Posts

Hi all, I recently ran a scan with ADW cleaner and it found three files, one of them was preinstalled software and the other two were registry entries and were labeled as "trojan" by the cleaner.

I hit Quarantine and rebooted, getting a green light that the clean was successful.

I repeated it again a week later and the results were the same, all three. I selected Quarantine>reboot and again got the all clear. I decided to run the scan again, immediately after the reboot and was left with the two reg keys only (screenshot) - so ADW cleaner is not managing to clean the entries and Malwarebytes seems not to see the problem at all.

Malwarebytes.jpg

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions
====

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If the problem persists will you please post the AdwCleaner log for my review.

fixlist.txt

Share this post


Link to post
Share on other sites

Can you please post the AdwCleaner log for my review.

I have difficulties reading the long string on your image.

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know is the issue is solved.

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

It may be a Sync issue.

If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

https://support.mozilla.org/en-US/kb/remove-synced-device-firefox-accounts

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button.

Reset the sync.

Restart the computer normally.
<<<>>>
 

Share this post


Link to post
Share on other sites

Thanks, I don't believe that I'm syncing Firefox with anything but I do have a 'whatsapp' extension which is not always connected.

Share this post


Link to post
Share on other sites

Hi,

May be.

I do not see the firewall items reported in your Addition.txt logs.

Lets see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
7743DB59-EB14-4D3A-B270-7140B0DBD2CD;E93EDA58-4730-42E8-9931-79AD0FDB56D8
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====
 

Share this post


Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by PeterPan (11-11-2019 21:39:22)
Running from C:\Users\PeterPan\Downloads
Boot Mode: Normal

================== Search Registry: "7743DB59-EB14-4D3A-B270-7140B0DBD2CD;E93EDA58-4730-42E8-9931-79AD0FDB56D8" ===========


===================== Search result for "7743DB59-EB14-4D3A-B270-7140B0DBD2CD" ==========


===================== Search result for "E93EDA58-4730-42E8-9931-79AD0FDB56D8" ==========

====== End of Search ======

Share this post


Link to post
Share on other sites

Hi,

Try an other search with this.
I have included the curly braces.

{7743DB59-EB14-4D3A-B270-7140B0DBD2CD}:{E93EDA58-4730-42E8-9931-79AD0FDB56D8}

Share this post


Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 10-11-2019
Ran by PeterPan (12-11-2019 18:18:55)
Running from C:\Users\PeterPan\Downloads
Boot Mode: Normal

================== Search Registry: "{7743DB59-EB14-4D3A-B270-7140B0DBD2CD}:{E93EDA58-4730-42E8-9931-79AD0FDB56D8}" ===========


====== End of Search ======

Share this post


Link to post
Share on other sites

Hi,

Since these entries are listed in the Firewall and nothing is reported in the Registry it's just some random items left over from an unknown source.

Resetting your Firewall will possibly remove them.

I would not do it and leave it alone. Nothing can come of it.

 

 

Share this post


Link to post
Share on other sites

Thanks very much for your effort on my behalf.

You suggest that I just do nothing.

That's what I'll do.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.