Jump to content
adwhitak

pup.optional.mysearchdial

Recommended Posts

when i run malwarebytes, every scan shows PUP.optional.mydialsearch and it will not go away

 

this morning i saw my webcam turn on by itself. i need help!!

Share this post


Link to post
Share on other sites

Hi,     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 


I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.4.760.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

We will deal with the PUP  ( search hijack ) as the primary issue.   Any issue with functioning of the web camera has to be put on the back buner,   ( that may well be just a hardware or camera-driver thing).   Our main goal here is looking for actual malware , PUP, malvertising & other possible infections.

 

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   Again, please be sure to ONLY attach report files  with your reply (s)  as we go along.  Do not do a copy / paste into main body.

Thank you,

Sincerely.

 

Share this post


Link to post
Share on other sites

Hi, Ashley.   Thank you for the support tool report.

The "mysearchdail" pest is associated to history in Chrome browser, which makes it a bit more of a challenge to cleanup.  We will start with these measures.

Patience is key in all this.

 

[   1   ]

Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok".

[   2   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   3   ]

After that, make real sure that Chrome is "NOT" set to reload the pages from the last session

Go into the settings menu of Chrome by first clicking  the control icon of Chrome on upper right of the adress bar

Then look deeper in SETTINGS

image.png.a9d7082c3fd03e68500743e67d71b6db.png

 

Make real sure it is "NOT" set to "continue where you left off"

.

[   4   ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[   5   ]

I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

[   6    ]

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Share this post


Link to post
Share on other sites

OK.  Bravo.   The Adwcleaner run is very wothwhile.  A good cleanup, especially on Chrome.

 

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.

Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

 

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".

You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

 

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Share this post


Link to post
Share on other sites

Thank you.   That scan result is very good.   I am listing a few more steps below.   Your patience is appreciated.

[   1   ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

[     2    ]

Please Close and Save any open work you may have open.

Please close as many un-needed app-windows that you yourself may have open at this point.   So you can have a clear field of view.

 

This custom script is for     Adwhitak  only / for this machine only.

Close and save any open work files before starting this procedure. 

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder

Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:
Click the Fix button just once, and wait.

image.png.d118ccbc1c33516edd712d404db1c8cb.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

[   3   ]

One small thing.  Just be sure to update the Malwarebytes for Windows definitions & component pckage version.

Start Malwarebytes for Windows.  Click the Settings icon at the top.  Then look at the General tab.

and then click on the button "Check for Updates".

Follow all prompts.   Close the window when done.

 

After all that, Let me know if you see any "myseardial" re-appearence.

Fixlist.txt

Share this post


Link to post
Share on other sites

i am unable to find the file report after i ran the scan using Microsoft Safety Scanner

Share this post


Link to post
Share on other sites

That is ok.  Please go forward with all of the other steps.

Share this post


Link to post
Share on other sites

Thank you for the status information.  And for the Fixlog report.

The Windows System File Checker applet indicates there are some issues.   I would like to get that log.

Please start the Windows File Explorer  and go to the folder  C:\Windows\Logs\CBS

You will find the log-file CBS.log

with your mouse, click it one time so it has focus on the file.   Then do a right-click with the mouse on CBS.log and select "Send to Compressed Files folder".

It will show a message to the effect that the zip file will be created on the DESKTOP.

Proceed with the selection.   When done,  CBS.zip will be on Desktop.

Please attach the CBS.zip file with your reply.

Thank you.

 

Share this post


Link to post
Share on other sites

Hi Ashley,   Yes, it is, Thanks.

Later on, I will have some tips on Microsoft Windows Update.

[  1   ]

Windows File Explorer needs to be  set to show ALL  folders, all system files,  etc  including hidden files / folders

Open Windows File Explorer.

  • Select View   from its top menu bar  >   click Options  on the icon at the far right-side > Change folder and search options   ( from the drop down ).
  • on the next multi-tab mini-window
  • Select the View tab and, in Advanced settings,
  • select Show hidden files, folders, and drives 
  • and OK.

 

[     2     ]

When you get a chance,   ( A ) let me know if mydialsearch has re-appeared or if still gone

( B )  look for a file and attach it for my review

C:\Users\Ashley\AppData\Local\Temp\MpCmdRun.log

 

[   3    ]

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

[  4   ]    Let me know about the overall situation at that point.

Sincerely,

Maurice

Share this post


Link to post
Share on other sites

i think i found the file C:\Users\Ashley\AppData\Local\Temp\MpCmdRun.log but it says it is too large to upload... its 133 MB

 

i am running the ESET scan now, then i will run the the malwarebytes to see if mysearchdial is still present.

 

Share this post


Link to post
Share on other sites

Allright, just let the ESET scan finish.   When done, upload ( attach) the log from ESET.

As to the Mpcmdrun.log  see if you can upload it to a free site  ( where I can get it later).

Please upload MpCmdRun.log    to to a file sharing service such as WeTransfer.com or SendSpace.com

Once uploaded, you will have the option to copy a download link. Please copy that link and paste it into a reply.

Thank you for your patience.

Share this post


Link to post
Share on other sites

That link was for the file CBS.log  which I had from before.   The one I was interested in was the  MpCmdRun.log    that is located in this folder 

C:\Users\Ashley\AppData\Local\Temp\

Share this post


Link to post
Share on other sites

i am having trouble finding it. i have searched for it in the search bar of windows file explorer box as well as trying to find it myself. 

Share this post


Link to post
Share on other sites
Posted (edited)

Than you for the ESET scan report.  It found and removed 2 items.

To this point, I believe we are past the original issue of "pup.optional.mysearchdial"
If not, then let me know about it with detail.

 

I am of the view that this pc's Windows 10 would benefit a lot by getting fully current with Microsoft Windows Updates.   Therefore, the next 2 update tasks.

The first is to get the latest Service Stack update for 64-bit Windows.  The 2020-03 Servicing Stack Update for Windows 10 Version 1903 for x64-based Systems (KB4541338)

First just download & SAVE the file to the Downloads folder

http://download.windowsupdate.com/c/msdownload/update/software/secu/2020/03/windows10.0-kb4541338-x64_5db6cfc57a8bda4d13107ad24b3fe8fd790219cf.msu

 

Once after the download is completed, IF you see a choice "RUN"  then click RUN.   Otherwise,  go to that .msu file and do a right-click on it and choose "OPEN".

.

Once the run is completed, that means Windows is ready for the current Build release for Windows 10.

 

Uupgrade to the Windows 10 build 1909 ( or November 2019 build)  (else, if possibly offered by MS the 2004 build).  You should be able to manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  You should make a try each day, from here on out, till you see it offered.

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display like this when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

 

  image.png.b3ab9ff92d7b87dff184566c3254a30b.png

Getting that Windows build update will put this pc in a better position for a more secure operating system.

.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

thank you . i am about to try that. i have been trying for months to download it, but for some reason it says it is not installed successfully. 

Share this post


Link to post
Share on other sites

Take your time.  Go slow.  Let me know how it goes.

If this machine is a laptop or notebook,  be sure it is connected directly to regular power   ( not just battery power).

The update runs  ( especially the latter) may take hours.   Have lots of patience.

If you see a black screen, just move the mouse pointer around the screen  ( just motions with mouse)  for a few seconds.

Share this post


Link to post
Share on other sites

the same problem occurred. it says : "There were problems installing some updates, but we'll try again later."  this has been an ongoing problem for months. 

Share this post


Link to post
Share on other sites
Posted (edited)

Hi.  Be sure you let me know just which one of the update runs that was on

AND

let's also get a fresh report-readout from FRST ( FRSTENGLISH )    so that I can see the actual exception codes from MS Windows Update.   We will take things one at a time, by that I mean the attempts to fix that.

Go to the Downloads folder.

Right-click on FRSTENGLISH    and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen.

 

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.


image.png.7e3832696d5366389be7bc630629153c.png


The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.