Jump to content

OptimumSearch hijacker

AcousticChic
 Share

Recommended Posts

Android8888

Android8888

Posted
Posted

My screenname is Android8888 and my real name is Rui and will be glad to help you with your malware issues. Please feel free to ask questions if anything is unclear to you.

After looking to your logs I will ask you to proceed with the instructions below.


First step is uninstalling AdBlocker version 1.0.3.5 using the method below:

  • Click on Start > Settings wheel > Apps/Programs
  • Select the program AdBlocker version 1.0.3.5 from the list and click Uninstall.
  • Follow the prompts to complete the removal process.


Next step, remove these two Chrome extensions using the method below:
Optimum
IncognitoSearches Search

Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the extension to remove.
A confirmation dialog appears, click Remove.


Next step, run the following fix with FRST.

Warning: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system.

Now follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file (at the bottom of this post), and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next step, run a scan with Malwarebytes as instructed below:

  • Open Malwarebytes.
  • Go to "Settings" (upper right corner wheel), "Security" tab, and ensure that Automatic quarantine button is turned On.
  • Now scroll down a bit until "Scan options" and ensure the Scan for rootkits button is turned On.
  • Close the "Settings" panel and click the Scan blue button to perform a new scan.
  • Once the scan is completed click on the View report button, then on Export and select Export to TXT.
  • Save the file as a Text file to your Desktop or other location you can find it.
  • Please attach that file in your reply.


Next step, run a scan with AdwCleaner as instructed below:
Please download AdwCleaner by Malwarebytes to your Desktop.

  • Close all open programs and Internet browsers.
  • Right click on AdwCleaner.exe and select Run as administrator to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
    IMPORTANT:
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive item(s) or program(s) that you wish to keep, Close the AdwCleaner window.
  • Close all open programs and Internet browsers.
  • Right click on AdwCleaner.exe and select Run as administrator to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • The log can also be found at C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where xx is replaced by a number, the largest number is from the more recent log and is the one I need to see).
  • Please attach that log file in your next reply.


In your next reply please attach these logs for my review:

Fixlog.txt
Malwarebytes log
AdwCleaner clean log.

Let me know if the problem persists.

 

Thank you.

Android8888

(Rui)

fixlist.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @AcousticChic

Your helper @Android8888 is in a different timezone and I believe it's quite late for them.

You may want to try the following and see if this helps and your helper will be back again as soon as they can.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Thank you

 

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello @AcousticChic

Please read carefully and execute the instructions at the link that @AdvancedSetup posted in his previous post and before turning on Chrome Sync, execute the fix with FRST and also the scans as instructed.

Thank you.

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

@AcousticChic

You can delete all Registry items found by AdwCleaner. Re-run AdwCleaner and delete these:

PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\searchenginejournal.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.searchenginejournal.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\searchenginejournal.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.searchenginejournal.com
PUP.Optional.SpeedBrowser       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
PUP.Optional.SpeedBrowser       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\browser.exe

 

You can keep the Preinstalled Software. Let me know if are running in any difficulties.

Also, I need to see the Malwarebytes log after scanning, not the service log. Please attach that log for my review.

 

Thank you.

 

Link to post
Share on other sites
  • 2 weeks later...
  • 3 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.