Jump to content

PUP.Optional.BrowserGuardian need help with removal


Recommended Posts

Please be very explicit in describing.  You mean that the Media Creation tool has been prepared on that USB ?

and

let me know , if you know how to adjust the BIOS boot order, such that it is set to boot first from a USB ?

that is another key step.

There is a big page at HP support on BIOS / UEFI  and the options.   It is quite dense.

https://support.hp.com/us-en/product/hp-pavilion-dv6-3000-entertainment-notebook-pc-series/4150017/model/4230495/document/c03801890

I believe what we need you to do is to press ESCAPE key at the very early part of the machine's boot-up

and  then look at the BIOS /UEFI  options,  and then I believe pressing F9 function key so that one gets to "Boot device options".

Make the proper selection so that it boots first from USB.

 

Insert the Media Creation USB into the USB drive.

 

Finalize and save the change in the BIOS / UEFI

.

allow or make the machine restart.

 

Once the process gets moving, it may look like it is going to do a Windows 10 install.....but we are after other options.

Click the Repair your computer link in the bottom-LEFT corner.

image.png.418a768ed1d8946ef4a2cdd0a680e364.png

 

Next  Click the Troubleshoot button.

Click the Advanced options button.

Now click the Command prompt button.

Then let me know when the machine is at that spot.   and for grins, tell me what it shows to the left-side of the >

 

Edited by Maurice Naggar
correct typo
Link to post
Share on other sites

In the boot manager there is only notebook hard drive and internal cd/dvd rom drive

up and down arrow to change option.ENTER to select an option

press f10 to BIOS setup options. esc to exit

 

Link to post
Share on other sites

What sub-options are there under BIOS setup ?

anything there as far as boot device order ....with like USB / DVD

 

You should be able to boot off the DVD.    Just take your time.  No rush.

Link to post
Share on other sites

Ahh.  OK.  That is what is referred to as "the"  "Windows Recovery Environment".

What my first wish is here, is to set a setting such that on each bootup or at the point just before Windows tries to load, to have the machine show a screen so that IF you need to, you can then use the F8 function key to get to Advanced Startup options.   ( like for example, to select Safe Mode with Networking or just Safe mode or a startup to  Command prompt ).

 

So where the machine is now, I would suggest that you type verbatim each command line & after each, press Enter key on keyboard.

C:

 

cd \windows\system32

 

bcdedit /set {bootmgr} displaybootmenu yes

 

wmic recoveros set AutoReboot = False

 

Once that is all done,  remove the recovery media ( DVD or USB )  and keep safe.

Then you can do a Power Off,  wait a minute,  and then power back up.

But then the next goal is to be watching for the screen that first comes up so that you can then tap the F8 function key so that you can select "Safe mode with Networking"    ( if at all possible).

The screen will look like this one here

147603d1502113428-enable-disable-f8-adva

 

When you see the Startup Settings options screen,  you can select with the number 5 or else with the F5 key  so that you pick "Safe mode with Networking",

image.png

Link to post
Share on other sites

That is so awesome.   Bravo.   I truly mean that.    😎

If I had you download the Malwarebytes Support tool before, you can use that  & not have to re-download it.

At this point,  let us just stay n Safe mode with Networking.

What I would like very much, is to get a readout report  so that I can review.   After that,  I can do some additional guidance.

The very original issue of this case was a PUP.optional  "browser" pest.

 

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

Download Malwarebytes Support Tool
        

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.2.802.exe  to run the report

 

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".


        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next

Now click the left-hand side pane "I do not have an open support ticket"


    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.


    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.


    Please attach the ZIP file in your next reply.

Link to post
Share on other sites

By that do you mean, that the tool simply just closed itself ?

Tell me, Can you try running FRST64  so that you can send new FRST reports ?

Link to post
Share on other sites

Thank you so much for the MBST support tool report.  The machine should be free from the pest "browserguardian".  That should have been the case since late evening of July 5th..

Let us just do a scan in place  ( eg, staying in Safe mode with Networking) using Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Have patience during the run.

When the scan phase is done, and if it has tagged some items,.... be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

I will have other things to do later.  Thank you very much for your patience.

Link to post
Share on other sites

Here is the report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/12/20
Scan Time: 11:17 AM
Log File: ec28e656-c46b-11ea-9ff4-c80aa9aafed4.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.26735
License: Trial

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: Lupita-PC\Lupita

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298670
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Bravo again.   I truly mean that.    😎   The Malwarebytes for Windows is now at the very latest release and component.   There is no malware.

There are some references to AVG in some leftover firewall rules that should be removed.

There is a startup reference to Norton Utilities which need to be removed.   There are 2 Mcafee sevcies leftover.  + apparently a task entry for the Old old Microsoft Security Essentials antivirus.   Currently, the only resident antivirus should be just the Window 10 Microsoft Defender Antivirus.

There are other tweaks and cleanups that will be done by the custom script below.

I would note that the Windows Operating System is Windows 10  Build 1909   ( the fall 2019 build )  which is not what I would have expected.

But in any event, this build does not expire until it is 18 months out from first release by Microsoft.  That is to say until Spring 2021.

There is no need to be getting build 2004.   If you ever do a Windows Update manual run and see it listed below a single big line, just do not click on the "Download" button.

This build here is good.   It will be in better shape after we get all done.

,

Housekeeping in Malwarebytes.    There is one setting in Malwarebytes that needs to be off.   So that the Microsoft Windows Defender is all enabled.   The Premium ( or trial ) protections of Malwarebytes will still be on.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Click the Security Tab. Scroll down to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

Next:   Click the small X  on the far left of the Settings  bar   ( on the top second bar)

Look at the Scanner tab  and click on empty spot near the top.  That is just to expand out that area.

Click the  tab "Scan Scheduler".   I believe the scheduled scan is set for something like 2:29 AM

You can either pick that line and Edit the time to something that suits you better, like maybe the lunch hout or afternoon.   Or else just Delete that task;  and you can still do on-demand manual scans as you desire.

Close Malwarebytes when done.

.

This custom script is for  Malopr  only / for this machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRSTENGLISH window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.   and when you see the few seconds of display of a black screen with the "Windows 10 start"  just let it be or you can just press the Enter-key so that it goes forward and does a normal Windows start.

 

I truly hope this will do well.   Keep me advised.   Thank you so much for your patience.

 

Fixlist.txt

Link to post
Share on other sites

Just try CLICKing it to the left.   Sometimes click will do better.

If no joy,  just skip over that part.    Just please keep going with all the rest.

Link to post
Share on other sites

That is a very good run.   How are things at this point ?

As I mentioned before,. keep the USB with the Media Creation tool safe & stored away.  It is a lifesaver if Windows gets in a bad pinch.

.

Take a few moments and do a "Create RESTORE point" using the System restore function in Windows 10.  We just want to be sure to create a new SR point.

Microsoft Support has a short & to the point How-To article

https://support.microsoft.com/en-us/help/4027538/windows-create-a-system-restore-point

.

If you have a Backup media   ( like a Western Digital or Seagate portable / external backup drive) I would male time and do a system backup of this system.

This is an ideal time to do that.   If you do not have backup media, shop around.  This kind of media is worthwhile and can also be a pc lifesaver.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

;

I will help you to clean up the tools we used  when we close this cse.

a few other tips so that your web browsers are beefed up / made a bit more safe.

 

   

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.  

Scroll down to the tips section "How do I disable them".  

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.  

To get & install the Malwarebytes Browser Guard extension for Chrome,  

   

Open this link in your Chrome   browser:  

   

Then proceed with the setup.  

  

. 

If the pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.  

Open this link in your Firefox browser:     

Then proceed with the setup.  

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down. 

 

 

 

Link to post
Share on other sites

I am very glad to know all that.  Very happy to have helped you.   And once again, it is a joy to see that this pc is now on Windows 10  and not on the old Windows 7.

First some specific cleanups.

To remove the FRST  tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

 

Delete msert.exe

Delete the ESET download     esetonlinescanner.exe

Delete the mb-support-1.6.2.802.exe 

Delete the mbst-grab-results.zip   on the Desktop

,

Adwcleaner you may keep and use as needed or desired, on-demand to check for adwares.

 

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

Stay safe.  I wish you all the best.   😎

Sincerely,

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.