Jump to content

Dealing with PuPs on an inherited work laptop


Recommended Posts

Hello,

I've been given a work laptop and the location I am working from has a lot of laptops that are in a poor state. We're talking "some drivers hadn't been updated in 3 years" type of state, for additional context.

 Currently I'm very frustrated because there are some PuPs that usually come in the form of browser extensions or downloaded pc cleaners/antiviruses, but I can't find anything in add/remove programs and I've checked the browsers on this laptop. Nothing is synced right now.

Laptop specs are: HP ENVY TS m6 Sleekbook

Processor: AMD a10-5745M APU with Radeon (tm) HD 

Graphics 2.10 GHz
Installed RAM: 6 GB (5.21 GB Usable)

System Type: 64-bit operating system, x64-based processor

Windows Specs:

Windows 10 home
Version 1809

Installed on 4/3/2019

OS Build 17763.1457

 

 

I've attached my first malwarebytes txt log taken 9/9 and the scan I took yesterday. From the first log I quarantined the astromenda files but wasn't sure if I should do anything else.  In general maintenance, I've updated all the drivers, fixed that the windows update wasn't occurring, created a system restore point, defragmented the computer (It hadn't been running or I would have left it on its autoschedule), and removed items from windows startup (they stuck a bunch of office applications in there that were causing it to lag severely).

As a side note, I might need to go through the other laptops around me because I've noticed that one laptop has CC cleaner, malwarebytes, and 3 different antiviruses outside of Windows Defender. Not really relevant to my current dilemma but wouldn't mind some feedback on if my approach is okay (checking update status, removing stuff from startup, running windows defender and malwarebytes).

first report.txt second report.txt

Link to post
Share on other sites

Hi,  
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Malwarebytes 3.6.1.2711   is a very old version.    You should be on the Version 4  of Malwarebytes for Windows.   I will guide you.

Also, the Windows 10 operating system version is way out of date.   We should aim to get this Windows upgraded to Version 2004.

Hold on for a few minutes, for my next reply.

Link to post
Share on other sites

Please read all that follows first so that you are fully clear in what is involved.

Ideally you want to save the download file to the Desktop   for ease of operations.

Also, be sure to accept the default installation location for the program.    It needs to be installed in same logical drive where Windows is also stoed.

 

the Malwarebytes installer is at this link
 
https://downloads.malwarebytes.com/file/mb4_offline

 
 
download and save the setup file . It will automatically download. Just SAVE first.
 
1. RIGHT-click mb4-setup-consumer- 4.2.1.179-1.0.1045-1.0.nnnnn   .exe & select “Run as Administrator”   to start the Malwarebytes for Windows setup.
2. Follow the installation instructions to complete setup.
 
Watch all of the process. Have lots of patience.

Next things to do in the program:

Start Malwarebytes.    Then click on the Settings icon  at top right.

Then look on the GENERAL tab.    then  click on the button " Check for Updates ".     Have patience   & follow all the prompts.

The latest  is Version 4.2.1.89

.

IF the update run does not succeed, then STOP  and provide me all details.

When you do have Version 4.2.1.89   then proceed with next step.

[    2    ]

 

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the Security tab.  

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".
You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.
Next click the blue button marked Scan.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

Then click on Quarantine selected.
Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Hi Maurice, Nervous is fine for addressing me.  Especially since I've been trying to respond but forum issues have prevented that up til now! I apologize for such a long delay, the error 500 bug was hitting me quite hard. Fingers crossed this message is able to go through!

I was able to update just fine from the link you sent me and I ran a scan. I quarantined all items and was asked to restart, so I restarted my computer.

Here is the scanlog from yesterday. Shoud I be concerned that there are some registry keys in there?

 

 

scan report.txt

Link to post
Share on other sites

Hello.   Thanks for the report from Malwarebytes for Windows.   That is a very good cleanup.    and no, there is no need for any worry about registry entries.

The cleanup took care of the remainders.

Be sure to know that there is no need for any "cleaner" apps like CleanMyPC, or RegCleanPro, or other stuff like Advanced System Protector

All those & any ones similar are junk.   snake oil junk.   and often they are harmful.

.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.
 

 

Link to post
Share on other sites

Alright, had kind of an odd issue; I could save the clean file but no matter where I saved it,I couldn't see it? Double checked permissions and couldn't see why that was happening, so I copied all the text in the file and pasted it into a new notepad file. I hope that still works for you okay? If not let me know.

 

 

cleanfile.txt

Link to post
Share on other sites

OK.  Thank you.   That is a worthwhile cleanup.

NEXT

I would suggest a free scan with the ESET Online Scanner
Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.
 
 

Link to post
Share on other sites

Hi Maurice,

The scan completed and it found 18 items. Unfortunately even though I clicked to save the scanlog, I also hit the "delete on exit" button by mistake and I believe this erased it as I can't open the .txt file that saved to my desktop and it only appears in my "recent documents" window. I'm sorry for the trouble :( 

 

Of the items I think most were the quarantined PuPs, but it said it found some trojans as well? They looked like part of Java.  I'm very frustrated with myself for this, I'm not sure if you'll still be able to help me from here? 

Link to post
Share on other sites

Hello.   You may run another / different scan.    Take your time, go careful.   do not rush.

TrendMicro HouseCall scan
https://www.trendmicro.com/en_us/forHome/products/housecall.html


First, Download & Save to your Downloads folder the appropriate HouseCallLauncher

Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.
Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

IF you wish a Full scan or a Custom scan, first click on the Settings
then you can select which drives you want to include in the scan.
The default is a Quick scan.
Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
If you see an item that you know is safe, you can click the Action  , and select Ignore.
When all done & ready, click the Fix now button.

 

Let me know the result.   Let me know about the security situation on this  Windows PC.

Regards.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.