Jump to content

Threats always come back the next day!


WBPalive

Recommended Posts

Hello! When I do an initial Malwarebytes scan it shows threats. I put them in quarantine and do the requested reboot. After that I delete the threats. Do a new scan, no threats detected.

The next day, when I turn on my PC and Malwarebytes detects what I think are the same threats from the day before. This has gone on for a couple of days, don´t really know what to do.

I will copy paste the report:

[Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/30/20
Scan Time: 12:41 PM
Log File: f1c5ed0e-0311-11eb-bf6e-80fa5b7bcbfb.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30590
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1082)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 278196
Threats Detected: 26
Threats Quarantined: 26
Time Elapsed: 1 min, 32 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.Trovi, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 495, 454808, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
Adware.Elex.ShrtCln, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454711, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 201, 838845, , , , , , 

File: 18
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 495, 454808, , , , , 3B14317F4DE1C132AE68032850A5A4FA, 12CBAEA1BC8324C63711CB6EF4221C6EB0AE8A75974836C61D458F42DE933673
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000065.ldb, Quarantined, 495, 454808, , , , , 088D331C1E39ADD40609B3755BB250A0, 8802361EF6882567A352D58141A422948EC81AF1D51C3E541AE4FFD42D987052
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000067.ldb, Quarantined, 495, 454808, , , , , 739F3D00C20AFE5AF621FE914BC31669, 5000CAD84FA55D22E0619383DAFFDF8E0CE932BF5719C1BB7B6731BC81D7E2D2
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000069.log, Quarantined, 495, 454808, , , , , D3846087468A219898D11F6FFE6DDE10, 23E537B5ADA2E7122AE93B3B8287C6526E1BB31DD4E9BF0F9505972E1F958371
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000070.ldb, Quarantined, 495, 454808, , , , , 505D66BA14376118674D8CDFBFFEF650, 9DF3621CE4C61877CEDAF70176B5F24DCEEB1693897F35B65AA7980CBFAF4059
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 495, 454808, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 495, 454808, , , , , , 
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 495, 454808, , , , , 1052927A6F741F1E808E5254E0183E90, 083A5832F431DF902BEAFDA9ACC111A653B204A2707C44C01426660D521C0E1D
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 495, 454808, , , , , C5E9E89DD5CD526B2C364A3FD75EEB81, 9609D3C8F764FF544CB53CC2155A64B427599CC602E9E3028E6CF471B2A891E4
PUP.Optional.Trovi, C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 495, 454808, , , , , CA2DB00C3A0F1F4CC3D4E6FB174EE9EC, 0395E623C70B8C1C47CD3DE7C35A121EB0D826099DFB6632DC95FC96F0122665
PUP.Optional.Trovi, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 495, 454808, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
Adware.Elex.ShrtCln, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454711, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 201, 838845, 1.0.30590, , ame, , E8D5C5F2EAA08D3626A902EFA466A950, 9339C2DA58EAC9B7BD04B3A61211AB3AD242A00DA2F82E9394136E042095795E

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)]

 

Thanks in advance!

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's see what we can find.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the log for my review.

Wait for further instructions
====

Link to post
Share on other sites

23 hours ago, nasdaq said:

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's see what we can find.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the log for my review.

Wait for further instructions
====

see mesages above :)

Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Syncing

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Please post the Fixlog.txt and let me know what problem persists.

p.s.

The Ublock chrome Extension will be removed.
Read about it.
https://chrome.google.com/webstore/detail/ublock-free-ad-blocker/epcnnfbjfcgphgdmggkamkmgojdagdnn/reviews?hl=en

You can replace it using a safer application.

Ublock Origin
from this site.
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

fixlist.txt

Link to post
Share on other sites

5 hours ago, nasdaq said:

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Syncing

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Please post the Fixlog.txt and let me know what problem persists.

p.s.

The Ublock chrome Extension will be removed.
Read about it.
https://chrome.google.com/webstore/detail/ublock-free-ad-blocker/epcnnfbjfcgphgdmggkamkmgojdagdnn/reviews?hl=en

You can replace it using a safer application.

Ublock Origin
from this site.
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

fixlist.txt 1.07 kB · 2 downloads

Fixlog.txt

Here it is.

I've had ublock in the past, several months ago but had removed it (Or at leats used google's remove extension option). I've been using uBlock Origin and AdGuard.

Thanks for the help :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.