Jump to content

PUP keeps coming back on Malwarebytes scanning even if qurantined


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello.  :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.   

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
Please only just attach   all report files, etc  that I ask for as we go along.  I

I need the full set of reports from the tool below.  Then wait for my further guidance.  We will be doing other scans for malware & adware.

I would appreciate  getting  additional / fuller  important details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.80.848.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one. 

Sincerely,

Maurice

Link to post
Share on other sites

Thank you for replying so soon. I will literally check my gmail from you every 10 minutes since I want to get this fixed quickly. 

I did try to install a program today and I forgot to uncheck the boxes where it had so many 3rd party apps, I thought I couldve fixed this by running malwarebyte scans and Malicious Software Removal Tool . Everything seemed deleted and good except this ludashi program, I can't find it any where, I also get pops ups from malwarebites once in a while, I have the screenshots I will show you in this reply. Thank you

 

(in the screenshot popup, sometimes the Domain is www.sludashi.com) it has a s in front of it and sometimes it doesnt

 

 

 

mbst-grab-results.zip

unknown.png

Link to post
Share on other sites

I did run Rkill and it couldn't find anything

I tried adwcleaner before this and it found the exactly same files as malwarebytes and I restarted my PC and deleted them from quaratine but if i scan again, the files are back. I believe this isn't on my computer but hiding somewhere I don't have access to.

Link to post
Share on other sites

http://www.ddooo.com/softdown/175836.htm is the website I downloaded from. after installing that program, there were like 6 checkbox I didn't check and they all got installed on my computer. I know LUDASHI and I know its a hidden trojan, I just don't know what to do anymore.

 

The picture down below is when I click on the popups I get, it has different ports everytime too.

unknown.png

Link to post
Share on other sites

Please do not go ( ever ) to the site link you cited above.   and thanks for the zip-file report set.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON        👈

Click it to get it ON  if it does not show a blue-color

.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click  ( tick )   the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).    👈

🔻

MB4_scan_tick_ALL2.jpg.e8a7f94bceca3237b7dbe17faacfa577.jpg

 

 

Then click on Quarantine selected.

MB4_scan_all_Quarantine2.jpg.dd0e7b543cdb7c69c37bcf14f0e5b9d1.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Link to post
Share on other sites

Hello.  Please understand that a screen-capture does not provide the full details that we need.  Good scan reports from the program itself is what is always needed.

Do a new Gather Logs procedure with the Malwarebytes support tool so that we can get a new ZIP file report, that will also cover the details from Adwcleaner as well.

open your Downloads folder  using Windows File Explorer.
    Double-click mb-support-1.80.848.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

Please know I help here as a volunteer.  and that I am not on 24 x 7.
Help on this forum is one to one. 

Sincerely,

Link to post
Share on other sites

Thanks for the new support-tool-report set.  I noticed that you had run Adwcleaner several times on the 4th.  It is important while the case is on-going that you not run tools repeatedly unless I guide you.  I most always ask folks to run a procedure one time.   One time only.  If something comes up that needs attention, let me know and then wait for my direction.

The current situation is that there looks like 2 registry values keep re-appearing.  They should not.  So in that situation it will take extra custom procedures.

Just please follow my guidance  & only do my procedure.   as outlined & only once.  If something is questionable, stop and ask me about it.

The following section consists of one custom script run.  To only be done One Time only.

The goal here is to have it remove a couple of extraneous registry values, and, to run the Windows System File Checker tool.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or so.

The system will be rebooted after the script has run.

.

This custom script is for BOSSTAN  only / for this machine only.

 
Close and save any open work files before starting this procedure.    If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

The  custom Fix script is going to be used by the FRSTENGLISH  tool. They will both work together as a pair.

Please save the (attached file named) FIXLIST.txt   to the  Downloads  folder

The tool named FRSTENGLISH .exe   tool    is already on the Downloads
Start the Windows Explorer and then, to the Downloads folder.


RIGHT click on  FRSTENGLISH   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   


Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Fixlist.txt

Edited by Maurice Naggar
Link to post
Share on other sites

I see 2 posts that look the same.   I do not understand why you make mention of "whitelist" ???

Please slowly, carefully re-read all of my preceding reply made the other day.

You were supposed to SAVE as - is  the Fixlist.txt  that was attached  & save it to the the  Downloads  folder   C:\Users\fakerhao\Downloads

after that, to start FRSTENGLISH

then click the Fix button

Link to post
Share on other sites

Let us just do a simple report run.    

Start the Windows Explorer and then, to the Downloads folder.      C:\Users\fakerhao\Downloads

Right-click on FRSTENGLISH.exe     and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.
 
Windows 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen.
Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.
 
Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 
 
Click Yes when the  *disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.
 
Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.  Have patience since it may take several minutes to gather the reports.

 

image.png.5d47975010636d1d032768cefa8d6625.png

The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.
 
Please attach these 2 files to your next reply.   I need these reports for review & to guide you forward.  We will have more to do later.
Thank you.     😎

Link to post
Share on other sites

Thanks, I got the FIXlog.txt   report.   There are 2 additional operations that I would like you to do, so that Windows corrects some things.

Each of the commands may take somewhere like 10 or 15 minutes or so.  Have lots of patience and let Windows do its tasks.

Open an elevated command prompt window i.e. run Command Prompt as an administrator .

It is best to use the Windows Copy ( CTRL+ C )  and paste  ( CTRL+V )  for the whole line, as-is

To Get the elevated command prompt, press Windows-key + X key  and then selected Command prompt ( Admin )

On that command prompt,  Copy & Paste this command

DISM /Online /Cleanup-Image /RestoreHealth

press Enter-key  and then observe  & monitor.   When it is all done with that, jot down on paper what it said at the very end.

The following is the next task    ( again, also for the Command prompt

Copy & Paste this command

sfc /scannow

and press Enter-key.  Wait and then jot down on paper the final result lines.

When all done, kindly report back both results.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.