Jump to content

PUP Easylife

Theosburgers
 Share

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted

Hello @Theosburgers:welcome:

My name is Maurice.  Please follow my guidance.  This is a real P U P.  Since it is on the Google Chrome browser it takes extra steps to deal with its removal. plus, you gotta be extra careful to TICK all the detected line-items on what is detected by Malwarebytes.

[   1   ] 
Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok". 
[   2   ] 
for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history" 
Check mark the line "Download history" 
Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue ) 
[   3   ] 

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON        👈

Click it to get it ON  if it does not show a blue-color

.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click  ( tick )   the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).    👈

🔻

MB4_scan_tick_ALL2.jpg.e8a7f94bceca3237b7dbe17faacfa577.jpg

 

 

Then click on Quarantine selected.

MB4_scan_all_Quarantine2.jpg.dd0e7b543cdb7c69c37bcf14f0e5b9d1.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
  • 1 month later...
Theosburgers

Theosburgers

Posted
  • Author
Posted
On 1/10/2021 at 2:22 PM, Maurice Naggar said:

Hi Maurice,

Sorry I'm getting back to you so late. Life has been busy recently.

Attached is my log after following your steps. I cleared the data that you specified, and then ran the special scan with all items ticked.

It still seems like the virus is there after quarantining, and keeps popping up each time.

Please let me know what my next steps should be!

Theo

 

Hello @Theosburgers:welcome:

My name is Maurice.  Please follow my guidance.  This is a real P U P.  Since it is on the Google Chrome browser it takes extra steps to deal with its removal. plus, you gotta be extra careful to TICK all the detected line-items on what is detected by Malwarebytes.

[   1   ] 
Use Chrome browser   to go to https://www.google.com/settings/chrome/sync and sign into your account.
Scroll down until you see the "reset sync" button and click on the button
At the prompt click on "Ok". 
[   2   ] 
for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history" 
Check mark the line "Download history" 
Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue ) 
[   3   ] 

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON        👈

Click it to get it ON  if it does not show a blue-color

.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click  ( tick )   the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).    👈

🔻

MB4_scan_tick_ALL2.jpg.e8a7f94bceca3237b7dbe17faacfa577.jpg

 

 

Then click on Quarantine selected.

MB4_scan_all_Quarantine2.jpg.dd0e7b543cdb7c69c37bcf14f0e5b9d1.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

 

malware.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Yes, Hi Theosburgers.  Let me know after you have done that.

and follow that up with what follows below.  By the way, this is not a "virus".  It is just a leftover trace in Chrome about some sort of easylife P U P.

It is not a virus.  This is more like a advertising pest. P U P stands for "P'otential 'U'nwanted app.

suggest a  check with a tool, an anti-adware tool from Malwarebytes.

Be sure you close all web browsers before you click on the "Scan" button on this next procedure.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

 

Please also provide a summary description as to the original issue that started this case.

Thank you.

Link to post
Share on other sites
  • 3 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept