Jump to content

AdwCleaner issues


Recommended Posts

On 8/9/2019 at 3:25 AM, Elisabeth said:

Hi @Stepan_,

Can you zip the quarantine folder and send it? You can send me the file in a private message if you prefer.

Thanks!

Any chance you might be able to help me out with one of these as well?  We scanned our clients computer a couple years ago and it identified the HP scan and other associated software as malware.  Well now she needs to use her scanner and is unable to.  I've spent probably 4 hours running hp un-installers and scrubbers then re-installing software.  The installer is still seeing some remnants of the scan software and is not re-installing the drivers or hp scan software.  I've attached a zip of the just the folder/files need re-named and there are 206 of them so to do it manually would take forever.  I'm pretty sure I know where the files need to be restored to, but if all files and subfolders don't go in "C:\Program Files (x86)\HP\Digital Imaging\bin\" please let me know the proper restore location.
Thanks in advance for your time and any assistance you can provide.

112.zip

Link to post
Share on other sites

Couldn't figure out how to edit a post.  After digging through some more folders there are dozens of HP folders and thousands of files that got gutted by this false positive.  Most of them look to be in folders 91-154 other than some folders with a single file called key in them, I don't know what those are.  I've uploaded the quarantine folder zip to my google drive and shared it.  I'm basically trying to restore anything that has HP in the beginning of the folder and/or file name.  If you could help me with renaming files and identifying original locations it would be much appreciated.  I'm trying to avoid doing a full windows re-install just to fix a scanner problem, my customer has a lot of software they no longer have the licenses/discs for, and I'm running out of options.

https://drive.google.com/file/d/1SR7LK6GQweYYqc3yZzkCfX1vL5HcyISc/view?usp=sharing

Thanks again for your time.

quarantine.zip

Link to post
Share on other sites

Hello @CompRenSoldotna and :welcome:

A request has been passed to forum admin to split off your posts to your own topic.

In the meantime, please use the following procedural steps to only gather and post essential logs for review and analysis:

  1. Download the Malwarebytes Support Tool
  2. Double-click mb-support-1.8.3.885.exe to run the program.
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Please click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next.
  4. Navigate only to the Advanced tab.
  5. The Advanced menu page contains four categories. Only select Gather Logs.
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be uploaded to a forum post to assist with troubleshooting the issue at hand.
  6. To provide logs for review click only the Gather Logs button. This step could take up to several minutes to complete.
  7. Upon completion, click OK.
  8. An archive file named mbst-grab-results.zip will be saved to your Desktop.
  9. Please attach the above file in your next reply.

Thank you.

Edited by 1PW
Link to post
Share on other sites

Hello @CompRenSoldotna:

1.) Please download the Malwarebytes AdwCleaner utility and save that executable file to your Desktop.

  1. Double-click adwcleaner_8.0.9.1.exe to run the program.
  2. Accept the End User License Agreement.
  3. Wait until the database is updated.
  4. Click Scan Now.
  5. When finished, if items are found please click Quarantine.
  6. Your PC should reboot now if any items were found.
  7. The resultant report log files will make their way into the following MBST Support Tool's report. Please do not edit nor delete the contents of the newly created C:\AdwCleaner\ directory.
  8. Regardless of the findings from the above, if a restart did not take place, please restart the Windows 8.1 laptop and then continue.

2.) Much like my first post to you, please rerun the MBST Support Tool and ATTACH the newer archive file to your next reply.

Thank you.

Edited by 1PW
corrected font issue
Link to post
Share on other sites

45 minutes ago, exile360 said:

You may find the information in this HP support article helpful in getting your device's software reinstalled.  Apparently such issues are somewhat common with some HP printers and scanners based on posts in their official support forums.

Thanks @exile360, but unfortunately that is one of the many processes I tried already when troubleshooting this.  The problem I've been finding across the board is most of these HP cleanup processes is they are based around printing problems, not scanning problems.  In addition to the one linked I tried the two HP scrubber utilities listed on their download page for this model of officejet 150 mobile.  The 9 total scrubber batch files I ran seem to remove all traces of HP software from the install list, but the folder where most of the scan drivers/apps were located ("C:\Program Files (x86)\HP\Digital Imaging") were still there after cleaning/scrubbing steps.  I found one guide specific to scanning issues that had me doing all the normal windows repair stuff like sfc, clean boot, chkdsk, and dism.  None of those made a difference either as expected and I know we are dealing with good hardware as this laptop passed full diagnostics.  My last ditch effort that I'm trying to avoid before a re-install is running all the uninstallers again, the scrubers, and things like what you mentioned and then just re-naming all folders related to HP imaging stuff.  Then manually gutting all registry entries pointing to those folders.  I can do that, but going that far makes me nervous and I'm not even sure it will work.  Thanks for the tip though and appriciate the info.  HP software is always a nightmare and having been doing this kind of tech repair for 24 years it is the bane of my existence.  I really wish they would just make a batch cleanup tool that will remove all hp software and drivers for all models of printers / scanners.

 Here is the new log file @1PW .  It did list a few HP things for me to quarantine, but I did not considering all that's going on.  There were a couple other pup's that were removed though.

mbst-grab-results.zip

Link to post
Share on other sites

  • Root Admin

What issue are you having with doing a restore from Quarantine? Was that mentioned above?

Have you reviewed the following?

https://support.malwarebytes.com/hc/en-us/articles/360038479214-Restore-or-delete-quarantined-items-in-Malwarebytes-for-Windows

Are you getting an error message? @CompRenSoldotna

 

Link to post
Share on other sites

It was mentioned above, but the short and long of it is adwcleaner identified hundreds of HP files and drivers as malicious and quarantined them.  They are not showing up in the quarantine list to be restored.  As a result my clients scanner no longer works and even after hours of running HP driver scrubbers and re-installs it is not putting the files back I suspect because the folders and some of the files are still there.  So I need to rename any files in quarantine back to their original name and restore them back to their original locations.  Hopefully you have some scripting way of doing this because there are dozens of folders and hundreds of files.

Thanks,

Link to post
Share on other sites

Unfortunately, any objects in Malwarebytes' quarantine will be encrypted (this is standard industry practice to prevent malware from easily restoring them or the objects accidentally being executed by anyone using the system).  If they are still in quarantine, they should still be showing up in the quarantine list, but it's possible that they were either restored and something somehow went wrong during that process, or they were never successfully fully quarantined to begin with and were somehow modified or damaged so that they no longer function properly.  Much of that is of course just speculation based on my fairly basic understanding of the situation and ADWCleaner's functions.

Link to post
Share on other sites

  • Root Admin
On 1/29/2021 at 4:11 AM, CompRenSoldotna said:

We scanned our clients computer a couple years ago and it identified the HP scan and other associated software as malware. 

I'm sorry but anything that is over a couple of weeks or so would start to be difficult to restore due to all the file changes and updates from antivirus and other program updates.

I can work with you to try and see if we can get the scanner working but a restore after a couple of years is out of the question.

Let me get some updated logs please and we'll see what we can do.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

I'm sorry. It really does not matter at this point. There is nothing I can do or anyone else can do about restoring files a couple years later.

Again, I am more than will to try and help you get it working but if you're fixated on thinking a restore is going to help you then I won't be able to help you.

 

Link to post
Share on other sites

  • Root Admin

Up to you. Myself and several others here have 10,20,and 30 years experience in working on computers.

Regardless of how you move forward I would highly recommend you make image backups of the current system and System Restore Points as well.

Macrium Reflect has a good, free product to do so.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.