Jump to content

PUP.Optional.TorrentSearch


Go to solution Solved by Maurice Naggar,

Recommended Posts

My Company was hit with a Ransom Attach 2 months ago, we were being blackmailed.  IT ended up building an entirely new network and we lost 90% of data.  I am working remotely today and Team Viewed into my computer at work.  Previous to the attach my personal accounts and work account were synced, sync is off on work computer but on on my home computer.  Looks like the Ransomware is still attached in Chrome on my personal accounts and I probably reinfected the office.  IT is ready strangle me!

Can someone please help me get rid of this?  It cost my Company over $100,000 to get up and running after the attach (we did not pay the ransom).  I was out of work for 1 month because of this and may have just devastated us again.   I have attached the Malwarebytes report from the scan, but I was looking at the folders in the following directory, looked up the name of the first folder and that led me here. (Extension Screenshot for folder names).   I can't work until I can resolve this so my paycheck is dwindling quickly - I will have to resort to pan handling very soon!

C:\Users\annbl\AppData\Local\Google\Chrome\User Data\Default\Extensions 

 

Extensions Screenshot.PNG

Report 1.txt

Link to post
Share on other sites

Hi. :welcome:

Your pc has Premium Malware yes for Windows.  That has multiple real-time protections, including anti-ransomware.

What the last MB scan found are PUP.Optional.TorrentSearch

 

Why are you presuming ransomware ?

I will need other reports from this pc.

Meantime,

Let me suggest you do one scan with Adwcleaner to check for adwares.

First download & save it 

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

Link to post
Share on other sites

  • AdvancedSetup changed the title to PUP.Optional.TorrentSearch

Hi. I am adding a few additional notes. Just to highlight some key points.

When we look at the folder names of the browser extensions of Chrome, know that the names are a bunch of alpha characters. Do not attribute to that any presumption of bad stuff.

Those names are very often a big string of alpha characters. That is not a cause for concern.

Remember, we use known security apps to scan for malware.  Actual security tools used to help make the determination !!

.

As to ransomware, those will display distinctive screen windows asking for crypto payments AND also will ENCRYPT lots of user documents such that you cannot open them or even view them.

That is to say, those 2 types of things would be key indicators.

I expect that that is not the case here.

I look forward to your completing the scan with ADWCLEANER.

Sincerely.

 

Link to post
Share on other sites

Yes I have MB Premium.  My Company was hit with ransomeware a few months ago - They encrypted all of our data and wanted $150,000 with the amount doubling each day we did not pay it.  FBI was no help at all, we ended up hiring an IT Company in Australia to assist.  We ended up loosing 90% of our data and had to build a new server to begin operating again.   

3 days before the ransom attach happened, my work computer was not operating correctly and I downloaded the free MB ran a scan and these same three listings were found.  I alerted the IT department but three days later all our data was encrypted with a demand for $150,000.  No further details were given to me confirming or denying that these three items were the cause so I am just assuming that they were.  But now i have learned that this most likely from a Torrent and if so this has been sitting with my data in Google's cloud for 5 plus years.  I stopped with the Torrent scene over 5 years ago.   So here is the million dollar question.....What the heck is Google doing?  Obviously not scanning a darn thing which is even more alarming - I may be wrong but that is whole lot of cloud files just festering and infecting everyone!!  Ok done with my rant.  

The Folder with the long alpha character names - I try to get familiar with various folders and files and when something looks and seems off - I copy and drop it in Google Search and the that first one I notated previously brought up Virus, trojan and all sorts of nasties - also brought me to this group.  I understand a small bit about this technical stuff - I was much better with DOS and Win XP than Win 10 and new technology.

I attached the logs and here is screenshot of the settings in ADW - I didn't adjust anything because I have no idea what these settings are for and will do.

I greatly appreciate the assistance with this and any guidance/help you can offer - as of now my company has taken everything off the new server and shut down as a precaution.  They have MB Premium as well for the Company, as of now they have found nothing but after what happened a few months ago we are not taking any chances.

 

image.thumb.png.fcffa166ac4ff2fa88ad5569a6a08f36.png

 

image.png.d7b88310ca8dc89b4617a0bae71e45cf.png

 

AdwCleaner[C00].txt AdwCleaner[S00].txt

Link to post
Share on other sites

  • Solution

Very good cleanup by Adwcleaner for the Chrome browser. It removed what appear like 3 search hijackers.  Good result since it did remove those.

None of those are 'ransomware' !

I gotta re-emphasize that .

These 3 are P U P.

.

Note I did not ask to change any option on Adwcleaner.

We are done with that.

Also know, that whatever happened at your company months ago, Is not to be assumed to be associated to what your pc is at this time.

We use known security scanners to find & remove any actual 'boogers' / malware.

.

Here are tips on keeping your web browsers safer.   Please make time  and read all of this.     apply the tips.

See this article on our Malwarebytes Blog

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

 

Scroll down to the tips section "How do I disable them".

 

If this pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

 

To get & install the Malwarebytes Browser Guard extension for Chrome,

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

 

For    Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

 

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

 

Then proceed with the setup.

 

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

We will do more later.:D

Edited by Maurice Naggar
Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

[ BEST PRACTICES ]

Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

 

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best practices & malware prevention:

  • Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
  • First rule of internet safety: slow down & think before you "click".
  • Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).
  •  
  • Free games & free programs are like "candy". We do not accept them from "strangers".
  •  
  • Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
  • Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
  • Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
  • Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".
  •  
  • Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  • See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
  • Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.
  •  
  • Do a Windows Update.
  •  
  • Make certain that Automatic Updates is enabled.
  • https://support.microsoft.com/en-us/help/12373/windows-update-faq
  •  
  • Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.
  •  
  • For other added tips, read "10 easy ways to prevent malware infection"

https://blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-malware-infection/

:cool:

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.