Jump to content

Adware removal


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello @Zygis.  

i will need some other reports as well

 

Please download MBST Support tool

https://downloads.malwarebytes.com/file/mbst 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

Link to post
Share on other sites

Hi. That is fine news. Glad to hear.

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

 

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward

Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

@Zygis.  Only Zygis.

Sorry to read situation on your last message.

In Malwarebytes for Windows program, we want to do a special scan.

 

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

 

Then click the Security tab.   

 

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

 

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

 

  • Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click ( tick ) the topmost left check-box  on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, when done,  locate the Scan run report; export out a copy; & then attach in with your reply.

 

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later. 

Link to post
Share on other sites

I hope i got what you needed .The registry key called Adware.SpecialSearchOffer, wont get removed.Tried evrything

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/19/21
Scan Time: 8:03 PM
Log File: 333d7f50-b8c4-11eb-844f-08606e6ce703.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40650
License: Free

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: \Administrator

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 416884
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 7 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.SpecialSearchOffer, HKLM\SOFTWARE\SProvide, Quarantined, 522, 840938, 1.0.40650, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

If at all possible, just only attach report as we go along.

On the 1 reg key you last mentioned, that 1 key does not have a payload. It can't do anything by its lonesome. I will get back to that later.

Special note:. The earlier tagging for RiskWare.Injector.Generic were false positives. The internal team has made corrections & auto updates should have flowed out.

You should not be seeing any more of those.

.

I d like you to use the Support tool to do a new Gather Logs.

You don't need to re-download the tool.

Just run it  MBST Support tool.

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

Link to post
Share on other sites

Hi. Thanks for the support tool report.

I have two things to do with the aim being to clear up the adware related & PUP issues.

[ 1 ]

Use option One or Two so that Windows shows ALL folders / all files 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

[ 2 ]

The following custom script is to clear out recent flagged items from the Malwarebytes scans.

 

The script Fixlist.txt needs to be saved to the Downloads folder.

The custom script on this post is ONLY for this machine and NO other.   

 

  • Please be sure to Close any open work files, documents, any apps you started yourself before starting this.
  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those.
  • The system will be rebooted after the script has run.
  • Please save the (attached file named) FIXLIST.txt to the Downloads folder 

Fixlist.txt

 

Start the Windows Explorer and then, to the Downloads folder.

 

RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool.

 

IF Windows prompts you about running this, select YES to allow it to proceed.

 

on the FRST window:

Click the Fix button just once, and wait.

 

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.