Zygis Posted May 17, 2021 ID:1457340 Share Posted May 17, 2021 Hello soo for the past couple of days ive been tryng to remove this adware but evrytime i delete it it seems to come back.I tried evrything to delete it but it just doesnt remove.Is it possible to delete this adware.Help pls Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 17, 2021 ID:1457360 Share Posted May 17, 2021 Hello @Zygis. i will need some other reports as well Please download MBST Support tool https://downloads.malwarebytes.com/file/mbst Once you start it click Advanced > Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Link to post Share on other sites More sharing options...
Zygis Posted May 17, 2021 Author ID:1457378 Share Posted May 17, 2021 1 hour ago, Maurice Naggar said: mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 17, 2021 ID:1457382 Share Posted May 17, 2021 Thank you. I will get back to you in a few. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 17, 2021 Solution ID:1457390 Share Posted May 17, 2021 Let me suggest you do all the steps listed here https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523 Attach the clean log from Adwcleaner. Link to post Share on other sites More sharing options...
Zygis Posted May 18, 2021 Author ID:1457538 Share Posted May 18, 2021 AdwCleaner[C00].txtAdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Zygis Posted May 18, 2021 Author ID:1457589 Share Posted May 18, 2021 Thank you soo much you helped me a lot.I tried scanning now aftert all the steps and it doesnt appear anymore.Thanks again. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 18, 2021 ID:1457634 Share Posted May 18, 2021 Hi. That is fine news. Glad to hear. I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Zygis Posted May 19, 2021 Author ID:1457838 Share Posted May 19, 2021 Hello again.Today i checked my pc opened up malware bytes and i saw i had 48 detections called riskware injector.Help me please how did i get them in my pc? Link to post Share on other sites More sharing options...
Zygis Posted May 19, 2021 Author ID:1457842 Share Posted May 19, 2021 Well another proble now the RiskWare.Injector.Generic wont remove.I tried couple of times it still come back. Help me please Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 19, 2021 ID:1457968 Share Posted May 19, 2021 Note to all other readers. This Topic thread belongs to ZYGIS & only for ZYGIS. Anyone else needing help need to create their own separate topic-thread. All intruding other posters will be removed. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 19, 2021 ID:1457972 Share Posted May 19, 2021 @Zygis. Only Zygis. Sorry to read situation on your last message. In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈 🔻 Then click on Quarantine selected. Then, when done, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 We will do more, later. Link to post Share on other sites More sharing options...
Zygis Posted May 19, 2021 Author ID:1457988 Share Posted May 19, 2021 I hope i got what you needed .The registry key called Adware.SpecialSearchOffer, wont get removed.Tried evrything Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/19/21 Scan Time: 8:03 PM Log File: 333d7f50-b8c4-11eb-844f-08606e6ce703.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1292 Update Package Version: 1.0.40650 License: Free -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: \Administrator -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 416884 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 7 min, 7 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 Adware.SpecialSearchOffer, HKLM\SOFTWARE\SProvide, Quarantined, 522, 840938, 1.0.40650, , ame, , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 19, 2021 ID:1458006 Share Posted May 19, 2021 If at all possible, just only attach report as we go along. On the 1 reg key you last mentioned, that 1 key does not have a payload. It can't do anything by its lonesome. I will get back to that later. Special note:. The earlier tagging for RiskWare.Injector.Generic were false positives. The internal team has made corrections & auto updates should have flowed out. You should not be seeing any more of those. . I d like you to use the Support tool to do a new Gather Logs. You don't need to re-download the tool. Just run it MBST Support tool. Once you start it click Advanced > Gather Logs Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Link to post Share on other sites More sharing options...
Zygis Posted May 20, 2021 Author ID:1458144 Share Posted May 20, 2021 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 20, 2021 ID:1458247 Share Posted May 20, 2021 Hi. Thanks for the support tool report. I have two things to do with the aim being to clear up the adware related & PUP issues. [ 1 ] Use option One or Two so that Windows shows ALL folders / all files https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [ 2 ] The following custom script is to clear out recent flagged items from the Malwarebytes scans. The script Fixlist.txt needs to be saved to the Downloads folder. The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt Start the Windows Explorer and then, to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. IF Windows prompts you about running this, select YES to allow it to proceed. on the FRST window: Click the Fix button just once, and wait. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 8, 2021 ID:1462231 Share Posted June 8, 2021 Hello @Zygis I hope you are well. Checkin in to see Quote How is the current pc situation? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 21, 2021 ID:1464606 Share Posted June 21, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts