Adware removal

[Zygis]

Hello soo for the past couple of days ive been tryng to remove this adware but evrytime i delete it it seems to come back.I tried evrything to delete it but it just doesnt remove.Is it possible to delete this adware.Help pls

[Maurice Naggar]

Hello @Zygis.  

i will need some other reports as well

 

Please download MBST Support tool

https://downloads.malwarebytes.com/file/mbst 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

[Zygis]

1 hour ago, Maurice Naggar said:

 

 

mbst-grab-results.zip

[Maurice Naggar]

Thank you. I will get back to you in a few.

[Maurice Naggar]

Let me suggest you do all the steps listed here 

https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523

Attach the clean log from Adwcleaner.

[Zygis]

AdwCleaner[C00].txtAdwCleaner[S00].txt

[Zygis]

Thank you soo much you helped me a lot.I tried scanning now aftert all the steps and it doesnt appear anymore.Thanks again.

[Maurice Naggar]

Hi. That is fine news. Glad to hear.

I would like you to run a tool named SecurityCheck to inquire on the current-security-update  status  of some applications.

 

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

and save the tool on the desktop.

If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward

Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

[Zygis]

Hello again.Today i checked my pc opened up malware bytes and i saw i had 48 detections called riskware injector.Help me please how did i get them in my pc?

[Zygis]

Well another proble now the  RiskWare.Injector.Generic wont remove.I tried couple of times it still come back.

Help me please

[Maurice Naggar]

Note to all other readers. This Topic thread belongs to ZYGIS & only for ZYGIS.

Anyone else needing help need to create their own separate topic-thread. All intruding other posters will be removed.

[Maurice Naggar]

@Zygis.  Only Zygis.

Sorry to read situation on your last message.

In Malwarebytes for Windows program, we want to do a special scan.

 

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

 

Then click the Security tab.   

 

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

 

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

 

• Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click ( tick ) the topmost left check-box  on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

 

Then, when done,  locate the Scan run report; export out a copy; & then attach in with your reply.

 

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later. 

[Zygis]

I hope i got what you needed .The registry key called Adware.SpecialSearchOffer, wont get removed.Tried evrything

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/19/21
Scan Time: 8:03 PM
Log File: 333d7f50-b8c4-11eb-844f-08606e6ce703.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40650
License: Free

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: \Administrator

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 416884
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 7 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.SpecialSearchOffer, HKLM\SOFTWARE\SProvide, Quarantined, 522, 840938, 1.0.40650, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[Maurice Naggar]

If at all possible, just only attach report as we go along.

On the 1 reg key you last mentioned, that 1 key does not have a payload. It can't do anything by its lonesome. I will get back to that later.

Special note:. The earlier tagging for RiskWare.Injector.Generic were false positives. The internal team has made corrections & auto updates should have flowed out.

You should not be seeing any more of those.

.

I d like you to use the Support tool to do a new Gather Logs.

You don't need to re-download the tool.

Just run it  MBST Support tool.

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

[Zygis]

mbst-grab-results.zip

[Maurice Naggar]

Hi. Thanks for the support tool report.

I have two things to do with the aim being to clear up the adware related & PUP issues.

[ 1 ]

Use option One or Two so that Windows shows ALL folders / all files 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

[ 2 ]

The following custom script is to clear out recent flagged items from the Malwarebytes scans.

 

The script Fixlist.txt needs to be saved to the Downloads folder.

The custom script on this post is ONLY for this machine and NO other.   

 

• Please be sure to Close any open work files, documents, any apps you started yourself before starting this.
• If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those.
• The system will be rebooted after the script has run.
• Please save the (attached file named) FIXLIST.txt to the Downloads folder 

Fixlist.txt

 

Start the Windows Explorer and then, to the Downloads folder.

 

RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool.

 

IF Windows prompts you about running this, select YES to allow it to proceed.

 

on the FRST window:

Click the Fix button just once, and wait.

 

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

[Maurice Naggar]

Hello @Zygis  I hope you are well.  Checkin in to see 

Quote

How is the current pc situation?

 

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you