Jump to content

Adware return after reboot


Go to solution Solved by Maurice Naggar,

Recommended Posts

good evening,

malwarebytes detects the following adware (Adware.SpecialSearchOffer HKLM\SOFTWARE\SPROVIDE) and despite its elimination it comes back after every reboot (I tried to delete it even using safe mode, with no success)

I found other threads on the same topic here in the forum and noticed how it appears to be effective only the FRST software, with the fixlist.txt. In fact, I tried to scan and eliminate critical issues with the following software, but nothing changes (AdwCleaner, Eset online scanner, microsoft safety scanner, McAfee live safe)

 

attached the txt files of FRST

waiting for answers, thank you in advance for any help

 

FRST.txt Addition.txt

Link to post
Share on other sites

Hi.  :welcome:

My name is Maurice. I will guide you. 

I do need the report from Malwarebytes.

 

locate the Scan run report; export out a copy; & then attach in with your reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later. 

  • Like 1
Link to post
Share on other sites

  • Solution

Thank you for the scan report.

This is mainly a adware PUP with a leftover registry key entry, which by itself poses no actual real threat.  But anyhow, it can be removed.

.

The script Fixlist.txt  needs to be saved to the same folder that contains FRST64.exe   /  you have yours saved somehere on D drive under a sub-folder named Downloads

 

The custom script on this post is ONLY for this machine and NO other.   

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

  • Please save the (attached file named) FIXLIST.txt   to the  D:\Downloads folder

Fixlist.txt

 

  • Start the Windows Explorer and then, to the D:\Downloads  folder.
  • RIGHT click on  FRST64.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run

   the tool.

  • If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:
  • Click the Fix button just once, and wait.

 

PLEASE have lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Do let me know how things are overall,  after all this.

  • Thanks 1
Link to post
Share on other sites

thank you so much for your timely help, I really appreciate it

I remember months ago that I accidentally saw that "AverageAccentpolyV" among the processes in progress in task manager and looked for it on the internet, without however understanding if it was really harmful and how to eliminate it

I did three reboots and three scans, nothing is detected anymore

 

I ask you a last courtesy, do you know is there any tutorial page on web to use this tool? so as to use it autonomously in the future eventually

thanks again, here is the requested file

Fixlog.txt

Link to post
Share on other sites

I am quite pleased that the custom fix has helped out.

As to using FRST on your own, I would not recommend that for a typical civilian .  The tool was designed & intended to be only used by those who have been trained at malware removal academies.

The tool is for use only under trained expert guidance.

.

How is your system at this point ?

  • Like 1
Link to post
Share on other sites

That's great that MB finds no current active threats.

I have relayed a heads up to the Malwarebytes internal research team about the AverageAccentpolyV

.

We can proceed with cleanup of tools we used.

To remove the FRST  tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .

Then run that ( double click on it)  to begin the cleanup process.

 

My best to you. Stay safe.  :cool:

 

 

 

 

  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.