tagiosky Posted May 30, 2021 ID:1460418 Share Posted May 30, 2021 good evening, malwarebytes detects the following adware (Adware.SpecialSearchOffer HKLM\SOFTWARE\SPROVIDE) and despite its elimination it comes back after every reboot (I tried to delete it even using safe mode, with no success) I found other threads on the same topic here in the forum and noticed how it appears to be effective only the FRST software, with the fixlist.txt. In fact, I tried to scan and eliminate critical issues with the following software, but nothing changes (AdwCleaner, Eset online scanner, microsoft safety scanner, McAfee live safe) attached the txt files of FRST waiting for answers, thank you in advance for any help FRST.txt Addition.txt Link to post Share on other sites More sharing options...
tagiosky Posted May 30, 2021 Author ID:1460419 Share Posted May 30, 2021 I also tried what is written here, but it did not solve https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/ Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460436 Share Posted May 30, 2021 Hi. My name is Maurice. I will guide you. I do need the report from Malwarebytes. locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 We will do more, later. 1 Link to post Share on other sites More sharing options...
tagiosky Posted May 30, 2021 Author ID:1460437 Share Posted May 30, 2021 hi, here to you scan report.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 30, 2021 Solution ID:1460441 Share Posted May 30, 2021 Thank you for the scan report. This is mainly a adware PUP with a leftover registry key entry, which by itself poses no actual real threat. But anyhow, it can be removed. . The script Fixlist.txt needs to be saved to the same folder that contains FRST64.exe / you have yours saved somehere on D drive under a sub-folder named Downloads The custom script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. Please save the (attached file named) FIXLIST.txt to the D:\Downloads folder Fixlist.txt Start the Windows Explorer and then, to the D:\Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Do let me know how things are overall, after all this. 1 Link to post Share on other sites More sharing options...
tagiosky Posted May 30, 2021 Author ID:1460446 Share Posted May 30, 2021 thank you so much for your timely help, I really appreciate it I remember months ago that I accidentally saw that "AverageAccentpolyV" among the processes in progress in task manager and looked for it on the internet, without however understanding if it was really harmful and how to eliminate it I did three reboots and three scans, nothing is detected anymore I ask you a last courtesy, do you know is there any tutorial page on web to use this tool? so as to use it autonomously in the future eventually thanks again, here is the requested file Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460449 Share Posted May 30, 2021 I am quite pleased that the custom fix has helped out. As to using FRST on your own, I would not recommend that for a typical civilian . The tool was designed & intended to be only used by those who have been trained at malware removal academies. The tool is for use only under trained expert guidance. . How is your system at this point ? 1 Link to post Share on other sites More sharing options...
tagiosky Posted May 30, 2021 Author ID:1460452 Share Posted May 30, 2021 understood now i have no problem, malwarebytes does not detect anything Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460462 Share Posted May 30, 2021 That's great that MB finds no current active threats. I have relayed a heads up to the Malwarebytes internal research team about the AverageAccentpolyV . We can proceed with cleanup of tools we used. To remove the FRST tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe . Then run that ( double click on it) to begin the cleanup process. My best to you. Stay safe. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2021 ID:1460464 Share Posted May 30, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts