Jump to content

Recommended Posts

I have been trying to get rid of this PUP for about 3 hours now, no matter what I do it will not go away. Every time I try to remove it, it comes back on ADW scan. It constantly gives me windows notifications with a link to Total AV.

 

I'm not sure how to get rid of this, any help would be appreciated

Link to post
Share on other sites

  • Root Admin

Hello @Xanith and :welcome:

Please do the following and we'll see about getting you fixed up 😃


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

It's quite late for me so I may be away by the time you're done but I'll check back on you in the morning

Thank you

 

 

 

Link to post
Share on other sites

  • Root Admin

Why do you have a downloaded file set to run on Startup?

HKU\S-1-5-21-3846563935-1855506986-2465769798-1001\...\Run: [{657E5009-3D96-41DA-BDD9-36113EE99AE3}] => C:\Users\Jonathan\Downloads\ProtonVPN_win_v1.22.2.exe [24023256 2021-09-17] (Proton Technologies AG -> Proton Technologies AG) <==== ATTENTION

If you're using Proton VPN it should be installed and use that, not a link to a downloaded installer.

Where are you seeing this these popups? Can you show me a screenshot please.

 

Link to post
Share on other sites

I am not sure why that is there. I did not put it there but I did download protonVPN intentionally. I've been trying to get a popup since you sent your last response but I haven't gotten one. The PUP still shows up on adwCleaner though. I will send a screenshot if it pops up again.

Link to post
Share on other sites

  • Root Admin

Okay I'll check back on you in the morning. The logs are not showing anything obvious to cause an issue.

Is the alert or pop-up in a web browser or in Malwarebytes? How did you become aware of it?

I'm heading out now but will check again in the morning

Goodnight

 

 

Link to post
Share on other sites

The alert is a Microsoft notification that shows up on the desktop. I was redirected to a fishy website and I decided to run a scan to make sure there was nothing malicious on the website. 

 

Doing some more testing, I have determined that the PUP is liked to my google account. Uninstalling chrome fully does not cause the PUP to be detected, however as soon as I sync my google account back to chrome the PUP returns.

Link to post
Share on other sites

I belive I have fixed the issue. I no longer get the detection after multiple PC resets. The solution for me, if you ever encounter this issue again, was that I restored my chrome account setting to the original defaults and that fixed the issue. 

Thanks for all the help!

Link to post
Share on other sites

  • Root Admin

Yes, that is what I was wanting to see. We do have an article on cleaning Google Chrome but looks like  you got it figured out already.

 

Please follow the directions from the following topic and let us know if that corrects the issue for you.

 

Please let me know if there is anything else we can assist you with.

Thank you

 

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.