Jump to content

need help removing PUP.Optional.BrowserHijack and PUP.Optional.LockHomepage


Go to solution Solved by Maurice Naggar,

Recommended Posts

This malware seems to be targeting my google chrome, and it added a search engine called "CDNSearch". It also prevented me from accessing any of the browser extensions. I have used MalwareBytes, and they seem to be also adding a deletable PUP.Optional.Legacy. PUP.Optional.BrowserHijack and PUP.Optional.LockHomepage won't even go in quarantine. I have stopped the Malware from attacking Chrome. However I am not comfortable with the malware still in my files.

Link to post
Share on other sites

Hello @JL10129     :welcome:

My name os Maurice.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

Link to post
Share on other sites

Hello.  Thanks for the zip report.  I have some questions & observation.

This Windows 10 system has (installed) McAfee LiveSafe as well as Avast Free.  That is one too many third-party antivirus.  You need to decide which one of the two to uninstall. Having two installed does lead to deadlocks at the most unfortunate conditions.

This system does not have Malwarebytes for Windows.  We can get & use that later.

Questions:  When you did run Malwarebytes' Adwcleaner, did you insure all lines are ticked  ( except for the 2 lines of HP pre-installed items)  and then click on the "Clean" button ?  That is a ery key thing.  I wonder why you said 

Quote

won't even go in quarantine

I would like you to try the C:EAN sequence with Adwcleaner --- this time insure that Chrome browser is Closed before you press the Clean button.

You may untick the 2 lines of these

Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT 
>

do a new scan with Adwcleaner

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.   We can do more later, after this.

Link to post
Share on other sites

I have followed all instructions of https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

but the item still would not go into quarantine. 

Here is the clean log:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-05-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   14


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Not Deleted   Find-it.Pro Search - meejmcfbiapijdfaadackoblffmidlig
Not Deleted   Find-it.Pro Search - meejmcfbiapijdfaadackoblffmidlig

***** [ Chromium URLs ] *****

Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m
Not Deleted   https://find-it.pro/?utm_source=distr_m

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2551 octets] - [04/12/2021 09:02:02]
AdwCleaner[S01].txt - [2725 octets] - [05/12/2021 08:46:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

 

Link to post
Share on other sites

  • Solution

Hello. Thank you.

Malwarebytes for Windows can detect and remove most malware with no further actions required for free.

Please download, install, update and do a Threat Scan with Malwarebytes and post back the log

 go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.d04ef98c885b4f44f51bfe735922fba7.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine.jpg.8639e1dfc2301bc6d60a8cfb3c339241.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

_mb_attach.jpg

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

Link to post
Share on other sites

All the items hae been Quarantined in Malwarebytes for Windows Quarantine.  So there is no urgency to delete them from there.  You can do that in 2 days or so.  ( the items were removed & no longer pose a threat.  They are now inert / in quarantine.)

Tell me, How is the system at this point?

Thanks for the scan report.

For the Chrome browser, look at this one post of mine & do all of the steps there, as much as you can

https://forums.malwarebytes.com/topic/280326-roshur-has-omnatuorcom-block-notice/?do=findComment&comment=1485972

 

Link to post
Share on other sites

Hello, That is great.  You are very welcome. I am glad to have worked with you.

We can proceed with cleanup of tools we used.

To remove the FRSTENGLISH tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete mb-support-1.8.n.nnn.exe
Delete mbst-grab-results.zip on the Desktop.

Adwcleaner you may keep and use as needed.
Any other download file I had you download, you may delete.
Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

I am marking this case for closure.
I wish you all the best. Stay safe.
Sincerely.

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.