Jump to content

Removal fail of mysearcheng


Recommended Posts

So I did a search and had 4 PUP Op named mysearchengine. Tried remove all to quarantine but 2 only to made it, the other 2 failed. Then tried to search again, and now its back to 4 again. I tried FRST64.exe and made a scan, it says:
FireFox:
========
FF DefaultProfile: 7mpakw1h.default
FF ProfilePath: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7mpakw1h.default [2021-09-18]
FF Homepage: Mozilla\Firefox\Profiles\7mpakw1h.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-09-18 07:16:23&bName=
FF NewTab: Mozilla\Firefox\Profiles\7mpakw1h.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-09-18 07:16:23&bName=
FF ProfilePath: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\dwpz7cc7.default-release [2022-03-15]
FF NewTab: Mozilla\Firefox\Profiles\dwpz7cc7.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-09-18 07:16:23&bName=

So how do I get this stuff out? Thanx

Link to post
Share on other sites

Hello @Squadron and :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

Step 1

  • Please download the Malwarebytes Support Tool (MBST).
  • Run MBST.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.

 

 

  • Thanks 1
Link to post
Share on other sites

15 hours ago, Squadron said:

Thanks, can u specify what files in the zip that is needed, the zip cant be chosen when adding files.

mbst-check-results.txt 152.08 kB · 0 downloads

Did you get an error message when choosing the zip file? This sounds strange as I can choose zip files. I just want to inform @AdvancedSetup, maybe he knows what is going on.

 

 

In the meantime, please run these three steps instead, thank you!

 

Step 1

  • If you already have Malwarebytes installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed or if you don't run the newest version yet, please download it from here and install it.
  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run.

 

 

 

Step 2

Please download AdwCleaner and save it to your desktop.

  • Double-click to run it.
  • Accept the End User License Agreement.
  • Click Scan Now.
  • When finished, if items are found please click Next / Quarantine.
  • Maybe your PC will be rebooted, AdwCleaner will be opened automatically.
  • Click View Log File.
  • AdwCleaner will open one log (AdwCleaner[Cxx].txt).
  • Please attach the log to your next reply.

 

 

 

Step 3

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Link to post
Share on other sites

3 hours ago, MKDB said:

Did you get an error message when choosing the zip file? This sounds strange as I can choose zip files. I just want to inform @AdvancedSetup, maybe he knows what is going on.

 

 

In the meantime, please run these three steps instead, thank you!

 

Step 1

  • If you already have Malwarebytes installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed or if you don't run the newest version yet, please download it from here and install it.
  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run.

 

 

 

Step 2

Please download AdwCleaner and save it to your desktop.

  • Double-click to run it.
  • Accept the End User License Agreement.
  • Click Scan Now.
  • When finished, if items are found please click Next / Quarantine.
  • Maybe your PC will be rebooted, AdwCleaner will be opened automatically.
  • Click View Log File.
  • AdwCleaner will open one log (AdwCleaner[Cxx].txt).
  • Please attach the log to your next reply.

 

 

 

Step 3

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Thanks for reply, no the zip couldnt be chosen at all even when selected "all files". Here are the other logs:

scan.txt AdwCleaner[C00].txt FRST.txt

Link to post
Share on other sites

2 hours ago, Squadron said:

Thanks for reply, no the zip couldnt be chosen at all even when selected "all files". Here are the other logs:

scan.txt 2.47 kB · 0 downloads AdwCleaner[C00].txt 2.38 kB · 0 downloads FRST.txt 29.4 kB · 0 downloads

Good job!

 

Unfortunately, your logfiles from FRST are outdated, that means they are older than the ones from AdwCleaner and MBAM @Squadron.

Please run FRST again.

 

Step 1

  • Run FRST again.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs now (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

Edited by MKDB
Link to post
Share on other sites

1 hour ago, MKDB said:

Good job!

 

Unfortunately, your logfiles from FRST are outdated, that means they are older than the ones from AdwCleaner and MBAM @Squadron.

Please run FRST again.

 

Step 1

  • Run FRST again.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs now (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

Addition3.txt FRST3.txt Shortcut3.txt

Link to post
Share on other sites

Ok, let's try to fix this PUP with FRST (Step1). After that, please run another new scan to check the results (Step2).

Thanks!

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\X\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

fixlist.txt

Link to post
Share on other sites

This mysearchengine is the one that just keep coming back all the time. Atleast its not ignored this time and put to quarantine. But doing a search its there, doing it again now its 1 less but still a new one there. Doing a search right after, now its gone, but then after a few times on the internet, its there again! I have no issues with the internet but since its a hijackerbrowser(?) it shouldnt be there.

scan.txt AdwCleaner[S01].txt

Link to post
Share on other sites

Thank you for your feedback @Squadron.

 

Please note that those entries in Firefox prefs file can't do any harm to your browser/system as they are outdated and do not work anymore.

Nevertheless, we are running another fix with FRST trying to remove them.

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from.

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

Let me know if there are still some elements of this pup/adware showing up after the fix.

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Please look in the following folders and see if you have these files. Make sure that Firefox is not running

 

C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\dwpz7cc7.default-release\

prefs.js2

 

C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7mpakw1h.default\

prefs.js2

 

You may need to enable showing Extensions

https://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Using F2 on the keyboard while on that file you can rename it and remove the 2 from the extension name so it becomes:   prefs.js

Then if both of those file changes went well you should be able to launch Firefox and it should work now.

 

One properly completed you should have the following

C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\dwpz7cc7.default-release\prefs.js
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7mpakw1h.default\prefs.js

 

 

Let us know @Squadron

 

Link to post
Share on other sites

I'm so sorry  @Squadron, I've found a mistake in my fix.

Please let us know if you were able to rename both "prefs.js2" files into "prefs.js". After renaming, Firefox should start again.

If you have problems with renaming, just let us know. We can repair this mistake with FRST as well.

 

Link to post
Share on other sites

Thanks but that didnt solve anything, it prob would have if that file was there in the answers yesterday bc now I tampered with those files myself which wasnt a good idea, this is how it looks now in the pics:

imgur.com/a/VO3iqFn imgur.com/a/AXkl5GV

Plz give me a fixfile so everything works again thanks.

Link to post
Share on other sites

<< comments / suggestions>>
First, if you ran the last fixlist, kindly attach a copy of the Fixlog.txt for review.
Second, there is apparently the implication that this pc can use & run the other browsers, like Edge.  right? That is good to know.
Third, you could start Firefox in safe mode / a.k.a. troubleshoot mode
as described in this Mozilla support article
https://support.mozilla.org/en-US/kb/diagnose-firefox-issues-using-troubleshoot-mode

Look near the top at section "How to start Firefox in Troubleshoot Mode"
If that is so, you could reset the Home page & start page & other preferences.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.