Adware not being detected

[Shadyrook]

ive used adware cleaner and malwarebytes to try to find and get rid of adware but I can not seem to get rid of it. Even tried doing it in safemode

[Maurice Naggar]

Hello.      

My name is Maurice.  I will guide you.  Let me know what name you prefer to go by. 

I will guide you along on looking for potential malware. Lets keep these principles as we go along.

• Removing malware can be unpredictable
• Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
• Only run the tools I guide you to.
• Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
• The removal of malware isn't instantaneous, please be patient.
• Please stick with me until I give you the "all clear".

Your topic will be closed if you haven't replied within 4 days!
If I have not replied to your last post after 36 hours, please then send me a P M.

 

The first thing I need is to get a set of  these reports & logs.

 

That is the first step.  I will then review and use that to guide us along.

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 [   2    ]

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply , like displayed here.

To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along. 

There will be lots more to do after this. Stick with me.

[Maurice Naggar]

Additional request for some details about "adware". Does any of it involve a web browser? If yes, which one.
OR else, is it a mini ad window ( small) at bottom right od monitor display ?

[Shadyrook]

mbst-grab-results.zip

[Shadyrook]

I think it is mainly firefox. mini ads from the "scottish sun" newspaper pop up on the bottom right cotner on my screen

[Maurice Naggar]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

You especially want Firefox to NOT allow "push notifications" by "scottish.sun", or really, any other website ....unless you are super positive on a given site.

[Shadyrook]

Is that all I need to do?

 

[Maurice Naggar]

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

For Firefox, get the Firefox extension.
The Windows EDGE browser is capable of using the same extension as the Chrome one.
Note: If your pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).

[Shadyrook]

I have the add on already :)

 

[Maurice Naggar]

There is one adjustment + 1 run to get a newer/more recent release version of Malwarebytes + 1 new scan. 

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

• Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

• Now click on the GENERAL tab

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

• Next, the Malwarebytes scan.
• Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

There will be more to do. Stick with me, please.

[Shadyrook]

report.txt

[Maurice Naggar]

Very good report. And this pc has the latest Malwarebytes.
You need to uninstall Adobe Flash Player 32 NPAPI. It is no longer supported. It is a security risk. Uninstall.
Then, after that, run this

I would recommend getting a readout report as to update status of some key apps.

• Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

• and save the tool on the desktop.
• If Windows's  SmartScreen block that with a message-window, then
• Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

[Shadyrook]

R.I.P Adobe

[Shadyrook]

SecurityCheck.txt

[Maurice Naggar]

These items need attention & follow thru for ipdates / some for considering to uninstall.

Microsoft 365 Apps for enterprise - en-us v.16.0.14326.20852 Warning! Download Update
How Install Office updates?

7-Zip 21.06 (x64) v.21.06 Warning! Download Update
Uninstall old version and install new one.

Cisco Webex Meetings v.41.6.3 Warning! Download Update
Discord v.0.0.309 Warning! Download Update
Microsoft Teams v.1.4.00.8872 Warning! Download Update
WhatsApp v.2.2144.11 Warning! Download Update
Zoom v.5.7.4 (804) Warning! Download Update

Java 8 Update 261 (64-bit) v.8.0.2610.12 Warning! Download Update
Uninstall old version and install new one (jre-8u321-windows-x64.exe).

iTunes v.12.11.3.17 Warning! Download Update
^Please use Apple Software Update tool.^

---------------------------- [ potential Unwanted Apps ] -----------------------------
Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.

HD Video Player v.1.0.0.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it

[Shadyrook]

okay, I have deleted/updated the relevent applications

 

[Maurice Naggar]

Great. This is the all clear for this case. This next tool is to cleanup the tools we used during this case.What follows is just a tools cleanup. 

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• You may attach that file to your next reply. (not compulsory)

NOTE: IF you do not have the Malwarebytes Premium, I would encourage you to buy the Malwarebytes Premium license & activate it so that this machine has real-time protections.

[Shadyrook]

kprm-20220324220030.txt

[Maurice Naggar]

Good run. This pc is good-to-go.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

[Maurice Naggar]

1 tool + 1 report you can delete. 

Delete mb-support-1.8.n.nnn.exe
Delete mbst-grab-results.zip on the Desktop.