Jump to content

HKU\S-1-5-21 PUP registry entry doesn't want to be deleted


Go to solution Solved by PLITV,

Recommended Posts

  • Solution

Hello,

When scanning with Malwarebytes, I find this registry entry: PUP.Optional.TorrentSearch HKU\S-1-5-21-1856582288-658762816-2305405537-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\DEFAULT\EXTENSIONS.SETTINGS|AFBPDHICLGGHNFFHKINJIKGLGMOLHPEE. After restarting the computer, the antivirus deAddition.txtShortcut.txtFRST.txttects it again despite the removal. I am posting my log files. Please help.

Link to post
Share on other sites

Hello @PLITV and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

Hello @PLITV  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please copy and paste all log files into your post.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

Please give me some time to review your log files.

Thank you!

Link to post
Share on other sites

@PLITV

 

Windows Enterprise is very untypical for private use...

Quote

Platform: Microsoft Windows 10 Enterprise Version 21H2 19044.2006 (X64) Language: Polski (Polska)

... in combination with some problems regarding activating the license...

Quote

Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu:
hr=0xC004F074
Argumenty wiersza polecenia:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

... and in combinations with detections from MBAM...

Quote

"threatName": "RiskWare.IFEOHijack.KMS"

... suggest that Windows is being used illegally here 

 

It's up to @AdvancedSetup or @Maurice Naggar on how to proceed.

My support ends here, sorry.

 

Edited by MKDB
Link to post
Share on other sites

  • Root Admin

Good day @PLITV

Please run the following

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Once that has been completed, please get me a new set of logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

43 minutes ago, AdvancedSetup said:

Good day @PLITV

Please run the following

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Once that has been completed, please get me a new set of logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

It's fixed.

Link to post
Share on other sites

51 minutes ago, AdvancedSetup said:

Good day @PLITV

Please run the following

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Once that has been completed, please get me a new set of logs

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

My friend's computer. He asked me to check.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.