Jump to content

PUP/PUM has taken control of PC/Chrome/Twitter and returns when removed


Recommended Posts

Hello and sorry I am new to this forum. I noticed a few days ago random cmd windows opening on my Windows computer when it booted. I also noticed some fishy tweets being made using my Twitter account that I quickly deleted (have since changed twitter password and haven't seen any more). I ran Malwarebytes for pc and ADWcleaner a few times over the course of a couple days and noticed the virus (sometimes 2-3)_ would return after rebooting PC or using Google chrome. I really need and would greatly appreciate assistance on how to fully remove any infected files or viruses from my PC/browsers. I also noticed that Google Chrome says it is being managed by an organization even though it shouldn't be. Am willing to uninstall Chrome afterwards but not sure if I should switch to Edge or another browser.

Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:     @devsp13

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting. This is a report only.

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

 

Link to post
Share on other sites

I followed all of the steps on the guide you sent me and I believe it worked. I no longer see my browser being managed by an organization and have turned sync off and deleted most of the browser data save for bookmarks. After scanning with Malwarebytes and ADWcleaner neither of them show any threats currently. Are there any further steps I need to take?

Link to post
Share on other sites

  • Root Admin

Please run the following @devsp13

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Thank you @devsp13

Please uninstall, update, or otherwise address the following as appropriate for your system.

 

7-Zip 19.00 (x64) v.19.00 Warning! Download Update | Uninstall old version and install new one.
Audacity 2.4.2 v.2.4.2 Warning! Download Update
Discord v.0.0.309 Warning! Download Update
iTunes v.12.10.8.5 Warning! Download Update | ^Please use Apple Software Update tool.^
paint.net v.4.2.12 Warning! Download Update
Spotify v.1.2.7.1277.g2b3ce637 Warning! Download Update

 

---------------------------- [ UnwantedApps - Please uninstall ] -----------------------------
Bonjour v.3.1.0.1
Java 9.0.4 (64-bit) v.9.0.4.0 Warning! This software is no longer supported. Please uninstall it 

 

Then restart the computer and check for Windows Updates and install any found.

 

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.