Jump to content

Adware.Findimatic.SD detection


Go to solution Solved by Porthos,

Recommended Posts

Good night all.

After scanning my computer today, just a routine scan after a while, I got 22 detections, all named as the title, Adware.Findimatic.SD.

I tried to use the google chrome reset option, deleted the google folder under local app data, then used Malwarebytes to delete the quarantined items, scanned again, 17 detections on the second scan. 

The only extensions I use are adblocker plus, ublock origin and grammarly.

I would appreciate any help since I've googled the name but could not find any info at all. 

Attaching the report for the first scan, the quarantine report for the second, and a screenshot of my extensions. Would happily provide any other info required.

 

extensions.jpg

first scan.txt second scan report.txt

Link to post
Share on other sites

  • Solution
4 minutes ago, CharlesQ said:

I tried to use the google chrome reset option, deleted the google folder under local app data, then used Malwarebytes to delete the quarantined items, scanned again, 17 detections on the second scan. 

You need to follow these instructions turn off sync and clear the sync data then clean with Malwarebytes restart and then you can turn on sync if you wish.

Then scan and see if they come back.

 

  • Thanks 1
Link to post
Share on other sites

Just a quick update, I scanned a third time after quarantining and it came clean. I am going to try the steps you posted next, and will be posting an update in around 30 minutes.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/22/23
Scan Time: 7:21 PM
Log File: 05221042-414b-11ee-a481-5811224ebde5.json

-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.74315
License: Free

-System Information-
OS: Windows 11 (Build 22621.2134)
CPU: x64
File System: NTFS
User: carlosj\Carlos

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 390778
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 13 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Okay back with more. I did all the steps suggested, turned off sync, then cleared all sync items in my computer, as well as selected the option to clear bookmarks, passwords and others. After this I scanned the computer and it came clean.

So I turned sync back on, everything synced I got my bookmarks back, and I turned sync on in my phone as well, since it had turned off there. 

After this scan, I got 5 detections, currently quarantined:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/22/23
Scan Time: 8:28 PM
Log File: 5ff7047e-4154-11ee-aed6-5811224ebde5.json

-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.74321
License: Free

-System Information-
OS: Windows 11 (Build 22621.2134)
CPU: x64
File System: NTFS
User: carlosj\Carlos

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 464185
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 21 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Adware.Findimatic.SD, HKU\S-1-5-21-642271880-211011803-701537002-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|gmmbpchnelmlmndfnckechknbohhjpge, Quarantined, 12746, 1167612, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Findimatic.SD, C:\USERS\CARLOS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\LevelDB, Replaced, 12746, 1167612, , , , , , 
Adware.Findimatic.SD, C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmmbpchnelmlmndfnckechknbohhjpge, Quarantined, 12746, 1167612, 1.0.74321, , ame, , , 

File: 2
Adware.Findimatic.SD, C:\USERS\CARLOS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, Replaced, 12746, 1167612, , , , , E0312F02E4A4A2A769043ACE41EA2F3A, 6B4DADEAFB654A73F33EA2E513EDD78DC6D96A8B0CDAA7331531F32820C5ADB5
Adware.Findimatic.SD, C:\USERS\CARLOS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Preferences, Replaced, 12746, 1167612, , , , , 33900B34516151637C048F571CB92EA8, C6576543870D1C9EFDE45A18B60EE1B8EE1171A44ECEBAFECD4325750E588321

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Here is an update: After quarantining those 5 detections and deleting them, I restarted the computer, and tried again, this time it seems clean. I thank you very much for your help, here is the final report in case you see something there. Once again, thank you very much.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/22/23
Scan Time: 9:35 PM
Log File: b5849809-415d-11ee-8edd-5811224ebde5.json

-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.74323
License: Free

-System Information-
OS: Windows 11 (Build 22621.2134)
CPU: x64
File System: NTFS
User: carlosj\Carlos

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 464611
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 21 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

42 minutes ago, Porthos said:

Are you having any other issues? I can have someone dig deeper for you.

I was verifying the task manager for high usage but couldn't find anything really. 

I'd love it if we could find more out.

My pc is running:

Intel i5 12600k

Asus z690M pro

Rx 6600

16gb corsair lpx with a 3200hz profile

Windows 11 pro in a 1tb nvme, as well as 2 ssds and an hd.

Any other info, I'll happily provide.

Link to post
Share on other sites

2 minutes ago, CharlesQ said:

I'd love it if we could find more out.

 

2 minutes ago, CharlesQ said:

Any other info, I'll happily provide.

While you are waiting for the next qualified/approved malware removal expert helper to take on your case, even though you may have run the following Malwarebytes utility or its subsets, please carefully follow these instructions: Do not try any other cleaning of any kind after running the support tool. Use the computer as little as possible, or even better don’t use it at all except to check this topic and follow the instructions given.

Restart the computer.

Then do the following after restart.

WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

@AdvancedSetup

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Hello  and  :welcome:    @CharlesQ

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim.
  • Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections.
  • If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

Please post back the requested logs and we'll check on your system further.

 

Thank you

 

  • Thanks 1
Link to post
Share on other sites

Good night Advanced.

As instructed, I've not taken further action towards cleaning or scanning, barely using the computer right now.

As Porthos advised, I restarted the computer before gathering the logs, and made sure no other app was open. I also disabled windows defender before gathering, and made sure Malwarebytes was closed.

Log is attached and I'll await further instruction.

 

 

mbst-grab-results.zip

Link to post
Share on other sites

  • Root Admin

Hello @CharlesQ

 

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\Carlos\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Overall the fix ran well, it also found and fixed some issues.

Windows Resource Protection found corrupt files and successfully repaired them.

Please go ahead and run the following now @CharlesQ

 

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Please uninstall, update, or otherwise address the following as appropriate for your system.

 

Discord v.1.0.9011 Warning! Download Update
WinRAR 6.21 (64-bit) v.6.21.0 Warning! Download Update


---------------------------- [ UnwantedApps ] -----------------------------
JDownloader 2 v.2.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it
----------------------------- [ End of Log ] ------------------------------

 

Then check for Windows Updates and install any found.

 

 

How is the computer running now?

Are there still any alerts or signs of an infection at this time?  @CharlesQ

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Great, that looks good @CharlesQ

As there does not appear to be any more indications of infection and the logs are not indicating any issues we should be about done here.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

👌💢 Temporarily disable Microsoft SmartScreen to download the next software below

Please download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt
  • If there are any concerns you can post the log for review

 

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Excellent. The log looks good @CharlesQ

You're more than welcome for the assistance. Please let your friends and family know if they need computer and security assistance as well.

Take care. Stay safe out there and have a wonderful day

I'll go ahead and close your topic now.

Cheers

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.