Jump to content

Windows 10 infected with pup.optional.bundleloader and pup.optional.legacy


Recommended Posts

Every time the computer restarts the path to desktop, downloads, documents, picures, videos is changed to c:\users\temp. The desktop background image gets changed to default. I cannot open any word or excel files in Office 2016.

Malwarebytes found pup.optional.bundleinstaller and quarantined it.

AdwCleaner found pup.optional.legacy and quarantined it.

Yet everything described above occurs after restarting the computer.

Link to post
Share on other sites

Welcome :)

Please download 
Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click FRST(64) and select Run as administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
Link to post
Share on other sites

  • Root Admin
4 minutes ago, ba5852 said:

Please keep in mind that I am doing this remotely using TeamViewer. I am not physically at the computer.

Is there someone physically near the computer. That can potentially be troublesome as sometimes a process can halt normal booting and a clean up process can also shutdown remote access

 

Link to post
Share on other sites

Download the enclosed file  Fixlist.txt

  • Save it in the sameFRST64.exe is saved
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Link to post
Share on other sites

Download the enclosed file  Fixlist.txt

  • Save it in the sameFRST64.exe is saved
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Link to post
Share on other sites

Lets check the disk.

Open a Command Prompt as an Administrator. At the prompt type the following and press Enter:

CHKDSK /R

Schedule CHKDSK to run at startup.

Restart the computer. Upon restart CHKDSK will run. Let CHKDSK run unhindered. once finished, restart the computer and run this fix:

Download the enclosed file  Fixlist.txt

  • Save it in the sameFRST64.exe is saved
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Link to post
Share on other sites

Please remove the following programs as they will interfere with our tools:

Spybot Search and Destroy

Superantispyware

After a restart, run this fix:

Download the enclosed file  Fixlist.txt

  • Save it in the sameFRST64.exe is saved
  • Start FRST (FRST64) with Administrator privileges
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. The computer will restart.

Upon restart, see if the profile has changed to Florence.

Link to post
Share on other sites

The profile did not change.

Every time I restart the computer the following things occur.

  1. After entering the pin number
    1. spinning icon with "Welcome" next to it
    2. Spinning icon with "Preparing Windows" next to it
  2. A window pops up welcoming me to Microsoft Edge with option to "Sign in to Sync" or "Start without your data"
    1. This did not happen before the infection
    2. The only way to get by this pop up is to end task on the process
  3. Before we started this process the path to files was changed each time to "C:\users\TEMP\downloads" for example
  4. The last couple of times the computer was restarted the path changed to "C:\users\TEMP.Florence-HP\downloads"
    1. I have to change the path back to" C\users\Florence\downloads" etc to proceed
  5. Each time I restart the computer
    1. Firefox icon is removed from from the taskbar
    2. Bookmarks I left are removed from firefox
    3. History is removed from firefox
    4. Saved passwords are removed from firefox
  6. In this last restart the malware has disabled the "Type here to search" box in the task bar.  I am unable to type in the box.

It doesn't seem like we are making much progress.

I do have an option left. The computer owner has a system image from 2020 when the computer was operating okay.

I have also backed up the following folders on an external hard drive:

  1. Desktop
  2. Downloads
  3. Documents
  4. Pictures
  5. Music
  6. Videos

I am considering reloading the system image and then copying all the above folders except the Downloads in case there is something hiding in there.

Does that sound like a reasonable option?

Link to post
Share on other sites

After restoring the system image and pasting the desktop, documents, pictures, music and video files from the backup on the external hard drive everything seemed to be going fine.

Then I started doing all the necessary Microsoft Updates since the computer was not back to it's March 2020 state.

One of the backups failed to install and gave me the option to "retry" which I tried to do twice with no success.

I decided to go ahead and create a new system image but when I did I got the following error message


Backup Image failed - 0x80780119 error-fig-8-9.png

I am wondering if the failed windows update file could be corrupted and causing the system image to fail.

I checkd the free space on the volumes and they are all larger than required in the error message.

I am currently running chkdsk /r in case the failed update was caused by a bad spot on the drive.

Link to post
Share on other sites

Let me take a look at the logs.

Please download  Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click FRST(64) and select Run as administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

Are you attempting to back up to an external drive, or restore to the hard drive?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.