Jump to content

GOing in circles adware.Elex.ShrtCln Keeps COming Back

Empire
 Share

Recommended Posts

Empire

Empire

Posted
Posted

Hello,

I'm stuck and been going round and round for hours, I can't remove "adware.Elex.ShrtCln" As soon as I remove it it comes back again. The main focus is Edge and whatever I do it keeps COMING BACK.  Worse part about it that it's not just on my desktop but also on my Laptop. It was just a simple web-searching around and BANG

-I run malwarebytes over and over, I reset my browser on both system, deleted everything, I even removed browser cache on both system. The virus or malware keeps coming back for Edge, I do not have chrome installed anymore.

Only one note to add that "adware.Elex.ShrtCln" does appear when I'm not logged into anything, But as soon as I log into edge it comes back... If I logout and remove "adware.Elex.ShrtCln" and stay loged out it doesn't appear. 

On my desktop I'm loged out and will stay offline as I try and work on my Laptop to resolve this, So is Help?

 

Malwarebytes Scan Report 2024-04-03 162016.txt

 

 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

Hello  @Empire  and  :welcome:

 

My name is MKDB and I will assist you.

 

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please attach all log files into your post.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • As English is not my native language, please do not use slang or idioms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure.

 

19 minutes ago, Empire said:

I do not even know what adware.Elex.ShrtCln is and what it does? what does it effact? 

It's adware that infects your browsers and the related sync data. Once you log into your edge account, the adware will be loaded from the server into your local profile.

You have to fully restore the edge account.

 

1️⃣

Please follow these instructions for resetting Microsoft Edge data in the cloud and reboot your system at the end:

https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud

 

 

2️⃣

Please follow these instructions and attach the requested logfiles:

 

 

Thank you!

Edited by MKDB
Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
24 minutes ago, MKDB said:

Please attach all log files into your post.

The files attached...   FRST.txt  Addition.txt

 

25 minutes ago, MKDB said:

You have to fully restore the edge account.

what would be the best option then! Perform a reset to fix a synchronization or Perform a reset to remove your data from Microsoft's cloud

 

 

Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
17 hours ago, MKDB said:

Please follow these instructions for resetting Microsoft Edge data in the cloud and reboot your system at the end:

https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud

So, I ave followed the steps and after rebooted, It still COMES BACK  - I did it three times and still comes back, whatever I do - it doesn't go away ;( 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@Empire

We will take care of these as well, don't worry.

 

If you run Microsoft Edge, are you automatically logged in with your current profile and enabled sync?

 

 

Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
Just now, MKDB said:

If you run Microsoft Edge, are you automatically logged in with your current profile and enabled sync?

That's right, Only on one system, On my desktop, It's logged off and not Sync, Plus I had Chrome installed on my Laptop and never have it for Edge, I also removed Chrome but no idea if it's still liked even if not installed 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

 

 @Empire

Let's run a fix with FRST. This may take some time, please be very patient.

 

Moreover, we will clear sync data via the Edge browser. Therefore, we need to delete all sync data files from the server and all sync files from your local account.

 

 

1️⃣

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Empire\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
  • Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

2️⃣

Run Microsoft Edge and make sure that sync is enabled and you are logged in.
Type edge://sync-internals/ in the address bar and press Enter
You will see a summary with a lot of information.
Press the button Disable Sync (Clear Server Data) and wait some seconds until the yellow lines disappear.
Press the button Disable Sync (Clear Data) and wait some seconds until the yellow lines disappear.
Close Microsoft Edge.

Run Malwarebytes Anti-Malware again and let me know if there are still some detetions.

 

 

 

 

fixlist.txt

Edited by MKDB
Typos corrected
Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted

@MKDB so I ran FRST software and then used the fixing option, it then system restarted and gave me a log, Fixlog.txt

From Edge, did the following via edge://sync-internals/ - When I did open up Edge it opened up five tabs and Lucky Searchers appeared again,  Malwarebytes blocked it. 

Run Malwarebytes and still came back

here.thumb.JPG.e34024150f11218ba6c6993da2f8e756.JPG

 

 

 

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted (edited)

@Empire

Well done! So you have disabled sync and cleared the data like mentioned before running MBAM?

That's strange...

 

Please run a fresh scan with FRST.

 

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.
Edited by MKDB
Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
9 minutes ago, Empire said:

Can't remember if it is or not now  -  FRST.txt  And Addition.txt

Update: these are the results from my desktop PC - Addition.txt  FRST.txt

Even that I have sync disable and using just edge with account not logged in, plus running Malwarebytes scan, nothing is showing up, that's good even that the desktop used to have this malware! 

Results post above Laptop - that has malware and desktop doesn't   

Link to post
Share on other sites
MKDB

MKDB

Posted
Posted

@Empire

On your infected system (=laptop), please run the following fix with FRST as well as Step 2.

 

 

1️⃣

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Empire\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the FIX button only once and wait.
  • Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply.

 

 

2️⃣

Reset Microsoft Edge as it is described here: https://malwaretips.com/blogs/reset-microsoft-edge/

After that, do that again:

Type edge://sync-internals/ in the address bar and press Enter
You will see a summary with a lot of information.
Press the button Disable Sync (Clear Server Data) and wait some seconds until the yellow lines disappear.
Press the button Disable Sync (Clear Data) and wait some seconds until the yellow lines disappear.
Close Microsoft Edge and reboot your system.

 

Run Malwarebytes Anti-Malware again and let me know if there are still some detetions.

 

 

fixlist.txt

Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
1 minute ago, MKDB said:

On your infected system (=laptop), please run the following fix with FRST as well as Step 2.

Do I need to logged out of edge account and disable Sync before step one and two?

Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
20 minutes ago, MKDB said:

@Empire

Try with logged in.

Logged in, Run as you told me to. Results Fixlog.txt When I did run the fix, taken two secs and done.. should not taken that fast? 

After sync off and disable rebooted and run Malwarebytes, results still came back with 4 malware ( Adware) Open Edge and 5 or 6 tabs open up again ;( 

no idea why it's not working? 

 

 

Addition (1).txt

Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
6 minutes ago, Empire said:

Run it again, keeps saying in Fix Log file not found! 

Update, I have noticed that there is profile 1 and 2 and that fixlist attached says profile 1 and so I edited to profile 2 and rerun it again!  = Fixlog.txt

Rebooted system and run Malwarebytes = results passed no malware

So two profiles and so that something to deal with as one min I'm on one or then two! 

open up Edge and no longer opens 6 tabs - I open tabs as normal as I'm logged in with Sync on.. 

I run Malwarebytes again and 16 Malware appeared DAMN IT  @MKDB - Not resolved 

 

 

Link to post
Share on other sites
Empire

Empire

Posted
  • Author
Posted
42 minutes ago, AdvancedSetup said:

Remove ALL Sync data from the Browser.

https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud

 

I removed or I think I have. redone the steps again, had to edit text file to say profile 2, then open edge no longer opens 6 tabs so that's good. I open many tabs logged into my accounts and run Malwarebytes 5 times and I believe it's fix - results Passed ;) 

How can you tell if it's fix and won't return - also on my desktop I will no longer have it logged on and Sync. 

Also since Chrome is uninstalled - is it safe to add chrome back? 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.