Jump to content


Photo
- - - - -

PUP.Optional.Iminent.A


  • This topic is locked This topic is locked
10 replies to this topic

#1 Windey

Windey

    New Member

  • Members
  • Pip
  • 6 posts

Posted 06 October 2013 - 09:54 PM

When I ran a complete scan of MBAM, it found 6 locations of PUP.Optional.Iminent.A. I was able to remove them with MBAM. Then ran Super Antispy and it did not show up. Ran MBAM again and it did not show up again.

 

After reading some information on the Internet, it appears advice has been given to also run AdwCleaner, Junkware Removal Tool, MBAM again and then HitmanPro.

 

If MBAM tells me it removed it when I first found it, and when I did a second complete scan with MBAM it still didn't show up, is it still necessary to run these other scans? I just need to be sure it is gone.

 

Thank you for your help!



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 October 2013 - 09:59 PM

Welcome to the forum, try this:


Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Windey

Windey

    New Member

  • Members
  • Pip
  • 6 posts

Posted 07 October 2013 - 02:48 PM

Ran AdwCleaner, Results below. Found only one File - "Web Assistant Updater".

Ran MBAM Quick Scan, results below. Appears to be clean.

 

Computer was running OK prior to this request, I was just concerned about MBAM finding PUP.Optional.Iminent.A. Although MBAM appeared to have removed it I was still concerned it was hiding somewhere after some reading about it. Computer running fine now, although I was surprised to find all my "pinned" tabs were removed from Google Chrome when I went back online, however, was able to locate them and repin them.

 

Since AdwCleaner found this "Web Assistant Updater", removed it and MBAM came back clean - am I now free of this "Iminent.A" thing? Did it come from the "Web Assistant Updater?" I wasn't even aware I had the "Web Assistant Updater."

 

Please advise if I'm safe now and thank you so much for your help!

 

SCAN RESULTS:

 

# AdwCleaner v3.006 - Report created 07/10/2013 at 12:18:40

# Updated 01/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : 
# Running from : C:\Users\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Web Assistant Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\AppData\Local\Conduit
Folder Deleted : C:\Users\AppData\Local\OpenCandy
Folder Deleted : C:\Users\AppData\Local\PackageAware
Folder Deleted : C:\Users\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\AppData\LocalLow\PriceGong
File Deleted : C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\a9vgu9ge.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4F8D-8C74-639629E238FF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16502
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\a9vgu9ge.default\prefs.js ]
 
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none}  #psa-teoma-result .ptbs .WRCN,  #teoma-results .ptbs .WRCN {display:inline !important; background: url(\\\\\"IMAGE\\\\\") r[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\\\\\\\:\\\\\\\\/\\\\\\\\/(.+\\\\\\\\.)?ask\\\\\\\\.com\\\\\\\\/.*");
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4583 octets] - [07/10/2013 11:46:08]
AdwCleaner[S0].txt - [4624 octets] - [07/10/2013 12:18:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4684 octets] ##########
--------------------------------------------------------------------------------------------
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.07.09
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
[administrator]
 
10/7/2013 1:40:37 PM
mbam-log-2013-10-07 (13-40-37).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 250308
Time elapsed: 8 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 October 2013 - 04:07 PM

OK, it's clean now...How is it??? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 Windey

Windey

    New Member

  • Members
  • Pip
  • 6 posts

Posted 07 October 2013 - 05:06 PM

Working fine. Thank you for your help!



#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 October 2013 - 05:16 PM

OK......

a little clean up to do:

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 Windey

Windey

    New Member

  • Members
  • Pip
  • 6 posts

Posted 07 October 2013 - 05:34 PM

The only "tool" I downloaded was the AdwCleaner program. Is it safe to just keep that on my computer for future use and not use OTC to clean up - or was something downloaded that I'm unaware of? Thank you.



#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 October 2013 - 06:11 PM

I'm sorry, you don't have to use OTC.
For AdwCleaner, it's update frequently so always download a fresh copy.

AdwCleaner by Xplode

MrC


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 Windey

Windey

    New Member

  • Members
  • Pip
  • 6 posts

Posted 07 October 2013 - 07:27 PM

Thank you for your help, it is MUCH appreciated!!  :)



#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,202 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 October 2013 - 07:36 PM

OK...Take care :) MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 08 October 2013 - 07:59 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users