weigaocb

Help with PUP.Optional.BrowseFox.A problem

8 posts in this topic

Hello,

 

I ran Malwarebytes.  It found one malicious software: PUP.Optional.BrowseFox.A.  I tried to delete it several times, but not sucessfull.  Every time I deleted it, the log showed delete on reboot.  But when I restarted the laptop and ran Malwarebytes again, the malware is still there.

 

Please help me to remove it.

 

Thank you,

 

Wei

Share this post


Link to post
Share on other sites

Try this:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Hi, thank you for helping me.

 

1. AdwCleaner:

 

I ran several times AdwCleaner yesterday.  So, when I ran it today, there is not a lot of stuff in the log file.  Here is the content of the log file:

 

# AdwCleaner v3.001 - Report created 28/08/2013 at 09:46:08
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : liadmin - LI_HP
# Running from : C:\Users\ChuanWei\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Users\liadmin\AppData\Roaming\Mozilla\Firefox\Profiles\m8v34edd.default\prefs.js ]


[ File : C:\Users\ChuanWei\AppData\Roaming\Mozilla\Firefox\Profiles\3m26p3ss.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [37506 octets] - [28/08/2013 00:28:40]
AdwCleaner[R1].txt - [1000 octets] - [28/08/2013 01:13:05]
AdwCleaner[R2].txt - [1121 octets] - [28/08/2013 01:18:37]
AdwCleaner[R3].txt - [1181 octets] - [28/08/2013 09:44:17]
AdwCleaner[s0].txt - [38234 octets] - [28/08/2013 00:29:53]
AdwCleaner[s1].txt - [1061 octets] - [28/08/2013 01:13:55]
AdwCleaner[s2].txt - [1105 octets] - [28/08/2013 09:46:08]

########## EOF - \AdwCleaner\AdwCleaner[s2].txt - [1165 octets] ##########
 

2. Malwarebyte:

 

Then I changed the settings of Malwarebytes, and ran a quick scan, the infected object is still there.  So, I removed it and restart the laptop.  Here is the log file:

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.08.27.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

ChuanWei :: LI_HP [limited]

 

Protection: Enabled

 

8/28/2013 2:33:04 PM

mbam-log-2013-08-28 (14-33-04).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194570

Time elapsed: 1 minute(s), 44 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Delete on reboot.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

After restarted the PC, I ran a quick scan of Malwarebytes again, the infected object is still there!!!

 

Thank you,

 

Wei

Share this post


Link to post
Share on other sites

Did you run JRT:

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC

Share this post


Link to post
Share on other sites

Hi MrC,

 

Here is the content of the log file:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by liadmin on Wed 08/28/2013 at 15:22:14.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/28/2013 at 15:22:14.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

After I ran JRT, my whole desktop gor rearranged.  Malwarebytes got updated to a newer version.  Then I ran a scan on Malwarebytes, I found three infected objects.  I removed them, here is the log file:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
liadmin :: LI_HP [administrator]

Protection: Enabled

8/28/2013 3:48:01 PM
mbam-log-2013-08-28 (15-48-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273257
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\liadmin\Local Settings\Temporary Internet Files\Content.IE5\RU2W2SP2\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.

(end)
 

Looks like all three are removed sucessfully.  I will restart my PC and rescan Malwarebytes again to see if there is anything else.

 

Thank you,

 

Wei

Share this post


Link to post
Share on other sites

Hi MrC,

 

After the PC is restarted, I ran a quick scan of Malwarebytes.  It found nothing this time!  I think the problem is resolved.  If I still need to run somthing to make sure my PC is clean, please let me know.

 

Thank you very much,

 

Wei

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.