Solved Malware keeps coming back

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Hey, so i've gotten this malware and i know what program caused it but i deleted it and have no clue now, sorry :/ But the main issue is, as i said i cleaned it with Adwcleaner and it finds it and removes it (I'm certain that's it but when i restart chrome it "re-installs" itself. Also I've used FRST but i don't know how useful it will be as i'm puzzled whether it worked or not Now enough from the cryptic talk.

it's under
C:\Users\my user\Appdata\local\google\chrome\user data\default\secure preferences
inside the file (opened with notepad++)
this is the culprit:
plnkhmnoajbfccclonaeepohggeolcih (more details in uploaded logs)
Also, over time due to the popups it also installs some random tinytask thing + uk.ask.com or whatever search provider (also in logs)
Now, as i mentioned above i've checked installed programs and services and found nothing out of the place. I have no clue how the hell should i go about fixing this as its a nasty malware that doesnt wanna get removed. The only sites i found relating to this issue are spanish and the forums even with translate didnt help much so i'm here to ask for some help! Thanks for anything in advance
 

Attachments

  • AdwCleaner[C4].txt
    1.9 KB · Views: 1
  • FRST.txt
    582 bytes · Views: 1
  • Like
Reactions: davhag49

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
When i run it it jsut goes like a quarter of the way then shuts down? I thought its normal since it did produce some files
 

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Can you reboot your PC and try again? Don't check any option when you start FRST. Just click Scan.
Will do in about 10 mins i just got some quick work to do and by uncheck you mean everything? like additional.txt and whitelist (already have just making sure)
 

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Well i restarted and it still doesn't finish running, can i get the download link again because i can't find it anymore, maybe it will work now?
 

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Finally got it working, i edited my original post and added the new logs (also quick note, my Windows install is fairly new, i reinstalled windows about a month or 2 ago on a new SSD
 

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Sry didn't edit its here:
 

Attachments

  • Addition_22-01-2017 17.32.35.txt
    41.4 KB · Views: 2
  • FRST_22-01-2017 17.32.35.txt
    51.2 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Here is the report, but i can already say, despite the amount of junk it found its definitely still here... Adwcleaner finds it, removes it but there is something that keeps putting it back...
 

Attachments

  • 2017.01.22-21.21.01-i0-t92-d34.txt
    16.3 KB · Views: 3

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Hello pardon me for the delay, here are the logs, however a quick note: i think its spreading/ expanding since now when i started my browser it started on "Secure Surf – The search engine that respects your privacy." website which it definitely shouldn't have ( i haven't removed it again with adwcleaner last night)
 

Attachments

  • Addition_23-01-2017 17.51.20.txt
    40.4 KB · Views: 1
  • FRST_23-01-2017 17.51.20.txt
    51.5 KB · Views: 1

AntaresSQ01

New Member
Thread author
Verified
Jan 22, 2017
26
Also. just done a quick adwcleaner scan, and its still that file, i think this piece of s*** just keeps putting ads and stuff in my "secure preferences"...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top