Nothing seems to work - PUA:Win32/InstallIQ

[Dave Edwards]

Thanks for the inclusion. My base protection is Windows Defender. It notified me of a PUA:Win32/InstallIQ threat.
I have tried Malwarebytes, Hitman Pro, Zemana, Emisoft, and Wipersoft, all to no avail. Any suggestions?

 

[Soulbound]

Post your security configuration that you are currently using and then await some replies.

On a side note, that is a PUA (Potentially unwanted application).

If you wish to remove that, you can follow this (Trend Micro has trials you can use)

PUA.Win32.InstallIQ.AB - Threat Encyclopedia - Trend Micro AE

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

www.trendmicro.com

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

Sorry for this long delay,

If you still need help please follow these instructions
===

[/b][/b]Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

 

[nasdaq]

Are you still with me?

 

[Dave Edwards]

Thanks for your keen interest. Been away since your fist memo, haven't had an opportunity to work on it, but I will, probably tomorrow AM

 

[nasdaq]

I'll be here.

 

[Dave Edwards]

FINALLY GOT TO IT. FILES ATTACHED

 

[nasdaq]

Hi,

The programs in bold are PUP (Potentially Unwanted Program.
These are so-called "system optimizers" use intentional false positives to convince users that their systems have problems.

WiperSoft 1.1.1154.64 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.1.1154.64 - WiperSoft)
Removal instructions for WiperSoft

Removal instructions for WiperSoft

What is WiperSoft?The Malwarebytes research team has determined that WiperSoft is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these p...

forums.malwarebytes.com

WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.34.1.6 - Corel Corporation)
Removal instructions for WinZip DriverUpdater

Removal instructions for WinZip DriverUpdater

What is WinZip DriverUpdater?The Malwarebytes research team has determined that WinZip DriverUpdater is a "driver updater". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it...

forums.malwarebytes.com

Is Malwarebytes reporting these program when you scan the computer?
Do you want to keep them?

===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

How to Delete/Restore quarantined files.

Restore quarantined files in Microsoft Defender Antivirus

You can restore quarantined files and folders in Microsoft Defender Antivirus.

docs.microsoft.com

Follow the directives on the page to delete[]/b] all the files in the quarantine folder.
<<<>>>

If the problem persists and Chrome is Synced with other Devices reset it.

Chrome Secure Preferences detection always returns

Browser-related remediation (especially concerning preference/configuration files) can be particularly troublesome given the safeguards built into the browsers, along with syncing mechanisms and other complications associated with Internet browsers. The issue you're experiencing is likely caused ...

forums.malwarebytes.com

Sign in & sync in Chrome - Computer - Google Chrome Help

When you sign in to Chrome with your Google Account, you can get your info on all your devices and use additional Chrome features. When you sign in You can get your bookmarks, passwords, and

support.google.com

Execute the suggested fix.

Restart the computer normally.
===========

Please post the Fixlog.txt and let me know if the problem is solved.

 

[Dave Edwards]

1. WiperSoft and WinZip Driver Updater have been eliminated
2.Followed your instructions, Fixlog.txt is attached
3.Attached file InstallIQ.jpg explains further action taken.

 

[nasdaq]

Hi,

Let's see what we can find in the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
503138f.msi
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

 

[Dave Edwards]

Copy as follows:

Farbar Recovery Scan Tool (x64) Version: 04-10-2020
Ran by Owner (07-10-2020 12:48:07)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

================== Search Registry: "503138f.msi" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F0BC1E8FB762504AA32AF229E84401C\InstallProperties]
"LocalPackage"="C:\Windows\Installer\503138f.msi"

====== End of Search ======

 

[nasdaq]

Hi,

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F0BC1E8FB762504AA32AF229E84401C\InstallProperties]
"LocalPackage"=-

Restart the computer when completed.

You can delete the fixme.reg file when done.

Is the problem solved?

 

[Dave Edwards]

I merged the .reg file and restarted. The alert still appeared in the taskbar. Also, the system was slow and unresponsive, so I did another restart. Now the alert is not there. I do believe we have success! I appreciate all your efforts! THANK YOU!!

 

[nasdaq]

Hi,
Good move. Sometime it does need 2 restarts.

Stay safe.

 

[Dave Edwards]

Recent scan report shows actions as either QUARANTINED or REPLACED...QUARANTINED I understand. Please explain REPLACED ( i.e.with what?)

 

[nasdaq]

Hi,

Recent scan report shows actions as either QUARANTINED or REPLACED...QUARANTINED I understand. Please explain REPLACED ( i.e.with what?)

Need more information.
Can you please post the report for my review.

 

[Dave Edwards]

file attached

 

[nasdaq]

Hi,

Execute this.

If the problem persists and Chrome is Synced with other Devices reset it.

Chrome Secure Preferences detection always returns

Browser-related remediation (especially concerning preference/configuration files) can be particularly troublesome given the safeguards built into the browsers, along with syncing mechanisms and other complications associated with Internet browsers. The issue you're experiencing is likely caused ...

forums.malwarebytes.com

Sign in & sync in Chrome - Computer - Google Chrome Help

When you sign in to Chrome with your Google Account, you can get your info on all your devices and use additional Chrome features. When you sign in You can get your bookmarks, passwords, and

support.google.com

Execute the suggested fix.

Restart the computer normally.
===========

If the problem persists do this.

Malwarebytes.

How to Delete/Restore quarantined files.

Restore or delete quarantined items in Malwarebytes for Windows

When Malwarebytes for Windows executes on-demand scans, scheduled scans, and Real-Time Protection events, some files may be categorized as threats. These files get removed from the disk location wh...

support.malwarebytes.com

Follow the directives on the page to delete all the files.
<<<>>>

Is the problem solved?

 

[Peaches64]

Hi,

Execute this.

If the problem persists and Chrome is Synced with other Devices reset it.

Chrome Secure Preferences detection always returns

Browser-related remediation (especially concerning preference/configuration files) can be particularly troublesome given the safeguards built into the browsers, along with syncing mechanisms and other complications associated with Internet browsers. The issue you're experiencing is likely caused ...

forums.malwarebytes.com

Sign in & sync in Chrome - Computer - Google Chrome Help

When you sign in to Chrome with your Google Account, you can get your info on all your devices and use additional Chrome features. When you sign in You can get your bookmarks, passwords, and

support.google.com

Execute the suggested fix.

Restart the computer normally.
===========

If the problem persists do this.

Malwarebytes.

How to Delete/Restore quarantined files.

Restore or delete quarantined items in Malwarebytes for Windows

When Malwarebytes for Windows executes on-demand scans, scheduled scans, and Real-Time Protection events, some files may be categorized as threats. These files get removed from the disk location wh...

support.malwarebytes.com

Follow the directives on the page to delete all the files.
<<<>>>

Is the problem solved?

No

 

[nasdaq]

Hi,

I post not 2 the notice comes from Trendmicro.
I do not see this program on you computer.
Do you have any ideas as to what may trigger this Trendmicro notice?