Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.GreatArcadeHits.A Keeps coming Back


  • Please log in to reply
15 replies to this topic

#1 tomkay44

tomkay44

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 11:22 AM

For the past few months "PUP.Optional.GreatArcadeHits.A" keeps being detected by MBAM on my personal laptop and desktop.  I've ran JTS and AdwareCleaner but they don't seem to help.
 
For resident virus software, I'm running Microsoft Security Essentials on both systems.  I also run WinPatrol resident on the laptop with no conflict with MSE.  I also scan with SuperAntiSpyware periodically but nothing detects it but MBAM
 
I'm attaching a Hijack log generated by WinPatrol and my last MBAM log.  
 
The MBAM log had 10 occurrences this time.  The most ever.
 
Any help would greatly be appreciated. 

Attached Files


Edited by hamluis, 27 January 2014 - 11:50 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 11:32 AM

Do you have Wajam or Wild Tangent installed on the system? Any other games-based app?

 

EDIT: You have some malware embedded in your Chrome. I would try reinstalling, and make sure you download Chrome from Google's website only.


Edited by Netghost56, 27 January 2014 - 11:33 AM.


#3 tomkay44

tomkay44
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 11:39 AM

I'm assuming I need to uninstall Chrome prior to re-installing.  Correct?

 

If I am correct in my assumption, do I need to do anything more than remove it in "Add/Remove Programs" from the Control panel?



#4 tomkay44

tomkay44
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 11:43 AM

Sorry.  Forgot to answer you question Netghost56.  I'm almost certain I don't have Wajam or Wild Tangent installed. 



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 54,839 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:51 AM

Posted 27 January 2014 - 11:44 AM

Please...make no changes to your system.

 

Moving topic to Am I Infected forum.

 

Louis


Edited by hamluis, 27 January 2014 - 11:49 AM.


#6 tomkay44

tomkay44
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 11:46 AM

O.K. Louis.  I'll wait to hear from you.  Thanks!



#7 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:51 AM

Posted 27 January 2014 - 12:03 PM

Your MBAM log says 'no action taken'. That means you haven't allowed MBAM to remove the adware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 tomkay44

tomkay44
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 12:22 PM

I had clicked on the Save log button before I removed the items so I ended up with two logs.  Sorry about that. Pasting the correct one now cause I see no option to attach.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.27.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
K :: TOSHIBA-USER [administrator]
 
1/27/2014 9:15:40 AM
mbam-log-2014-01-27 (09-15-40).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 228325
Time elapsed: 11 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_1 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
Files Detected: 6
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2\cs.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2\header.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2\info.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_2\manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
 
(end)


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:51 AM

Posted 27 January 2014 - 12:31 PM

Hi,

 

Uninstalling an extension in chrome:
  1. Click the Chrome menu on the browser toolbar.
  2. Click Tools.
  3. Select Extensions.
  4. Click the recycle bin icon by GreatArcadeHits to completely remove it.
  5. A confirmation dialogue appears, click Remove.

 

See if MBAM still detects GreatArcadeHits after this.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 12:47 PM

What Toffee posted.

 

I don't use Chrome so I wasn't going to attempt to explain how to remove an extension.



#11 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:51 AM

Posted 27 January 2014 - 12:58 PM

And if it does come back....run a scan using Free ESET Online Antivirus Scanner

 

Cleanup temp files, logs, etc. using CCleaner - PC Optimization and Cleaning - Free Download

Pay attention while installing CCleaner and uncheck the install of toolbars,etc. especially Yahoo Toolbar.

No need to use the Registry Cleaner Tool and it may cause problems.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 tomkay44

tomkay44
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 27 January 2014 - 01:57 PM

Thanks everyone!  That seemed to do it.  I sure appreciate it.

 

FYI.  In Ccleaner under Startup-Chrome there were other extensions I think are all related to this problem.  

 

1. New Tab Page

2. Google Wallet

 

Google Wallet doesn't show in Chrome's Tools/extentions but you can disable and delete it from Ccleaner.  New Tab Page (or maybe it was Next Tab Page) and Great Arcade Hits is in Chrome-Tools-extensions.  You have to get rid of all three or Chrome starts choking on its cookies a little (or a lot depending on what you don't delete. 

 

I didn't notice till just now that all the legitimate things where listed in Ccleaner as under the Key column as Apps but and these three were at the bottom with Ext in the Key column.  

 

I Chrome, he only extension I had left was Google Docs so I got rid of it also.  Once I had no extensions left Chrome was giving some kind of message like it was depressed because it didn't have any extensions so I went to the extension gallery and grabbed one called Browser Brat and now GOOGLE WALLET is back (You can only see it in Ccleaner)??

 

What up with that??  Is Google Wallet Legit? 

 

Again.  Thanks SO much for all you folks help.



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:51 AM

Posted 27 January 2014 - 02:15 PM

Hi,

 

You are welcome, you have to be careful of some Chrome extensions sometimes.

I think this link should explain Google wallet to you. I guess whenever you install an extension it will add it back, I wouldn't really worry about it though personally.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:51 AM

Posted 27 January 2014 - 02:17 PM

You can read about Google Wallet on many sites...here's one: Google Wallet - Wikipedia, the free encyclopedia

 

If you still allow ad/ tracking cookies, the link the below has info on how to prevent their install. Once you have blocked

them from installing, use Super Antispyware to remove the ones installed now, or simply delete all cookies manually.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#15 tomkay44

tomkay44
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lumberton, Texas
  • Local time:02:51 AM

Posted 29 January 2014 - 11:29 AM

Google Wallet comes back even though I have no extensions.  I guess that's OK.  Correct?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users