Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner keeps finding these two


  • Please log in to reply
12 replies to this topic

#1 red90

red90

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 23 July 2014 - 03:33 PM

I scanned my PC (Windows 8.1) with AdwCleaner and it found this stuff in my browsers:

 

 

-\\ Mozilla Firefox v30.0 (en-US)
 
[ Plik : C:\Users\zzz\AppData\Roaming\Mozilla\Firefox\Profiles\ulybqgjj.default\prefs.js ]
 
-\\ Google Chrome v36.0.1985.125
 
[ Plik : C:\Users\zzz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
When I try to delete them, AdwCleaner removes them successfully but then they show up again in the next scan. Is this something to worry about? I'm not very tech savvy and wanted to be sure.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 AM

Posted 23 July 2014 - 05:10 PM

Those two are not files that are removed. They are the locations in your 2 browsers that AdwCleaner scanned for adware.

 

Are you having a problem with adware....browser/ search engine redirects/ hijacking....popups?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 red90

red90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 July 2014 - 01:34 PM

well, haven't noticed anything suspicious recently, but AdwCleaner removed some other stuff recently.



#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 AM

Posted 24 July 2014 - 02:14 PM

Okay....

no one program will find all adware/ malware. We often recommend using the programs below as well as AdwCleaner.

Malwarebytes Anti-Malware Free

 

Junkware Removal Tool Download

 

Free Virus Scan | Online Virus Scanner from ESET

 

Those programs are free to use. Allow them to remove whatever they find. Safe and effective.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 red90

red90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 July 2014 - 02:52 PM

Malwarebytes log:

 

 

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328428
Time Elapsed: 12 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64, , [4611594a85f640f6949b586f8a78e917], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.Trolotunt.A, C:\Users\Ola\AppData\Local\Temp\trolatuntSetup.exe, , [e572673c83f802345bf8663a2fd5f808], 
PUP.Optional.Spigot.A, C:\Users\Ola\AppData\Local\Temp\PIPInstaller_PTV_.exe, , [bb9cb4ef6c0f1d196bf3f03d80817987], 
PUP.Optional.Somoto, C:\Users\Ola\AppData\Local\Temp\bitool.dll, , [b99ec4dfff7cb581f6a5c2726c967d83], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys, , [4611594a85f640f6949b586f8a78e917], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
quarantined them.


#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 AM

Posted 24 July 2014 - 03:18 PM

You need to run the other two scans, too.

 

One of the PUPS mentioned Sanbreel.A is mentioned on the web as being dropped by a rootkit. Would be a good idea to

scan for rootkits.

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 red90

red90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 July 2014 - 03:31 PM

JRT log is empty:

 

~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-07-24 at 22:25:33,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
TDSSKiller - "no threats found" 
 
 
ESET needs some more time, will post the results later


#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 AM

Posted 24 July 2014 - 04:20 PM

ESET scan time varies from 30 minutes to hours....depending on number and size of files and computer resources.

 

We'll keep a light on for you...:)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 red90

red90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 24 July 2014 - 04:30 PM

ok, ESET found no threats, too



#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 AM

Posted 24 July 2014 - 05:24 PM

Good...Happy surfin'!


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 red90

red90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 25 July 2014 - 02:59 PM

thanks a ton!

 

should i keep the programs installed and perform the scans once in a while?



#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 AM

Posted 25 July 2014 - 03:30 PM

You can uninstall AdwCleaner. It updates by reinstalling. Open AdwCleaner and click on the Uninstall tab.

 

The free version of MBAM will need to be manually updated occassionally and immediately before scanning with it.

 

Junkware Remover will update before each scan.

 

You can uninstall the ESET online scanner or I think it will ask to be updated before scanning.

 

Suggest you use CCleaner to remove ad/ tracking cookies, temporary files, logs, etc. Be sure to pay attention

while installing and UNcheck any offers of toolbars, etc. No need to use the Registry Cleaner and it has the potential

to cause problems. Just use the default settings. CCleaner - PC Optimization and Cleaning - Free Download

 

Again...happy surfin'!...and you are welcome.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 hootg1952

hootg1952

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 12 July 2015 - 10:30 AM

I realize this is a year later than the last post, but I came upon this thread after a Google search led me here. I have been "fighting" this issue of AdwCleaner and HitmanPro continually finding Ask and AOL references in Chrome data.

 

I found the reason why. I went to the Chrome settings, clicked the "Manage search engines..." box and clicked the little "x" at the end of the lines for Ask and AOL. They are gone!

 

Hope this helps!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users