Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.Chrome.EXTPOL


  • Please log in to reply
7 replies to this topic

#1 agm89

agm89

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 January 2015 - 02:54 PM

Hi,

 

I just ran a MBAM scan and had some items detected. The only reference to PUM.Chrome.Extpol I could find led to this site. The only recent changes I've made is Private Internet Access VPN.

 

Here is the log from MBAM. SuperAntiSpyware did not detect this.

 

 

 

Thanks! 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-01-22
Scan Time: 11:30:31 AM
Logfile: mbam log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.22.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: ********
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 449214
Time Elapsed: 8 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [c3b07a80fa8fdd5935a8e11d8381eb15], 
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [0c67fffb9dec3501ce0f53ab0400d030], 
 
Registry Values: 2
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, mglkpkkcfpeoajhghfengppajmdpnonh;file:///C:/ProgramData/mglkpkkcfpeoajhghfengppajmdpnonh/update.xml, , [c3b07a80fa8fdd5935a8e11d8381eb15]
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, mglkpkkcfpeoajhghfengppajmdpnonh;file:///C:/ProgramData/mglkpkkcfpeoajhghfengppajmdpnonh/update.xml, , [0c67fffb9dec3501ce0f53ab0400d030]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by hamluis, 22 January 2015 - 03:25 PM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 22 January 2015 - 06:39 PM

The detections are only registry keys related to Chrome extensions. Are you having any specific issues with your computer?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 agm89

agm89
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 January 2015 - 06:49 PM

The detections are only registry keys related to Chrome extensions. Are you having any specific issues with your computer?

 

Maybe a little slow on startup, but no real issues. I'm pretty paranoid about security working from home, weekly scans and always apply updates. I almost never get a hit on a scan, so was surprised to see that show up. I can assume there's no need for concern then?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 22 January 2015 - 07:01 PM

Please download the following tools to your desktop and use them in the order listed. They will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), site owner of Bleeping Computer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[RX].txt) will open in Notepad (where the largest value of # represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 agm89

agm89
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 January 2015 - 07:23 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/22/2015 04:05:08 PM in x64 mode.
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\ARRAN_~1\AppData\Local\Temp\ocrAE22.tmp\bin\rubyw.exe (PID: 7984) [SUP-HEUR]
 * C:\Users\ARRAN_~1\AppData\Local\Temp\ocr65AA.tmp\bin\rubyw.exe (PID: 7068) [SUP-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
 
Program finished at: 01/22/2015 04:05:28 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
 
 
# AdwCleaner v4.108 - Report created 22/01/2015 at 16:10:24
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : arran_000 - AGM-PC
# Running from : C:\Users\arran_000\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\53cb895fc2c6c11b
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.91
 
 
-\\ Chromium v
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [1741 octets] - [13/07/2014 07:10:24]
AdwCleaner[R1].txt - [969 octets] - [22/01/2015 16:08:13]
AdwCleaner[S0].txt - [1818 octets] - [13/07/2014 07:23:39]
AdwCleaner[S1].txt - [893 octets] - [22/01/2015 16:10:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [952 octets] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by arran_000 on 2015-01-22 at 16:13:43.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-01-22 at 16:15:28.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 22 January 2015 - 07:45 PM

Your logs look good.

rubyw.exe is related to your VPN. Programs should not be running from a temp folder so that explains why RKill terminated it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 agm89

agm89
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 23 January 2015 - 11:36 AM

Ok thanks, appreciate the help! 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 AM

Posted 23 January 2015 - 01:50 PM

You're welcome. :thumbup2:

Best Practices for Safe Computing - Prevention of Malware Infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users