''Help, SuperDave-Genius!''

[Roger707]

Hi Dave-Genius,
My laptop has been running slow and sometimes freezing so
Malwarebytes Anti-Malware (free) scan has detected:

PUP.Optional.SearchResults.A

Progress:
I have Quarantined it and nothing is posted about it on the Net
so am wondering if this is a real threat or false positive.
I have also done all the possible Avast (free) anti-virus scans,
incl a boot-scan but
nothing was detected.

Malwarebytes report:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29-Jun-15
Scan Time: 12:54 AM
Logfile: 7777.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.28.04
Rootkit Database: v2015.06.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zumba

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355881
Time Elapsed: 43 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SearchResults.A,
C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\bvgrk2f1.default\searchplugins\Search_Results.xml,
Quarantined, [6ca85c649cee84b29df770a76d97926e],

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks,
Roger707

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[Roger707]

Thanks Allan but I am looking for Dave.

[Allan]

And I'm pointing out that there is a process in place at CH for individuals requesting assistance with (suspected) Malware removal. Please read the thread to which I directed you and submit all of the requested logs so Dave can help you.

While we're at it, please explain exactly WHAT is slow - booting, loading apps, the Internet, etc. Please explain your problem in detail. Also, when it "freezes" does it happen when you are doing something in particular or is it random? How many times has it happened?

Thank you.

[Roger707]

Allan please send me the right link, today your link mistakenly links to a different page.

WHAT is slow - the Internet, sometimes

It "freezes" -  it is random, so then I press on the key that has the Windows logo on it (what's that?) and it "melts"[i.e everything's normal again]

How many times has it happened? almost every time I have been using the Internet. One day Windows called me, [how they have my home number?] in order to tell me that I have some malware on my computer [but there are a couple of computers here so how do they know precisely ?] that I can't see and that is negatively affecting my computer. I did not take this message seriously, didn't do a scan, only did the regular anti virus and windows etc updates. That was like 2 months ago.

Lately Yahoo has been sending me a message that they do not recognize my device and so are using their security measures, Sending me the entry code via sms.. This first happened when I was traveling but then I returned and yahoo didn't recognize my device although I have been logging into yahoo repeatedly from the same location after I had already identified myself thru their security procedure once (sms..).

[Allan]

1) Here is the link: http://www.computerhope.com/forum/index.php/topic,46313.0.html

2) If it's just the Internet, please start by trying a different browser (Firefox, Opera, Chrome, etc) - does the problem still exist with a different browser?

3) Microsoft does not call users. That was a scam call. Hopefully you did not give them remote access to your system.

4) You may very well have some sort of malware on your system. Please go ahead and post the logs so Dave can take a look at them.

[Roger707]

1- Allan again you sent me the wrong link, check by clicking on it
2- I meant it is the internet but with the Firefox browser
3- no, thank goodness
4- in the meantime avast and malwarebytes labs are analysing
that suspicious file. Avast gave me some homework..

Do you believe that ?:

Our virus specialists have been working on the problem and they informed me that Malwarebytes is not detecting the file anymore (as you can see on this website: https://www.virustotal.com/en/file/34344448ecf726a9693355fb1048938d41320ded6c839b7c5550fa8807a7425d/analysis/1435656081/ )

This detection was probably their false positive, but if everything is working correctly, you can leave things as they are.

I would still recommend you to clean your computer manually by following these steps:


thx

[BC_Programmer]

The Link Allan provided is fine. It goes to the "Read this before requesting malware removal help" topic.

[Allan]

Roger - please try a different browser and see what happens. It seems the PUP is in your Firefox profile as a plug-in. BTW, not all PUP's are unwanted or malicious. You can even try Firefox in SAFE MODE if you like, but either way we need to know what happens when you aren't running your regular browser in normal mode.

[SuperDave]

Here are the scans I will need.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[Roger707]

Allan, the link you provided only lands me in the right page [including with another browser, eg. Internet Explorer) when I copy it and paste it in a newly opened page. It does not work whenever I click on it or, whenever I  click on Open link in a New Tab , or Open link in New Private Window.   

Will try SuperDave suggestion now..

[Roger707]

Thank you Dave

*AdwCleaner

No log was produced. I think since nothing was detected. [''Waiting for action. Please uncheck elements you want to keep.'' but I didn't see any elements listed..]

* Malwarebytes Anti-Malware
so now was the second time I had done the scan and this time nothing was detected.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01-Jul-15
Scan Time: 4:43 PM
Logfile: mwbytes 0107.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.01.03
Rootkit Database: v2015.06.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lola

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357407
Time Elapsed: 30 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

*JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.5 (07.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lola on 01-Jul-15 at 17:46:32.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Lola\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Lola\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Lola\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Lola\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-Jul-15 at 18:01:59.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Roger707]

Note: during all those scans [see last post above] the suspicious file was still in the Malwarebytes quarantine [see my first post].

In the meantime I have also done the following as suggested by Avast to me:

reset your web browser to its default settings:
Internet Explorer: http://support.microsoft.com/kb/923737/en or http://windows.microsoft.com/en-us/windows7/reset-internet-explorer-settings-in-internet-explorer-9
Firefox: https://support.mozilla.org/en-US/kb/reset-preferences-fix-problems
Chrome: https://support.google.com/chrome/answer/3296214

I think that specific step may have improved my laptop's performance.

Is my laptop safe now ?

Also, what do I do with that quaranteened file ?

Should I format my hard drive just in case ?
One specialist I knew used to always tell me, ''You never know, the malware may be hiding or have muted or spread and may suddenly reappear some time later when you least expect it''...

What's your opinion about that ?

[SuperDave]

Also, what do I do with that quaranteened file ?

Open MBAM and clear the quarantined files.

Should I format my hard drive just in case ?

Not at this time. Let's run some more scans.

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

***********************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Roger707]

MB beta version scan
after I read the Disclaimer in your link I didn't dare to do the scan,
I am afraid this tool could harm my laptop more than repair.
This is not an experiment.
If you know a non-beta version I will do it

ESET OnlineScan
no threats found
no Export to text file-button