Hello,

I run Windows10 Chrome -- got a malware popup when on tunein radio. Along with the following popup, a voice came on and said "your pc is infected with Malware, do not ignore this, etc:

** Zeus Virus Detected  - Your Computer Has Been Blocked **

Error: Trojan Backdoor Hijack #365838d7f8a4fa5

______________

I ran adwcleaner after no success with windows defender, norton, malwarebytes, and zemana. AdwCleaner identified three objects titled "PUP.LEGACY.OPTIONAL".

Was then prompted to restart, at which time objects are said to be removed. When I logged back in and ran adwcleaner scan again, it identified the same three objects. Tried several more times with same result so doesn't look like objects were removed.

Any advice you can provide as per how to resolve would be greatly appreciated.

Re: PUP.Legacy.Optional - 3 Threats Identified

Hello,

Can you share AdwCleaner logfile? (you can find it from C:\AdwCleaner\)

Also, can you share the results from MB3 analysis?

Thanks,

Re: PUP.Legacy.Optional - 3 Threats Identified

Sure can. Logfile below (I'm not familiar with MB3 analysis -- I google'd it, but not clear on how to execute on my computer -- if you can tell me how to run MB3, I'd be glad to):

Log file:

# AdwCleaner v6.047 - Logfile created 16/07/2017 at 04:04:35 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-07-13.1 [Local] # Operating System : Windows 10 Home  (X64) # Username : Chris Jankowski - DESKTOP-BCDGU1E # Running from : C:\Users\Chris Jankowski\Downloads\adwcleaner_6.047 (3).exe # Mode: Scan # Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****  

Re: PUP.Legacy.Optional - 3 Threats Identified

Hello,

Can you run this software instead: https://support.malwarebytes.com/docs/DOC-1375 ?

It will grab you all your logfiles in one zip file, you'll just need to send me this zip file using https://up2sha.re

Best regards,

Re: PUP.Legacy.Optional - 3 Threats Identified

Could be that you are a victim of bundleware. Basically, alongside normal maybe even useful software, some providers bundle malicious or useless software just to increase downloads and such. Have you downloading anything from 3rd party providers and not official sources?. Regardless of the fact, Malwarebytes or ADWCleaner should have picked it up and removed it, it could be much more thorough. You could try removal options in Windows "Safe mode with networking". Regardless, I will wait for fr33tux to update this thread.

Re: PUP.Legacy.Optional - 3 Threats Identified

Thank you for the feedback. I ran the MB check and uploaded the zip file. Didn't get confirm when uploaded the zip and may have submitted more than once -- please advise if you did not receive it.

 

Re: PUP.Legacy.Optional - 3 Threats Identified

John Ross -- thanks for the thought. May be something to what you're saying. The warning pops up on one site only -- tunein radio and only one program 94 wip sports talk. Doesn't happen when I listen to CNN, 97.5 Sports, and various music stations on tunein; only when I listen to 94wip so perpahs it's something that's being downloaded from that site only.

As for safe mode w/networking, was hoping to find solution this way first. If unsuccessful, will try safe mode scans. 

Re: PUP.Legacy.Optional - 3 Threats Identified

Hello,

Please share here the generated link you got back from Up2Sha.re at the end of the upload.

Thanks!

Re: PUP.Legacy.Optional - 3 Threats Identified

I took a look at steps to do safe mode w/networking scan few weeks ago. When I tried to start it on my PC, I ran into some abmiguous choices and was afraid to pick the wrong option and really screw something up so I cancelled the scan. 

Point of reference -- I'm pretty good with everyday computer issues, but in over head when dealing with startup processes, program installs, etc. 

Re: PUP.Legacy.Optional - 3 Threats Identified

Sure thing -- link as follows:

https://up2sha.re/file?f=zm5Fq0f2

Please advise if that's not what you're referring to.

Re: PUP.Legacy.Optional - 3 Threats Identified

Thanks, that's what I'm looking for.

I'll let you know asap.

Re: PUP.Legacy.Optional - 3 Threats Identified

Hello,

Can you use the latest AdwCleaner version (7.0.0.0) from here; https://toolslib.net/downloads/viewdownload/1-adwcleaner/ ?

Thanks,

Re: PUP.Legacy.Optional - 3 Threats Identified

Ran v7. This time only found two elements -- same file "PUP.LEGACY.OPTIONAL". Computer restarted after I clicked clean/remove option. When I ran scan again, same two objects were found. If you can think of any options, please advise. If think running scans in safe mode w/networking is best option, I'll give that a shot.

Thanks again for all the help. 

Re: PUP.Legacy.Optional - 3 Threats Identified

Please try in safe mode, and share the scan and/or clean logfile :)

Thanks!

Re: PUP.Legacy.Optional - 3 Threats Identified

Looks like safe with nw did the trick. Same two elements were identified, but this time the removal process included a step "cleaning chrome", which definitely wasn't in any of the other scans. When I restarted in regular mode and ran another scan with v7, there were "no unwanted objects found". Super psyched!!

Below are two log files -- first is the one generated after removal of two unwanted objects in safe mode; the second is the one that came up with no unwanted objects in regular mode. Thanks again for your insight -- Malwarebytes kicks ass!

 

Log file #1 -- after identifying and removing two unwanted objects in safe mode with nw.

# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 20 05:47:03 2017 # Updated on 2017/17/07 by Malwarebytes  # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.  

Log file #2 - no unwanted objects found after scan in regular mode:

# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 20 05:58:45 2017 # Updated on 2017/17/07 by Malwarebytes  # Database: 07-19-2017.5 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

 

Re: PUP.Legacy.Optional - 3 Threats Identified

Glad you could solve the issue. And yeah, Malwarebytes is amazing, but I have found myself using ADWCleaner as well, there are something things one software doesn't clean as good as other, which is why it is always recommended to do multiple scans with multiple anti-malware solutions, just to be 100% sure.

Re: PUP.Legacy.Optional - 3 Threats Identified

Agreed. One strange result after running AdwClnr v7 safe mode scan -- first time used search engine noticed it had been switched to duckduckgo -- figured it's a browser hijack of some sort so chgd search engine setting bk to google and removed duck from list.

I then searched for add ons and related software and found none. Ran v7 safe mode scan again next day. No unwanted objects found, but again the browser hijack switched google to duckduck. Are you aware of this happening to other users? Anything I can do disable the browser hijack when running adwcleaner?

Re: PUP.Legacy.Optional - 3 Threats Identified

Hello,

It's not a browser hijack, it's the search-engine setting that AdwCleaner set after removing a malicious one. This will be back to google.com by default, with a dropdown in the Options UI to choose between seevral search engines.

Just to be sure, you say that Duckduckgo has been set even if you didn't get any Chrome or Firefox detections?

Re: PUP.Legacy.Optional - 3 Threats Identified

Thanks for the feedback. The first time browser reset to duck was after identifying and removing 2 unwanted objectes (PUP.LEGACY.OPTIONAL). The second time it happened, however, was after the next safe mode scan in which no unwanted objects were detected. 

Re: PUP.Legacy.Optional - 3 Threats Identified

Thanks. It was with the Chrome browser ?