Hello,
Please share the whole scan logfile usually located in C:\AdwCleaner\AdwCleaner[Sxx].txt.
Thanks,
Hello,
Please share the whole scan logfile usually located in C:\AdwCleaner\AdwCleaner[Sxx].txt.
Thanks,
Hello,
Thanks for the feedback!
Can you share the remaining folders containing the .xpi?
Best regards,
fr33tux, 2016-11-15 19:00:21 (UTC)
Hello, i copy here the log file. You can see the folders address. AdwCleaner say "deleted", but after the system restart, still remain in system. Anyway, i write and repeat here for whom read this post: AdwCleaner makes it's job, isolate and quarantine...
Hello,
Can you share the whole logfile please?
Thanks,
Hello,
Can you share the whole logfile?
Thanks,
fr33tux, 2016-11-02 20:00:05 (UTC)
Hi
yes I can . I just make another test for this issue by re-run adwclaner and it happne once again ! and here is my log file https://up2sha.re/file?f=MhAfUZpgJsfl
Hello,
Can you share the whole logfile?
Thanks,
I created new firefox profile using Profile Manager, then I copied all files fromt the old profile to the new one. AdwCleaner did not detect any suspicious files in that new profile folder, so I guess I'm good?
Hello,
Thanks M-K-D-B, sorry for misunderstanding.
@Simplex: Can you zip me the folder "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1" and your profile: "4ui6vnjc.Simplex" ? I'll merge the two so that you'll find a clean profile, and you will be able to clean with AdwCleaner the malicious one.
Thanks,
You're right, nice catch! But that really is my main firefox profile. Did malware hacked its name, or what?
I searech for this profile ID and found in int he following places:
c:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41a66e7e5ee1
c:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41a66e7e5ee1
I am certain that when I told adwcleaner to delete this folder, my firefox pro...
This element seems to be a FP caused by a generic detection.
Sorry, but I don't think so.
There are - only at the german TB forum - at least 50 topics with this ff profilename "41A66E7E5EE1".
Usually, every ff profilename is almost unique, 41A66E7E5EE1 isn't unique.
It is related to Yondoo browser hijacker, I've seen multiple topics with this variant.
my suggestion:
Check profiles.i...
Hello,
Sorry I was unclear. You can deselect the element "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1" from the "Folders", and do a clean.
This element seems to be a FP caused by a generic detection.
Best regards,
Get Malwarebytes for powerful protection against adware and threats.
Get Malwarebytes Now