Adlice forum

General Category => Malware removal help => Topic started by: loki125 on August 30, 2019, 11:42:38 AM

Title: PUP.Gen1 "Search" folder C:\Program Files (x86)\Search\Data\Temp\usgthrsvc
Post by: loki125 on August 30, 2019, 11:42:38 AM

After many months of this malware returning I just reset Windows with "Clean Start" and the adware is there again, in all its glory.

For me the path is C:\Program Files (x86)\Search

I check it manually every day and it is reapearing after I manualy delete it or after I scan with Rougekiller and adwcleaner.
I thought the "windows clean start" would fix it but it seems i have to format my discs to get rid of it :(

If someone could point me to an easier solution, I am forever grateful.

edit:To clarify the clean start does only reset Windows and all installed programs. My other drives were uneffected. Maybe the malware has nested on these drives, although it is always detected on C: ?

edit2: For the last several days I had trouble with windows updates where i couldnt update. I suspected the malware to be the cause. The update problem is fixed.

-----


Modus : Standard-Scan, Scannen -- Datum : 2019/08/30 11:09:40 (Dauer : 00:04:08)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozesse ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozessmodule ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dienste ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts-Datei ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dateien ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potenziell bösartig)] (folder) Search -- C:\Program Files (x86)\Search -> Gefunden

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Webbrowser ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Title: Re: PUP.Gen1 "Search" folder C:\Program Files (x86)\Search\Data\Temp\usgthrsvc
Post by: Curson on August 31, 2019, 02:13:03 AM

Hi loki125,

Welcome to Adlice.com forum.
Could you please make an archive of the "Search" folder including all its content (files and subfolders) and attach it with your next reply ?

Regards.

Title: Re: PUP.Gen1 "Search" folder C:\Program Files (x86)\Search\Data\Temp\usgthrsvc
Post by: loki125 on August 31, 2019, 02:57:57 AM

here you go

Title: Re: PUP.Gen1 "Search" folder C:\Program Files (x86)\Search\Data\Temp\usgthrsvc
Post by: Curson on August 31, 2019, 04:11:17 AM

Hi loki125,

Thanks for your feedback. Just a bunch of empty folders.
This means no harm but just to make sure, we will be doing a full system investigation.

Please download Farbar Recovery Scan Tool (x64) (https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save it to your Desktop.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please attach log back here using the "Attachments and other options > Attach" feature.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
  

Regards.