Author Topic: PUP.Gen1 "Search" folder C:\Program Files (x86)\Search\Data\Temp\usgthrsvc  (Read 104 times)

0 Members and 1 Guest are viewing this topic.

August 30, 2019, 11:42:38 am

loki125

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
After many months of this malware returning I just reset Windows with "Clean Start" and the adware is there again, in all its glory.

For me the path is C:\Program Files (x86)\Search

I check it manually every day and it is reapearing after I manualy delete it or after I scan with Rougekiller and adwcleaner.
I thought the "windows clean start" would fix it but it seems i have to format my discs to get rid of it :(

If someone could point me to an easier solution, I am forever grateful.

edit:To clarify the clean start does only reset Windows and all installed programs. My other drives were uneffected. Maybe the malware has nested on these drives, although it is always detected on C: ?

edit2: For the last several days I had trouble with windows updates where i couldnt update. I suspected the malware to be the cause. The update problem is fixed.

-----


Modus : Standard-Scan, Scannen -- Datum : 2019/08/30 11:09:40 (Dauer : 00:04:08)

いいいいいいいいいいいい Prozesse いいいいいいいいいいいい

いいいいいいいいいいいい Prozessmodule いいいいいいいいいいいい

いいいいいいいいいいいい Dienste いいいいいいいいいいいい

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts-Datei いいいいいいいいいいいい

いいいいいいいいいいいい Dateien いいいいいいいいいいいい
[PUP.Gen1 (Potenziell bsartig)] (folder) Search -- C:\Program Files (x86)\Search -> Gefunden

いいいいいいいいいいいい Webbrowser いいいいいいいいいいいい
« Last Edit: August 30, 2019, 11:49:17 am by loki125 »

Reply #1August 31, 2019, 02:13:03 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2315
  • Reputation:
    82
    • View Profile
Hi loki125,

Welcome to Adlice.com forum.
Could you please make an archive of the "Search" folder including all its content (files and subfolders) and attach it with your next reply ?

Regards.

Reply #2August 31, 2019, 02:57:57 am

loki125

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
here you go

Reply #3August 31, 2019, 04:11:17 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2315
  • Reputation:
    82
    • View Profile
Hi loki125,

Thanks for your feedback. Just a bunch of empty folders.
This means no harm but just to make sure, we will be doing a full system investigation.

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here using the "Attachments and other options > Attach" feature.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
Regards.