Avast WEBforum

Other => Viruses and worms => Topic started by: The Game2 on August 13, 2020, 06:50:51 PM

Title: PUP-riddled client after BitTorrent Install (with files)
Post by: The Game2 on August 13, 2020, 06:50:51 PM
Hello, dear Avast support.

After installing BitTorrent, I noticed a software named Quick Driver Update and a dubious install of Opera. There was nothing in the torrent, but in the actual client install itself, it's another story...

Malwarebytes found 39 threats concerning Quick Driver Updater. A vas mtajority are flagged as PUP.Optional.QuickDriverUpdater
(malwarebytes.txt file attached)

I ran an FRST scan (attached)

Then AdwCleaner (attached)

Currently runnning complete scan with Avast Free version. I don't remember what I need to do next, as it's been over 2 years since my last post. Hoping you are all doing well :)
Title: Re: PUP-riddled client after BitTorrent Install (with files)
Post by: magna86 on August 14, 2020, 06:21:58 PM
Hello mate,
It would seem that MBAM has targeted the PUP and the job is done. I see no active malware on your system. The script below shall tell FRST to remove some inactive leftovers....


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]
Start
CreateRestorePoint:
File: C:\WINDOWS\System32\mrt.exe
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-466357103-448057561-867641210-1001 -> DefaultScope {83E601E8-E392-4B2A-B661-7F74302A8C83} URL =
SearchScopes: HKU\S-1-5-21-466357103-448057561-867641210-1001 -> {83E601E8-E392-4B2A-B661-7F74302A8C83} URL =
BHO: Pas de nom -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> Pas de fichier
BHO-x32: Pas de nom -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> Pas de fichier
FF Homepage: Mozilla\Firefox\Profiles\l4d9jn6v.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT171003&iDate=2020-08-13 02:11:54&bName=&bitmask=0600
FF NewTab: Mozilla\Firefox\Profiles\l4d9jn6v.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=BT171003&iDate=2020-08-13 02:11:54&bName=&bitmask=0600
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
EmptyTemp:
End


2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.



Then it would be good thing to reset your browser Firefox and Chrome back to their default settings;
https://support.avast.com/en-us/article/Reset-browser/



Tell me, how is your computer running now?