Solved How do I remove PUP.Optional.Legacy threat?

September 19, 2018 at 05:27:04
Specs: Windows 7, Intel Core i3-4350/3.60GHz
I was being a bad boy and went to an unprotected torrent website. Lo and behold, something downloaded in the background and now I'm stuck with this browser hijacking virus! I've tried a number of things to no effect. I booted in safe mode and ran the following:

adwcleaner
Malwarebytes
Microsoft Security Essentials

I then did a System Restore to an earlier date. Once rebooted in normal mode, I ran the programs above again along with JRT (Junkware Removal Tool) which removed a fair number of entries.

Every time I boot up now, I run adwcleaner which detects nothing at first, then as soon as I launch Google Chrome browser, it picks up the PUP.Optional.Legacy threat. It's marked under "Chrome Search Provider: Ask" which I believe forces you to search through a 3rd party toolbar which could lead to undesirable search results.

How do I remove this threat...? It keeps coming back.


See More: How do I remove PUP.Optional.Legacy threat?

Report •

✔ Best Answer
September 20, 2018 at 08:46:23
An admin login allows you full access to all files/folders and thus to delete whatever...

Useful (even wise...) to have non-admin account for your general use; and an admin account to allow updates, clean ups (pest removal etc.) when required.

Also there are those who suggest you disable system restore when serious pest removing; and if possible even do such removals in safe mode...

So try an admin login and run pest removal routines again; and then see if you can delete quarantined items afterwards - if needs-be?

And as earlier, create/run a rescue disk (even two different versions, as often they cover different areas at any given time; although in the end they all do much the same).

And there is Trend Housecall - a free online scanner which is safe to use.

http://tinyurl.com/bu92fxj

And there is also this:

https://malwaretips.com/blogs/remov...

message edited by trvlr



#1
September 19, 2018 at 07:41:20
Johnw amongst several others here well versed in pest removal will likely come across this post; and suggest a few deeper cleaning routines (to be safe).

Meanwhile...

Download and burn to a DVD the ISO for a kaspersky or any other similar rescue disk

Boot the system with that DVD; and allow it to go online and update its virus/pest definitions. Then scan the whole hard drive.

These rescue disks are Linux based; load into RAM only - unless you tell it otherwise. Once booted up the desktop will be a GUI style. The hard drive will now be a simple resource for the Linux booted system; and thus it can be fully scanned. Often pests hide within system files and cannot be eradicated whilst the windows OS is active; hence the above routine.

This link is to a source of most of the usual such disks

http://tinyurl.com/ycxnanhm


Report •

#2
September 19, 2018 at 07:42:43
I suggest you replace MSE. There are plenty of other freebies that are much better. AVAST, AVG, or my favorite, BitDefender Free Edition: https://www.bitdefender.com/solutio...

You should also install CCleaner-Slim & use it regularly: https://www.ccleaner.com/ccleaner/b...

If the above don't solve your problem, you'll have to manually remove ASK. See if it's listed in the Uninstall section in CCleaner > Tools. If it's not listed, have a look at this: https://www.wikihow.com/Remove-the-...

And finally, there's always "HiJackThis": http://sourceforge.net/projects/hjt/


Report •

#3
September 19, 2018 at 08:50:27
Thanks for the suggestions and advice so far! I'm at work currently but will attempt these things when I get home.

I have heard of CCleaner and HiJackThis before. I'll look into BitDefender if it's truly considered to be better than MSE.

message edited by Greensky


Report •

Related Solutions

#4
September 19, 2018 at 17:24:04
So I ran a full scan of my main drive with BitDefender and I got rid of some threats on the list but I cannot disinfect, delete or quarantine 12 items. All listed under AdwCleaner > CinemaPlus.

Status of these items is "blocked". Does that mean I have them listed as an exception by default?


Report •

#5
September 20, 2018 at 00:27:29
How did you run bitdefender? Was it from within windows, or via a rescue disk?

Are you booting into windows as as an administrator, or as a non-admin user?


Report •

#6
September 20, 2018 at 08:17:05
Just normal windows. Non admin.

I'm going to attempt to burn a rescue disk tonight. I need to find my old blank DVD's. So I'll just try running it then!


Report •

#7
September 20, 2018 at 08:46:23
✔ Best Answer
An admin login allows you full access to all files/folders and thus to delete whatever...

Useful (even wise...) to have non-admin account for your general use; and an admin account to allow updates, clean ups (pest removal etc.) when required.

Also there are those who suggest you disable system restore when serious pest removing; and if possible even do such removals in safe mode...

So try an admin login and run pest removal routines again; and then see if you can delete quarantined items afterwards - if needs-be?

And as earlier, create/run a rescue disk (even two different versions, as often they cover different areas at any given time; although in the end they all do much the same).

And there is Trend Housecall - a free online scanner which is safe to use.

http://tinyurl.com/bu92fxj

And there is also this:

https://malwaretips.com/blogs/remov...

message edited by trvlr


Report •

#8
September 20, 2018 at 15:43:46
So I logged in under Administrator account, ran adwcleaner and it detected the Ask toolbar. I selected clean and repair option, it asked me to do a clean restart to finish removal as usual, I did, logged into Admin again, the threat was deleted. I did the test - Opened up Google Chrome browser to re-initiate the "Chrome Search Provider: Ask" threat. This time, it did NOT re-appear! I did a scan with Bitdefender, located 10 threats and this time was able to quarantine them all! Awesome! Opened the browser again, surfed a bit, ran adwcleaner again, still 0 threats detected!

Logged out, logged back in to regular account, ran adwcleaner, "Chrome Search Provider: Ask" threat detected. *sigh*.

I'm looking for a blank DVD now and will try a rescue disk...

UPDATE: No DVD's to be found... I recently renovated my top floor and moved everything out of the rooms. Think I lost them in the process somehow. Guess I'll order some! Update you guys in a few days! If anyone has any further suggestions, I'll continue to monitor this thread!

UPDATE 2: Running a scan with housecall yielded 0 threats result. I'll look through that malwaretips guide link and try programs like HitmanPro.

SOLVED: I noticed that 2 of my Chrome extensions were not working. When I went to the extensions page in Chrome, it said that both Adblock Plus and LastPass extensions may have been corrupt. I deleted them and reinstalled both. Also, as advised at the end of that malwaretips link: I restored Chrome browser settings. I've done numerous scans with adwcleaner since the last clean restart and no threats detected any more!

message edited by Greensky


Report •

#9
February 22, 2019 at 12:59:01
"SOLVED: I noticed that 2 of my Chrome extensions were not working. When I went to the extensions page in Chrome, it said that both Adblock Plus and LastPass extensions may have been corrupt"

Major Security Vulnerability Found in Top Password Managers for Windows 10
https://news.softpedia.com/news/maj...


Report •

Ask Question