Solved How do I remove PUP.Optional.Legacy threat?

September 19, 2018 at 05:27:04
Specs: Windows 7, Intel Core i3-4350/3.60GHz
I was being a bad boy and went to an unprotected torrent website. Lo and behold, something downloaded in the background and now I'm stuck with this browser hijacking virus! I've tried a number of things to no effect. I booted in safe mode and ran the following:

adwcleaner
Malwarebytes
Microsoft Security Essentials

I then did a System Restore to an earlier date. Once rebooted in normal mode, I ran the programs above again along with JRT (Junkware Removal Tool) which removed a fair number of entries.

Every time I boot up now, I run adwcleaner which detects nothing at first, then as soon as I launch Google Chrome browser, it picks up the PUP.Optional.Legacy threat. It's marked under "Chrome Search Provider: Ask" which I believe forces you to search through a 3rd party toolbar which could lead to undesirable search results.

How do I remove this threat...? It keeps coming back.


See More: How do I remove PUP.Optional.Legacy threat?

Reply ↓  Report •

✔ Best Answer
September 20, 2018 at 08:46:23
An admin login allows you full access to all files/folders and thus to delete whatever...

Useful (even wise...) to have non-admin account for your general use; and an admin account to allow updates, clean ups (pest removal etc.) when required.

Also there are those who suggest you disable system restore when serious pest removing; and if possible even do such removals in safe mode...

So try an admin login and run pest removal routines again; and then see if you can delete quarantined items afterwards - if needs-be?

And as earlier, create/run a rescue disk (even two different versions, as often they cover different areas at any given time; although in the end they all do much the same).

And there is Trend Housecall - a free online scanner which is safe to use.

http://tinyurl.com/bu92fxj

And there is also this:

https://malwaretips.com/blogs/remov...

message edited by trvlr



#1
September 19, 2018 at 07:41:20
Johnw amongst several others here well versed in pest removal will likely come across this post; and suggest a few deeper cleaning routines (to be safe).

Meanwhile...

Download and burn to a DVD the ISO for a kaspersky or any other similar rescue disk

Boot the system with that DVD; and allow it to go online and update its virus/pest definitions. Then scan the whole hard drive.

These rescue disks are Linux based; load into RAM only - unless you tell it otherwise. Once booted up the desktop will be a GUI style. The hard drive will now be a simple resource for the Linux booted system; and thus it can be fully scanned. Often pests hide within system files and cannot be eradicated whilst the windows OS is active; hence the above routine.

This link is to a source of most of the usual such disks

http://tinyurl.com/ycxnanhm


Reply ↓  Report •

#2
September 19, 2018 at 07:42:43
I suggest you replace MSE. There are plenty of other freebies that are much better. AVAST, AVG, or my favorite, BitDefender Free Edition: https://www.bitdefender.com/solutio...

You should also install CCleaner-Slim & use it regularly: https://www.ccleaner.com/ccleaner/b...

If the above don't solve your problem, you'll have to manually remove ASK. See if it's listed in the Uninstall section in CCleaner > Tools. If it's not listed, have a look at this: https://www.wikihow.com/Remove-the-...

And finally, there's always "HiJackThis": http://sourceforge.net/projects/hjt/


Reply ↓  Report •

#3
September 19, 2018 at 08:50:27
Thanks for the suggestions and advice so far! I'm at work currently but will attempt these things when I get home.

I have heard of CCleaner and HiJackThis before. I'll look into BitDefender if it's truly considered to be better than MSE.

message edited by Greensky


Reply ↓  Report •

Related Solutions

#4
September 19, 2018 at 17:24:04
So I ran a full scan of my main drive with BitDefender and I got rid of some threats on the list but I cannot disinfect, delete or quarantine 12 items. All listed under AdwCleaner > CinemaPlus.

Status of these items is "blocked". Does that mean I have them listed as an exception by default?


Reply ↓  Report •

#5
September 20, 2018 at 00:27:29
How did you run bitdefender? Was it from within windows, or via a rescue disk?

Are you booting into windows as as an administrator, or as a non-admin user?


Reply ↓  Report •

#6
September 20, 2018 at 08:17:05
Just normal windows. Non admin.

I'm going to attempt to burn a rescue disk tonight. I need to find my old blank DVD's. So I'll just try running it then!


Reply ↓  Report •

#7
September 20, 2018 at 08:46:23
✔ Best Answer
An admin login allows you full access to all files/folders and thus to delete whatever...

Useful (even wise...) to have non-admin account for your general use; and an admin account to allow updates, clean ups (pest removal etc.) when required.

Also there are those who suggest you disable system restore when serious pest removing; and if possible even do such removals in safe mode...

So try an admin login and run pest removal routines again; and then see if you can delete quarantined items afterwards - if needs-be?

And as earlier, create/run a rescue disk (even two different versions, as often they cover different areas at any given time; although in the end they all do much the same).

And there is Trend Housecall - a free online scanner which is safe to use.

http://tinyurl.com/bu92fxj

And there is also this:

https://malwaretips.com/blogs/remov...

message edited by trvlr


Reply ↓  Report •

#8
September 20, 2018 at 15:43:46
So I logged in under Administrator account, ran adwcleaner and it detected the Ask toolbar. I selected clean and repair option, it asked me to do a clean restart to finish removal as usual, I did, logged into Admin again, the threat was deleted. I did the test - Opened up Google Chrome browser to re-initiate the "Chrome Search Provider: Ask" threat. This time, it did NOT re-appear! I did a scan with Bitdefender, located 10 threats and this time was able to quarantine them all! Awesome! Opened the browser again, surfed a bit, ran adwcleaner again, still 0 threats detected!

Logged out, logged back in to regular account, ran adwcleaner, "Chrome Search Provider: Ask" threat detected. *sigh*.

I'm looking for a blank DVD now and will try a rescue disk...

UPDATE: No DVD's to be found... I recently renovated my top floor and moved everything out of the rooms. Think I lost them in the process somehow. Guess I'll order some! Update you guys in a few days! If anyone has any further suggestions, I'll continue to monitor this thread!

UPDATE 2: Running a scan with housecall yielded 0 threats result. I'll look through that malwaretips guide link and try programs like HitmanPro.

SOLVED: I noticed that 2 of my Chrome extensions were not working. When I went to the extensions page in Chrome, it said that both Adblock Plus and LastPass extensions may have been corrupt. I deleted them and reinstalled both. Also, as advised at the end of that malwaretips link: I restored Chrome browser settings. I've done numerous scans with adwcleaner since the last clean restart and no threats detected any more!

message edited by Greensky


Reply ↓  Report •

Ask Question