logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Understanding and Removing PUP.Optional.Legacy and Chromium Search Provider

Pi00tr3k 28686 8
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
| New topic
  • #1 16598395
    Pi00tr3k
    Level 8  
    Hi everyone.
    A scan from AdwCleaner showed me two viruses. After expanding "PUP.Optional.Legacy", "Chrominum Search Provider" and "File" appear. Do you know what it is, where it came from and how to remove it? AdwCleaner cleans up, calls for a PC restart, and then sees these two results again.
    Thanks in advance for your help.

    Logs with FRST in the attachment.
    Attachments:
  • ADVERTISEMENT
  • #2 16598799
    Kolobos
    IT specialist
    Zamiesc log z ADWC z tymi PUP'ami.

    Wykonaj Fixlist.txt dla FRST:
    Task: {CDB9055B-9911-41A2-BB92-FE4BCAF9C414} - System32\Tasks\{2D3CF833-E602-4947-935C-32CB9293D5AD} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\R.G. Mechanics\L.A.Noire\DLCinstall.exe" -d "D:\Program Files (x86)\R.G. Mechanics\L.A.Noire"
    HKU\S-1-5-21-2525762015-2725681859-1576018476-1000\Software\Classes\regfile: regedit.exe "%1" [X]
    GroupPolicyScripts: Restriction
  • ADVERTISEMENT
  • #4 16598949
    Kolobos
    IT specialist
    Delete the file C: \ Windows \ System32 \ config \ systemprofile \ AppData \ Roaming \ Main.dat or follow Fixlist:
    C: \ Windows \ System32 \ config \ systemprofile \ AppData \ Roaming \ Main.dat

    Make a copy of the Chrome tabs, delete the profile directory from C: \ Users \ Pi00tr3k \ AppData \ Local \ Google \ Chrome \ User Data \ Default and delete the synchronization data:
    https://support.google.com/chrome/answer/6386691?hl=pl
  • #5 16598971
    Pi00tr3k
    Level 8  
    The problem is that in C: \ Windows \ System32 \ config \ systemprofile \ AppData \ Roaming \ you can not see any Main.dat at all. Prejudice the question - I have hidden files and folders shown.
  • ADVERTISEMENT
  • #6 16598975
    Kolobos
    IT specialist
    Have you also disable hiding protected files?

    Follow Fixlist, you will not have to search.
  • #7 16599016
    Pi00tr3k
    Level 8  
    In general, I have turned off, but yesterday I decided to check it out - no effect.
    Okay, at the moment one element has disappeared, the ADWC still sees "File" whose location is the one mentioned above. Namely, an invisible Main.dat file.
  • #8 16599028
    Kolobos
    IT specialist
    You have made Fixlist.txt from:
    C: \ Windows \ System32 \ config \ systemprofile \ AppData \ Roaming \ Main.dat
  • ADVERTISEMENT
  • #9 16599053
    Pi00tr3k
    Level 8  
    Okay, thank you so much for your help. If you did not enter it in the folder, you found it immediately using the search option. It was enough to remove it and even ADWC can not see anything.
| New topic
Report a violation of the law

Topic summary

The discussion revolves around the identification and removal of PUP.Optional.Legacy and Chromium Search Provider, flagged by AdwCleaner. The user reports persistent detection of these threats even after attempts to clean them, including a PC restart. Participants suggest various solutions, including sharing logs, executing a Fixlist.txt for FRST, and deleting specific files such as Main.dat located in the AppData directory. The user struggles to locate the Main.dat file despite having hidden files visible. Eventually, the user successfully finds and removes the file, leading to the resolution of the issue as AdwCleaner no longer detects any threats.
Summary generated by the language model.
ADVERTISEMENT