logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

AdwCleaner & PUP.optional Legacy Virus: Removal & Prevention Tips after PC Reset

Grzechu126 4446 15
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
Reply | New topic
  • #1 16694142
    Grzechu126
    Level 5  
    Hello, when I scan the pc with the adwcleaner program, he finds me this virus, the problem is that after removing and resetting the computer the virus still appears. I am asking for help in getting rid of this virus.
  • ADVERTISEMENT
  • #2 16694150
    Kolobos
    IT specialist
    It's not a virus.

    Post the log with adwc and the required logs from FRST in the attachment.
  • ADVERTISEMENT
  • #3 16694171
    Grzechu126
    Level 5  
    Please, here they are.
    Attachments:
    • AdwCleaner[S13].txt (2.23 KB) You must be logged in to download this attachment.
    • FRST.txt (49.59 KB) You must be logged in to download this attachment.
  • #4 16694187
    Kolobos
    IT specialist
    Still addition.txt.

    You have reset your sync in Chrome as you have given it -> https://support.google.com/chrome/answer/3097271?

    If after doing and using adwc you still don't delete it, delete the entire chrome profile directory. Save bookmarks beforehand.

    Fixlist.txt for FRST:
    HKU \ S-1-5-21-2895471607-1423486506-844269107-1000 \ ... \ MountPoints2: H - H: \ SETUP.EXE
    HKU \ S-1-5-21-2895471607-1423486506-844269107-1000 \ ... \ MountPoints2: {10559e18-c2be-11e6-9be9-d8cb8abed04e} - F: \ HTC_Sync_Manager_PC.exe
    HKU \ S-1-5-21-2895471607-1423486506-844269107-1000 \ ... \ MountPoints2: {12f7f3d6-f8fe-11e6-b389-d8cb8abed04e} - H: \ SETUP.EXE
    HKU \ S-1-5-21-2895471607-1423486506-844269107-1000 \ ... \ MountPoints2: {712600c9-a696-11e6-8c63-806e6f6e6963} - E: \ _ AUTORUN \ AUTORUN.EXE
    HKU \ S-1-5-21-2895471607-1423486506-844269107-1000 \ ... \ MountPoints2: {beb6cba7-ca94-11e6-b162-d8cb8abed04e} - G: \ SETUP.EXE
    CHR StartupUrls: Default -> "", "hxxp: //www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_installation"
    CHR HKLM-x32 \ ... \ Chrome \ Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps: //clients2.google.com/service/update2/crx
    S3 MSICDSetup; \ ?? \ E: \ CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \ ?? \ E: \ NTIOLib_X64.sys [X]
    S3 VGPU; System32 \ drivers \ rdvgkmd.sys [X]
    2017-09-11 20:59 - 2016-11-11 01:10 - 000000000 ____D C: \ AdwCleaner
    EmptyTemp:
  • ADVERTISEMENT
  • #5 16694194
    Grzechu126
    Level 5  
    I already paste sry, and as for Google, I do not see any error message about synchro.
    Attachments:
    • Addition_11-09-2017 21.13.35.txt (48.99 KB) You must be logged in to download this attachment.
  • #6 16694198
    Kolobos
    IT specialist
    Change Adobe Reader 9 to the latest AR.
  • ADVERTISEMENT
  • #7 16694209
    Grzechu126
    Level 5  
    I have already downloaded but did it help?
  • #9 16694225
    Grzechu126
    Level 5  
    ok, i already did that, something else?
  • #10 16694231
    Kolobos
    IT specialist
    If it's ok, just delete the C: \ FRST directory and that's it.
  • #11 16694237
    Grzechu126
    Level 5  
    but it still shows me so I don't know if it's a virus or not?
  • #13 16694279
    Grzechu126
    Level 5  
    I've already reset the synchronization and what about the folder to remove all its contents?

    Added after 20 [minutes]:

    I deleted this folder, started the chrome, reset everything but still nothing worked.
  • #14 16694396
    krzychupar
    Level 43  
    Post new logs from FRST.
  • #15 16694481
    Grzechu126
    Level 5  
    The problem itself disappeared when I reinstalled chroma and installed windows updates, so it wasn't a virus.
  • #16 16694620
    Kolobos
    IT specialist
    I wrote to you at the beginning that it was not a virus. This is just a changed default search engine.
Reply | New topic
Report a violation of the law

Topic summary

✨ The discussion revolves around the persistent detection of a PUP.optional Legacy issue by AdwCleaner, even after the user has attempted removal and reset their PC. Initial responses clarify that the detected item is not a virus but rather a changed default search engine or browser setting. Users are advised to reset Chrome synchronization, delete the Chrome profile directory, and ensure all bookmarks are backed up. The problem was ultimately resolved by reinstalling Chrome and applying Windows updates, confirming that it was not a virus but a configuration issue.
Generated by the language model.

FAQ

TL;DR: In this thread, 100% of the issue was fixed by reinstalling Chrome and applying Windows updates; “it wasn’t a virus.” [Elektroda, Grzechu126, post #16694481]

Why it matters: If AdwCleaner flags PUP.Optional.Legacy after a reset, you likely have a browser setting hijack, not active malware—here’s how to fix it fast and keep it gone.

Quick-Facts

Quick Facts

Is PUP.Optional.Legacy a virus when AdwCleaner finds it?

In this case, no. The helper confirmed it was a changed default search engine, not malware. “It’s not a virus.” [Elektroda, Kolobos, post #16694620]

Why does it keep coming back after removing it with AdwCleaner?

If Chrome Sync isn’t reset, synced settings can restore the unwanted change. Reset Sync before cleaning to stop the loop. [Elektroda, Kolobos, post #16694219]

How do I reset Chrome Sync the right way?

Open the Chrome Sync reset page from your Google account, confirm the reset, then close Chrome on all devices. Reopen Chrome after cleanup. [Elektroda, Kolobos, post #16694219]

What is AdwCleaner?

AdwCleaner is a portable cleaner that removes adware, PUPs, and browser hijacks. It helped identify the PUP.Optional.Legacy entry here. [Elektroda, Grzechu126, post #16694142]

What is FRST and why use a Fixlist?

FRST (Farbar Recovery Scan Tool) scans and removes specific entries using a helper-made Fixlist to target stubborn traces safely. [Elektroda, Kolobos, post #16694187]

Where is the Chrome profile folder I may need to delete?

Path: C:\Users\\AppData\Local\Google\Chrome\User Data\Default. Back up bookmarks, then delete the folder. [Elektroda, Kolobos, post #16694265]

Can outdated software make cleanup harder?

Yes. The helper advised updating old Adobe Reader 9 to the latest version to reduce exposure and stabilize the system. [Elektroda, Kolobos, post #16694198]

Edge case: I reset Sync and deleted the folder, but it still returns—now what?

One user saw no change after those steps. Reinstall Chrome and apply pending Windows updates, then rescan. [Elektroda, Grzechu126, post #16694279]

How do I stop PUP.Optional.Legacy from returning? (3-step How-To)

  1. Reset Chrome Sync from your Google account.
  2. Delete …\User Data\Default and relaunch Chrome.
  3. Run AdwCleaner, then apply FRST Fixlist if advised. “Do EVERYTHING I gave.” [Elektroda, Kolobos, post #16694219]

What does a changed default search engine mean?

A browser setting switched your search provider without consent. It behaves like a hijack but isn’t an active virus payload. [Elektroda, Kolobos, post #16694620]

What are MountPoints2 entries seen in Fixlists?

They are registry entries for drive mount histories. Helpers often clear stale or suspicious ones during cleanup. [Elektroda, Kolobos, post #16694187]

Is there any success rate data from this thread?

Yes—1 out of 1 case was resolved after a Chrome reinstall plus Windows updates. That’s 100% in-thread success. [Elektroda, Grzechu126, post #16694481]
Generated by the language model.
ADVERTISEMENT