FAQ
TL;DR: AdwCleaner flagged 10 threats; fix them via FRST + Malwarebytes—"Perform MBAM scan and delete anything it detects." Manually reset search engines to clear residues; replace browser profiles or, in extreme cases, format. [Elektroda, RADU23, post #17387140]
Why it matters: This FAQ helps Windows users remove PUP.Optional.Legacy/WebProtector that reappear after cleaning.
Quick Facts
- Case snapshot: AdwCleaner flagged 10 items labeled PUP.Optional.Legacy and PUP.Optional.WebProtector. [Elektroda, Lordo50PL, post #17387000]
- 3-step remediation used by helpers: run FRST fixlist, uninstall flagged PUPs, then reset browsers. [Elektroda, krzychupar, post #17387185]
- Residual hijackers seen: YesSearches and NiceSearches set as Chrome defaults (remove or reset). [Elektroda, Kolobos, post #17403326]
- Outcome snapshot: detections fell from 10 to 6 (40% reduction) after initial cleanup. [Elektroda, Lordo50PL, post #17387544]
- Edge case: full format restored speed and stability when infections were extensive. [Elektroda, Lordo50PL, post #17415095]
What are PUP.Optional.Legacy and PUP.Optional.WebProtector?
They are Malwarebytes/AdwCleaner detection names for potentially unwanted program remnants and browser hijacker settings. In this case, they were tied to altered search providers and extensions like YesSearches/NiceSearches. Removing them usually needs FRST fixes plus browser cleanup to reset search scopes and profiles. [Elektroda, Kolobos, post #17403326]
How do I remove PUP.Optional.Legacy/WebProtector step-by-step?
Use FRST with a tailored fixlist, then reboot.
- Save the provided lines as fixlist.txt next to FRST.exe.
- Run FRST and click Fix/Napraw, then restart.
- Uninstall listed PUPs and clean temp data; rescan with AdwCleaner.
This sequence was provided and refined by helpers in the thread. [Elektroda, krzychupar, post #17387185]
AdwCleaner still shows the same 10 threats after cleaning—why?
Persistent detections usually mean hijacked search settings or scheduled tasks still recreate entries. The count can remain exactly 10 until profiles or search scopes are reset or removed. This behavior was observed after a repair and restart. [Elektroda, Lordo50PL, post #17387059]
What should I do when detections persist after a fix?
Post the FRST logs again. A helper will adjust the script and ask you to rerun Fix. This iterative approach targets leftovers that initial scripts miss. It is normal to repeat until detections stop. [Elektroda, RADU23, post #17387063]
MBAM didn’t find anything—what else helps?
Reset browsers and remove hijacker search engines manually. If AdwCleaner still detects the search engine in Firefox, export bookmarks and delete the Firefox profile folder to rebuild clean settings. This clears embedded search and extension residues. [Elektroda, Kolobos, post #17403326]
Why do Chrome items appear when Chrome isn’t installed?
Leftover Chrome user data can remain on disk and still be scanned. Helpers removed the Chrome profile even though Chrome wasn’t present. Delete the Chrome User Data\Default folder after backing up needed data, then rescan. [Elektroda, Kolobos, post #17403326]
How do I manually remove unwanted search engines in Firefox?
Open Firefox Settings > Search. Set Google as default and remove unknown engines. Then run Help > More Troubleshooting Information > Refresh Firefox if needed. "Manually remove these search engines in Chrome and Firefox and change to google." [Elektroda, Kolobos, post #17387598]
Which apps should I uninstall to reduce PUP detections?
Remove McAfee WebAdvisor, McAfee True Key, McAfee Security Scan Plus, AlphaGo, and BikaQ Rss. Helpers also killed related services and add-ons in the fixlist. Uninstalling cuts auto-reinstalls and reduces scan hits. [Elektroda, krzychupar, post #17387185]
What is FRST and what does fixlist.txt do?
FRST is a diagnostic and repair tool. It applies scripted fixes from fixlist.txt. You paste the provided entries into Notepad, save as fixlist.txt next to FRST.exe, then click Fix to remove unwanted policies, tasks, and services. [Elektroda, RADU23, post #17387022]
Should I rerun FRST and resubmit logs after each fix?
Yes. Helpers requested reloading FRST and Addition logs after each run. They refine the script until detections stop appearing on subsequent scans. This iterative loop is expected. [Elektroda, RADU23, post #17387072]
AdwCleaner flags YesSearches/NiceSearches—how do I clear them?
Change the default search engine to Google and remove YesSearches/NiceSearches from settings. If detections persist, export bookmarks and delete the Firefox profile directory. Recreate the profile and rescan to confirm removal. [Elektroda, Kolobos, post #17403326]
Is it safe to ignore PUP.Optional.WebProtector detections?
No. Remove them. "Perform MBAM scan and delete anything it detects." Ignoring PUPs leaves hijacks active and can respawn entries after reboot. Clean detections and reset browsers. [Elektroda, RADU23, post #17387140]
After cleaning, detections dropped from 10 to 6—what next?
Finish by manually removing or resetting browser search engines. Helpers emphasized clearing Chrome and Firefox search entries to eliminate remaining flags. Rescan with AdwCleaner to confirm a clean state. [Elektroda, Kolobos, post #17387598]
When should I format Windows?
Format if infections are extensive and cleaning is uneconomical. One user chose a full format and reported faster performance and no further problems afterward. This is a last-resort but effective reset. [Elektroda, Lordo50PL, post #17415095]
How do I back up Firefox bookmarks before deleting the profile?
In Firefox, open Bookmarks > Manage Bookmarks > Import and Backup > Backup, and save the file. After deleting the profile directory as advised, restore bookmarks from that backup in the same menu. [Elektroda, Kolobos, post #17403326]
