PUP.Optional.Softomate detected , but not fixed

[corbintheone]

Hello,

As my computer is very slow (Windows 10 updated), I made previously :

• analysis and fixing by Malwarebytes
• complete analysis by Kaspersky antivirus
• analysis and cleaning by ZHP Cleaner

This last one (though I followed the indications about navigators) is always detecting PUP.Optional.Softomate, but not fixing it.

That's why I "HijackedThis" and read it, but without detecting (understanding...!) anything ...

CollectionLog-2018.11.05-12.27.zip

[dragokas]

Hi,
thank you for the log.
If you need assistance:

• Read carefully: How to make a request for help in the PC cure section

• Attach 'Collection-[Date].zip' log created by AutoLogger

• Describe your problem in details.

---

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

[Sandor-Helper]

Hello, @corbintheone,

Please attach log to your message rather than insert its contents into message.
We're waiting for your CollectionLog.

[corbintheone]

Sorry, I did read ... but not carefully enough !

I hope the modifications in my first post are ok.

[dragokas]

Hi, @corbintheone.

Did you close the case by mistake?

[Sandor-Helper]

Did you close the case by mistake?

If so then open it again and do following:
Via Control Panel - Programs - uninstall unwanted program:

Driver Booster 5

Next: Download AdwCleaner (by Malwarebytes) and save it to Desktop.
Run (it should be run by right-clicking as Administrator), press "Scan" and wait.
At the end of the scan log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit).
Attach it to your next post here.

[corbintheone]

@dragokas
yes, it was a mistake, but I do not remember which one !? (much bad luck in this thread !)

@Sandor-Helper
I did it and I got
AdwCleaner[S00].txt

[Sandor-Helper]

Run again AdwCleaner (by Malwarebytes) (it should be run by right-clicking as Administrator).
Go to Settings and switch on:

Reset IE policies
Reset Chrome policies

Go to Dashboard, press Scan now and after scan ends press Clean & Repair.
System should be restarted.
After restart log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where x is any digit).
Attach it to your next post here.

[corbintheone]

Nothing has been found.
It seems to be ok ?
AdwCleaner[C01].txt

(and I understand why I did the mistake of closing the thread : bad habit of forums where the button "close and comment" is different !)

[Sandor-Helper]

Ok, lets do more investigation:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

[corbintheone]

done
Addition_06-11-2018 11.00.17.txt
FRST_06-11-2018 11.00.17.txt

[Sandor-Helper]

Temporarily turn off any antivirus.
Highlight following code:

Start::
CreateRestorePoint:
Task: {1D7EE6F2-2740-44AE-9481-69333B2FF5C2} - System32\Tasks\Driver Booster SkipUAC (Dominique) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {1DA017C7-55D0-49A9-8B6B-D86D89FA7C9B} - System32\Tasks\Driver Booster SkipUAC (Didier) => C:\Program Files\IObit\Driver Booster\5.4.0\DriverBooster.exe
Task: {3F39EE8F-2C1A-434D-97B6-8035E30D7857} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> Pas de fichier <==== ATTENTION
Task: {C5CDB7C9-A188-4BAE-A171-23D63350B29F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> Pas de fichier <==== ATTENTION
Task: {E04798FA-1CFC-441F-A8BC-AE895E8A0A58} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> Pas de fichier <==== ATTENTION
FirewallRules: [{2547BDA3-C4EC-4DD5-950C-C73B749D381D}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{5B07B6F1-0EAC-40F1-A980-4660BED5B067}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

[corbintheone]

Here it is
Fixlog_06-11-2018 12.07.43.txt

What should I do with my USB keys ?
(Kaspersky antivirus analyses them)

[Sandor-Helper]

Kaspersky antivirus analyses them

What does it mean, please explain?
And what kind of problems are still bothering? Does subject mentioned appears only in ZHP log?

[corbintheone]

No, nothing, I only wanted everything to be safe.

[corbintheone]

It seems to be ok ?
Do I close the thread ?

[Sandor-Helper]

That's right, everything is clear now. Before closing please do several final steps:
1.

• Please double click on adwcleaner.exe to run the tool.
• Go to Settings tab and scroll down to Remove AdwCleaner.
• Press Remove button.

2. Remove FRST.

3. Update safe files.

4. Check vulnerabilities:
   Run script in AVZ while Internet is connected:

var
LogPath : string;
ScriptPath : string;

begin
 LogPath := GetAVZDirectory + 'log\avz_log.txt';
 if FileExists(LogPath) Then DeleteFile(LogPath);
 ScriptPath := GetAVZDirectory +'ScanVuln.txt';

  if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
    if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
       ShowMessage('It is impossible to download AVZ script for finding vulnerability!');
       exit;
      end;
  end;
 if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.

After script ends and if it find vulnerabilities file avz_log.txt will be open in the Notepad and there'll be download links in it.
First of all it depends to browsers, Java, Adobe Acrobat/Reader and Adobe Flash Player.
You should download and install needful programs if they exist in avz_log.txt

Reboot your PC.
Run script again to ensure that all vulnerabilities gone.

[corbintheone]

I did 1, 2, 3;
4 - AVZ gave me an address with install_flash_player, I used it, and now, after rebooting, and rerunning the script, i get
"Frequently used critical vulnerabilities not found."

[Sandor-Helper]

Great!
Take care and good luck.

[corbintheone]

So, I think it's time to thank you very much, and maybe, ask you if there is some tutorial to understand and learn all this manipulations ... and avoid to take your time next time !

[Sandor-Helper]

Yes, we do have such instructions but in Russian. We'll try to translate it in English and give it to you (or maybe at the top of this forum).