Windows 10: Overrun by PUP's

Just for information purposes SAS DOES a lot more than just remove tracking cookies, maybe you should read up more about SAS. Here is clip from their site.

Advanced Detection and Removal

• Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

Just so you know...*Smile

 

I am VERY grateful to you all for some very comprehensive information (and interesting).

I will be away for a short period, but will send a MBAM log etc as soon as I can. I did install and use SuperAntispyware - which throw up literally hundreds of cookies etc.

I am (intuitively) convinced that somehow google is at the centre of this - and very interested in the comment made by posters re - extensions (all the google extensions are disabled as far as I know), but I need some guidance on what to do to overcome the google sync suggestion.
I dont understand this matter of synchronisation at all, so your patience and guidance on what to do would be appreciated.

My thanks again to you all.

 

Yes, thanks.
I've run SAS Free as a backup, second-opinion scanner for many years.
I am quite familiar with its capabilities.
I was merely pointing out the major DIFFERENCE between MBAM and SAS.
SAS targets non-malware tracking cookies, while MBAM does not.

Thanks for the tip and sorry for the confusion.
Cheers,
MM

 

That sounds good.
Since you are seeing the same long list of PUPs on all your systems, that points to a possible Google sync issue (or you might simply have the same wonky Chrome extensions installed on all of them).
The AdwCleaner log would seem to support that deduction, as @simrick and others have mentioned.
So, you may need to clean out your Google sync data and/or uninstall/reinstall Chrome.

And, yes, Mindspark can be a real PITB to remove fully.
It may require some specialized, customized scans/scripts, guided by a trained malware expert.

Cheers,
MM

 

Somebody posted that MBAM does not remove Pups. I've been using it for years, and it detects and removes Pups that my AV didn't find.

 

Hi there

Only try this on a VM and then get rid of it after your test. If this software gets on to a REAL machine it can cause no end of endless aggro. I absolve myself from any responsability if you test this type of stuff on a REAL machine !!!!!. On a VM it's safe to test as you can always delete the entire VM from HDD - even better if your VM is on an external HDD..

Try and see if BUBBLE DOCK can get blocked by the current MBAM offerings -- Bubble dock is old now so it might well be in the database of nasty PUPS but it was one that I remember a while back and the only way I could get rid of it on another persons computer was to completely wipe the HDD and re-install Windows. All the "Removal" type software and cleansing agents didn't work.

Removal / cleansing software reported machine as "cleansed" but it wasn't !!!!!

IMO an AFTER the fact scan is really no good - you need to stop this stuff from getting on to your machine in the first place.

This sort of stuff doesn't usually work BTW for these types of programs.

Bubble Dock Ads - how to remove?

Most "Well written" (Sic?) PUPS follow standard Windows Protocols so a quick scan is unlikely to distinguish them from a legitimate Windows executable. That's why if you use something like MBAM you need to update it almost daily with new definitions or it becomes fairly useless.

A better way would be to have a program that intercepts all calls to Internet services - especially calls to web browsers and then you'd also need another data base of "bad web sites" - also would need to be updated regularly. Not a trivial thing to do so no MBAM program will ever be 100% effective --and that's the truth. The effectiveness of the MBAM software will depend on the accuracy if its databases and the "skill" of the PUP writer in ensuring the PUP looks and behaves as near as possible to a standard windows executable. !!

Cheers
jimbo

 

If you sync Chrome across computers, you'll need to clear that info out:
Quick Tip: How To Delete Your Google Chrome Browser Sync Data

.

 

Progress so far
after a good few attempts with SuperantiSpyware/Malwarebytes, it would seem that the endless list of PUP's has very much lessoned - sometimes none are shown at all.
I did push reset sync on one of my PC's, and now the massive list of cookies (found in superantispyware list) containing the ref to google chrome have all but disappeared.
A scan with superantispyware now shows a multitude of cookies from edge (although I rarely use edge) - so I have changed the search engine to google.

Will see how this goes, and report back.

 

Good news! Did you reset *ALL* your browsers? (even the ones you don't use, but are installed on the system?)

 

Firstly, as my PC's are all on the same homegroup, I assumed that re-syncing one (in google) would do the three. (Am I right or wrong on this??)
I can say that when one was re sync'd - I had to resign in on all three.
The other browsers are edge which are 'switched off' any way. I will however go to the windows 7 PC and make sure that IE is 're sync'd.
Thanks for all your help everyone and patience.
Cheers

 

If I'm not mistaken, syncing and resetting are different. Resetting will remove all modifications to the browser and make it like a fresh/default installation. When syncing browsers that have not been reset, one could re-infect the rest.

And, even though you don't use some (like Edge), they still exist on the system, and need to be reset, because when you get malware in the system, it targets every browser it finds, whether used or not. So, better safe than sorry. I would reset every browser: Edge, IE, Chrome, Firefox, Opera, etc. - every one that resides on all the systems.

EDIT: Edge *AND* Internet Explorer (iexplore.exe) both reside in Windows 10.

 

Thanks simrick
I take your point and note the subtle differences in re-sync and reset.

I shall now have to find out how to 'reset' each browser and act accordingly.

 

From my post #10
Now that ADWCleaner has been run, my recommendation would be to completely reset Chrome, Edge, and all other existing browsers on the system, removing all extensions, and then be very careful which ones you reintroduce to the browser(s).

You may also want to install Unchecky.

From my post #20
If you sync Chrome across computers, you'll need to clear that info out:
Quick Tip: How To Delete Your Google Chrome Browser Sync Data

Good luck, and do ask if you have any questions! *Smile

 

This is where some element of confusion lies (Difference between reset and re sync) At the bottom of google dashboard this is what I see, and have done.

Reset sync to clear your data from the server and remove your passphrase. This will not clear data from your devices. Sign back in to Chrome to start syncing.

Apologies for being a bit thick on these matters, and the constant need for info/guidance.

 

No apologies - the Sync Data includes your tabs, bookmarks, favorite pages, etc., while resetting each browser on each system, removes changes to the browser setup configuration, add-ons, etc. I don't sync, myself, and there may be some redundancy here, but both things need to be done. And all browsers need to be reset, (whether you use them or not), because they will have been potentially hit by the infections/malware/hijackers.