15 posts in this topic

Posted

So every morning for the past few days or so I keep getting a warning for pup.optional.qvo6.a in the stored preferences of Chrome pointing to my user account data folders in Windows 8.1

 

Each time I've quarantined it and even tried the Junkware Removal Tool yesterday (which completely removed HotSpot Shield VPN!) and it comes back every day.

 

Searching online shows that it is a browser hijacking tool which could set my homepage and search differently etc, and there's a couple of examples on how to remove it. Unfortunately the MalwareBytes option no longer allows you to "remove" from the results of the scan since I have a newer version, the default option is actually "ignore once" or Quarantine. But as I say, despite doing this it is back every morning.

 

Does anyone else have this or know what it could be? 

Share this post


Link to post
Share on other sites

Posted

here is the manual process

 

 

 

1. How to stop PUP.Optional.Qvo6.A processes:

 

1. Click the Start menu, select Run.
2. Type taskmgr.exe into the the Run command box, and click

4 people like this

Share this post


Link to post
Share on other sites

Posted

Cheers, will do this in a bit and post results (after rebooting etc) (Y)

 

Edit: But what is it, and why has it just recently started showing up?

Share this post


Link to post
Share on other sites

Posted

Maybe something helpful here:

 

The PUP.Optional.OptChrome.A threat is classified as PUP a Potentially Unwanted Program by MalwareBytes Anti-Malware because it inflicts and acts as a malicious threat into your computer system. PUP.Optional.OptChrome.A is not a virus but it does act like one. PUP.Optional.OptChrome.A is adware which is bundled using custom installers and dropped on your computer during the installation process. Most users have no idea how this PUP.Optional.OptChrome.A threat is installed on there computer and what it is, until MalwareBytes Anti-Malware detects it as a malicious threat or virus.

 

http://www.fixyourbrowser.com/removal-instructions/remove-pup-optional-optchrome-virus/

2 people like this

Share this post


Link to post
Share on other sites

Posted

Yeah I saw that, and looked through my installed programs and couldn't find anything.

Share this post


Link to post
Share on other sites

Posted

Yeah I saw that, and looked through my installed programs and couldn't find anything.

 

Sort by date and look at the most recent?

Share this post


Link to post
Share on other sites

Posted

I downloaded and installed AdwCleaner v3.211.

 

https://toolslib.net/downloads/finish/1/get/pHCO/

 

Automatically finds and fixes PUP problems and gives you a report.

 

I find this to be useful.

Share this post


Link to post
Share on other sites

Posted

Most recents are:

 

post-2-0-30482300-1401097365.png :s

Share this post


Link to post
Share on other sites

Posted

I had this before too and couldn't get if off, even after using malwarebytes, super anti-spyware, Adaware, and Spybot S&D. I ended up reformatting since it was my kids computer :p. I will be interested to see how you get this one off your system, Steve!

1 person likes this

Share this post


Link to post
Share on other sites

Posted

I will have to do some more research into this, because although MalwareBytes and AdwCleaner cleans/removes it, after reboot the moment Chrome is started it is back again :/ So weird because I don't have any new/weird extensions either that could cause this :/

 

Haggis, not seeing any PUP programs either so the manual method isn't too helpful (without knowing which program is supposedly installed).

Share this post


Link to post
Share on other sites

Posted

Steve, what extensions do you have installed in Chrome?

Not on Windows, but I've seen extensions "piggy pack" other extensions in the past on OS X - they took over the flash player plugin.

Also - just did some digging - do you have this registry entry? HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Otherwise, if you post a Hijackthis log, we'd be able to look into it in more detail :).

Share this post


Link to post
Share on other sites

Posted

^ AdwCleaner found and removed that sort of reg entry for Google/Chrome.

And I don't even have Chrome installed on my laptop. :ermm:

Share this post


Link to post
Share on other sites

Posted

Try this directory c:\users(username)\appdata\Local\Google\Chrome\User Data\Default\Extensions

 

For fun rename that extensions folder to something else and restart chrome

Share this post


Link to post
Share on other sites

Posted

Try trojan remover. It can or should remove trojans / nasties. But I'm pretty sure it can remove pups as well. Its only a trial but if you get it update it then click on scan. Then reset everything under one of the menus. See if that fixes it

 

If it does find anything it should give you the option to remove / rename it. from the hdd or the registry

 

I would also use something like ccleaner to remove the temp files etc

Share this post


Link to post
Share on other sites

Posted

Re-image

 

I always re-image when in doubt. My systems and have critical data backed to another drive and on my skydrive. I would advise the same as you never know what these trojans could have done to your system. They could have replaced .dll files with rootkit versions and even removing the trojan won't restore the default .dlls. Many also put in backdoors which put in more things in the background doing lord knows what in addition to the piece of software removed.

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.