Touchpad is a mess, cursor jumping all over when selecting text
Reference thread is above.
Malware bytes can remove it, but then it keeps coming back. Sometimes in a few minutes.
i just disabled chrome sync can that cause this?
Malware bytes only detects it on heuristic analysis.
Please download and save FRST 64bit or FRST 32 bit to your Desktop.
Download Farbar Recovery Scan Tool
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
I deleted the pasted text.
here is the frst.txt file
- - - Updated - - -
This laptop only reinfects if google sync is on, so maybe one of the other pc are infected.
- - - Updated - - -
and windows defender is useless, as it lets it get infected.? Or is it AVG letting it get infected? I think I will delete avg.
I uninstalled AVG, and turned Defender back on. I scanned one of my synced PC and it comes back clean with Malware Bytes. That leaves 2 more PC to scan.
Conduit and Spigot are PUPs (potentially unwanted programs) rather than viruses. Defender does not by default detect or block PUPs (or PUAs as MS call them) except in Enterprise environments. However, PUA protection can be enable in all versions including Home.
Enable or Disable Windows Defender PUA Protection in Windows 10
Here's Spigot being blocked by Defender....
Please post the contents of Addition.txt as well. It will be located at C:\Users\sdown\Downloads\Addition.txthere is the frst.txt file
ok, I will o those things.
I scanned all 3 of my other computers. The other win10 synced one was infected with the same 3 malwares, plus one more. The win7 computer was not infected, and neither was my wife's win10 pc. So the 2 synced to my accounts had similar infections, and apparently google sync syncs malware. It did on mine.
I just turned sync back on for my PC and will see what happens, with sync off no infections.
- - - Updated - - -
Thanks, I tried powershell but it did not turn it on? I opened with admin, and pasted the command.Conduit and Spigot are PUPs (potentially unwanted programs) rather than viruses. Defender does not by default detect or block PUPs (or PUAs as MS call them) except in Enterprise environments. However, PUA protection can be enable in all versions including Home.
Enable or Disable Windows Defender PUA Protection in Windows 10
Here's Spigot being blocked by Defender....
I used group policy editor to check, and it was disabled, so I was able to enable it following the instructions, set it to BLOCK.
- - - Updated - - -
Unfortunately all 3 malwares are back within minutes after turning Google sync back on.
They are in google chrome user data. HOW to get rid of them from Chrome?
- - - Updated - - -
I am trying something else, I deleted that hidden folder called profile1 where this malware keeps appearing, was almost a gigabyte of stuff in it. Reopened Chrome and said claim it as my own, as it was like new. So I signed in and system is clean, now I have turned sync back on. Of course I lost all my history supposedly...
I really dont know what to do except I can no longer use Chrome maybe.
Personally, I don't recommend the use of driver updater programs as they have the potential to do more harm than good. See here for more information.AVG Driver Updater
---------------------------------------------------
Follow the instructions here to reset Chrome Sync.
---------------------------------------------------
The following FRST fix will remove a few Registry "orphans" and scan a file at VirusTotal.
Farbar Recovery Scan Tool - Fix
- Press the Windows key + R.
- Type notepad in the Run box and press Enter.
- A blank text file will open in Notepad.
- Copy and paste the contents of the below code box into Notepad:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemCode:start CreateRestorePoint: EmptyTemp: CloseProcesses: ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File FirewallRules: [{E6CFFC66-95BA-4276-AEA5-A20417A9B27F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{A83EF50C-A359-4714-904F-591CD07D39AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File VirusTotal: C:\Program Files (x86)\Gaming Mouse driver\Hid.exe end
- Save the file as fixlist.txt in the same location as FRST.exe / FRST64.exe Note: fixlist.txt must be saved in the same location as FRST or the fix will not work.
- Right-click FRST.exe/FRST64.exe and select Run as Administrator.
- When the tool opens, click Fix.
- A log titled Fixlog.txt will be saved to the same location as FRST.
- Please copy and paste its contents into your reply.
---------------------------------------------------
Once you have reset Chrome Sync and run the FRST fix, let us know if the issue persists.
well history is back after turning sync back on, and also all 3 pup malwares are back again, even after deleting that folder.
Seems like with Google, nothing ever goes away!
I clear the malware, turn on goggle sync, and google syncs the malware back onto the PC.
That malware must be in my account in the cloud...
What is google sync really doing, is it storing all my history, setting, files, malware, in an account for me, so that when I turn sync on it compares my PC with a cloud image and updates missing files back on to this PC??
OR is it comparing my other synced account pc and samsung s8 note phone, and sort of making them all the same??
- - - Updated - - -
How to clear corrupt Google Chrome sync data - TechRepublic
May have found out how to clear corrupted server data in my sync, will update later as I have to do some things.
There are a lot of errors from AVG so it may not be working remove it and download the AVG removel tool from AVG which cleans it up one of its files is being block so it's either infected or corrupted
I ran the tool and it claims to have cleared system of AVG, I still have the AVG browser though!
I unsynced both PC's that are involved with this malware, cleared the malware off both pc with malware bytes, I then cleared the google sync server data, waited 10 minutes and just now turned sync back on.
AND malware is gone with sync on.
I hope it stays away.
Quote
