Jump to content

Recommended Posts

Posted

I have been getting this pop-up notification (see image) show up several times with-in every 15min time frame ever since I updated my Windows 10 with the most recent update last week. Has any one else been having this issue? How do I fix it?

Thanks,

Adrian

image.png

  • Administrators
Posted

The server still serves Win32/Adware.Agent.NTH. We strongly recommend that the owner removes it so that the url can be removed from blacklist.

Posted

Do I go into safe mode and move the file to a different location or simply delete it?

  • Administrators
Posted

Are you getting this notification without opening the url in question in a browser? Check the filtered websites log for more information about what application was attempting to access it.

Posted (edited)

Per the Kaspersky forum, appears the following installed programs might be the source:

Quote

So I ran malware bytes and it picked up some programs that have been on my pc for awhile, PCCleaner and Driver Talent, and it removed them.

This fixed the issue for me and everything appears to be working normally.

Hope this helps.

https://forum.kaspersky.com/index.php?/topic/400905-constant-malicious-link-blocked-alert-website-diskcleandrcom-serviceplugzip/

Check if either of those programs are installed. If so, uninstall them via Win Programs uninstall feature,

Edited by itman
Posted

I did have the Driver talent installed, and uninstalled it. But I'm still getting a notification, but its a little different this time. 

image.png

  • Administrators
Posted

Please run a full disk scan. If adware is found and cleaned, reboot the machine and run another scan to make sure it's no longer detected. Should the detection continue, please gather logs with ELC and provide me with the generated archive.

Posted (edited)
2 hours ago, AMP said:

I did have the Driver talent installed, and uninstalled it. But I'm still getting a notification, but its a little different this time. 

Looks like the bugger installed a service to run itself. Uninstallers are notorious for not stopping related services so they can be properly uninstalled. Also appears this software uses a kernel mode driver; that is what the service is for.

Did you reboot after uninstalling Driver Talent? Hopefully, the uninstaller also removed associated service registry entry in which case you shouldn't be seeing anymore Eset adware alerts.

Edited by itman
Posted

I did reboot after uninstalling, still didn't work. I also ran the full disk scan and it came up with nothing. I will be sending you the logs shortly.

  • 2 weeks later...
Posted

I'm still having this issue. Any suggestions to resolving it?

Posted
On ‎9‎/‎21‎/‎2018 at 1:40 PM, Marcos said:

Should the detection continue, please gather logs with ELC and provide me with the generated archive.

Did you do this as previously requested? If so, did @Marcos respond to you with a solution?

Posted

Yes, I sent him my logs, but he did not provide me with a solution.

Posted (edited)

@Marcos, I am attaching a FARBAR fix list for Driver Talent residuals I found over at the Malwarebytes forum malware assistance section. Based on what is shown in the fix list, appears Driver Talent is running its garbage-ware via Win task scheduler. This would explain the Eset alert showing svchost.exe as the source.

Ref.: https://forums.malwarebytes.com/topic/217846-pupoptionaldrivethelife/

 

fixlist.txt

Edited by itman
Posted

The attachment you provided is no longer available. Do I just download the one listed in the malwarebytes forum?

Posted
25 minutes ago, AMP said:

The attachment you provided is no longer available. Do I just download the one listed in the malwarebytes forum?

No problem with it on my end?

Anyway, remember this was a FARBAR fix customized for that individual requestor and his PC. Also some of the fixes might not be related to Driver Talent; the malware support forums will include fixes for other issues that might exist.

Assuming you still have Driver Talent uninstalled, what you can do is check if any of the following directories still exist on your PC. If they do, you can delete them. I can't guarantee this will fix the Eset alerts however.

  • C:\ProgramData\DriverTalent
  • C:\Users\xxxxxx\AppData\Roaming\DriverTalent 
Posted

I did manage to delete the DriverTalent file in my roaming folder, but that did not fix the issue. The link for the FARBAR fix says I don't have permission to access it.

Posted (edited)
17 hours ago, AMP said:

The link for the FARBAR fix says I don't have permission to access it.

I forgot that they changed the forum and now only mods. have access to attachments.

The only thing I can tell you at this point is that you need to find the service that is the source of the Eset alert. Unfortunately Eset doesn't display it; only the source, svchost.exe. Nor is the PID displayed or logged associated with the svchost.exe instance. You can also search the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and see if the driver, or anything else, associated with Driver Talent is still installed. If so, those will all have to be manually uninstalled.

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...