AMP 0 Posted September 20, 2018 Posted September 20, 2018 I have been getting this pop-up notification (see image) show up several times with-in every 15min time frame ever since I updated my Windows 10 with the most recent update last week. Has any one else been having this issue? How do I fix it? Thanks, Adrian
Administrators Marcos 5,725 Posted September 21, 2018 Administrators Posted September 21, 2018 The server still serves Win32/Adware.Agent.NTH. We strongly recommend that the owner removes it so that the url can be removed from blacklist.
AMP 0 Posted September 21, 2018 Author Posted September 21, 2018 Do I go into safe mode and move the file to a different location or simply delete it?
Administrators Marcos 5,725 Posted September 21, 2018 Administrators Posted September 21, 2018 Are you getting this notification without opening the url in question in a browser? Check the filtered websites log for more information about what application was attempting to access it.
itman 1,920 Posted September 21, 2018 Posted September 21, 2018 (edited) Per the Kaspersky forum, appears the following installed programs might be the source: Quote So I ran malware bytes and it picked up some programs that have been on my pc for awhile, PCCleaner and Driver Talent, and it removed them. This fixed the issue for me and everything appears to be working normally. Hope this helps. https://forum.kaspersky.com/index.php?/topic/400905-constant-malicious-link-blocked-alert-website-diskcleandrcom-serviceplugzip/ Check if either of those programs are installed. If so, uninstall them via Win Programs uninstall feature, Edited September 21, 2018 by itman
AMP 0 Posted September 21, 2018 Author Posted September 21, 2018 I did have the Driver talent installed, and uninstalled it. But I'm still getting a notification, but its a little different this time.
Administrators Marcos 5,725 Posted September 21, 2018 Administrators Posted September 21, 2018 Please run a full disk scan. If adware is found and cleaned, reboot the machine and run another scan to make sure it's no longer detected. Should the detection continue, please gather logs with ELC and provide me with the generated archive.
itman 1,920 Posted September 21, 2018 Posted September 21, 2018 (edited) 2 hours ago, AMP said: I did have the Driver talent installed, and uninstalled it. But I'm still getting a notification, but its a little different this time. Looks like the bugger installed a service to run itself. Uninstallers are notorious for not stopping related services so they can be properly uninstalled. Also appears this software uses a kernel mode driver; that is what the service is for. Did you reboot after uninstalling Driver Talent? Hopefully, the uninstaller also removed associated service registry entry in which case you shouldn't be seeing anymore Eset adware alerts. Edited September 21, 2018 by itman
AMP 0 Posted September 21, 2018 Author Posted September 21, 2018 I did reboot after uninstalling, still didn't work. I also ran the full disk scan and it came up with nothing. I will be sending you the logs shortly.
AMP 0 Posted October 2, 2018 Author Posted October 2, 2018 I'm still having this issue. Any suggestions to resolving it?
itman 1,920 Posted October 2, 2018 Posted October 2, 2018 On 9/21/2018 at 1:40 PM, Marcos said: Should the detection continue, please gather logs with ELC and provide me with the generated archive. Did you do this as previously requested? If so, did @Marcos respond to you with a solution?
AMP 0 Posted October 2, 2018 Author Posted October 2, 2018 Yes, I sent him my logs, but he did not provide me with a solution.
itman 1,920 Posted October 3, 2018 Posted October 3, 2018 (edited) @Marcos, I am attaching a FARBAR fix list for Driver Talent residuals I found over at the Malwarebytes forum malware assistance section. Based on what is shown in the fix list, appears Driver Talent is running its garbage-ware via Win task scheduler. This would explain the Eset alert showing svchost.exe as the source. Ref.: https://forums.malwarebytes.com/topic/217846-pupoptionaldrivethelife/ fixlist.txt Edited October 3, 2018 by itman
AMP 0 Posted October 3, 2018 Author Posted October 3, 2018 The attachment you provided is no longer available. Do I just download the one listed in the malwarebytes forum?
itman 1,920 Posted October 3, 2018 Posted October 3, 2018 25 minutes ago, AMP said: The attachment you provided is no longer available. Do I just download the one listed in the malwarebytes forum? No problem with it on my end? Anyway, remember this was a FARBAR fix customized for that individual requestor and his PC. Also some of the fixes might not be related to Driver Talent; the malware support forums will include fixes for other issues that might exist. Assuming you still have Driver Talent uninstalled, what you can do is check if any of the following directories still exist on your PC. If they do, you can delete them. I can't guarantee this will fix the Eset alerts however. C:\ProgramData\DriverTalent C:\Users\xxxxxx\AppData\Roaming\DriverTalent
AMP 0 Posted October 3, 2018 Author Posted October 3, 2018 I did manage to delete the DriverTalent file in my roaming folder, but that did not fix the issue. The link for the FARBAR fix says I don't have permission to access it.
itman 1,920 Posted October 4, 2018 Posted October 4, 2018 (edited) 17 hours ago, AMP said: The link for the FARBAR fix says I don't have permission to access it. I forgot that they changed the forum and now only mods. have access to attachments. The only thing I can tell you at this point is that you need to find the service that is the source of the Eset alert. Unfortunately Eset doesn't display it; only the source, svchost.exe. Nor is the PID displayed or logged associated with the svchost.exe instance. You can also search the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and see if the driver, or anything else, associated with Driver Talent is still installed. If so, those will all have to be manually uninstalled. Edited October 4, 2018 by itman
Recommended Posts