Jump to content

Down.diskcleandr.com/plugin


AMP
 Share

Recommended Posts

I have been getting this pop-up notification (see image) show up several times with-in every 15min time frame ever since I updated my Windows 10 with the most recent update last week. Has any one else been having this issue? How do I fix it?

Thanks,

Adrian

image.png

Link to comment
Share on other sites

  • Administrators

The server still serves Win32/Adware.Agent.NTH. We strongly recommend that the owner removes it so that the url can be removed from blacklist.

Link to comment
Share on other sites

  • Administrators

Are you getting this notification without opening the url in question in a browser? Check the filtered websites log for more information about what application was attempting to access it.

Link to comment
Share on other sites

Per the Kaspersky forum, appears the following installed programs might be the source:

Quote

So I ran malware bytes and it picked up some programs that have been on my pc for awhile, PCCleaner and Driver Talent, and it removed them.

This fixed the issue for me and everything appears to be working normally.

Hope this helps.

https://forum.kaspersky.com/index.php?/topic/400905-constant-malicious-link-blocked-alert-website-diskcleandrcom-serviceplugzip/

Check if either of those programs are installed. If so, uninstall them via Win Programs uninstall feature,

Edited by itman
Link to comment
Share on other sites

I did have the Driver talent installed, and uninstalled it. But I'm still getting a notification, but its a little different this time. 

image.png

Link to comment
Share on other sites

  • Administrators

Please run a full disk scan. If adware is found and cleaned, reboot the machine and run another scan to make sure it's no longer detected. Should the detection continue, please gather logs with ELC and provide me with the generated archive.

Link to comment
Share on other sites

2 hours ago, AMP said:

I did have the Driver talent installed, and uninstalled it. But I'm still getting a notification, but its a little different this time. 

Looks like the bugger installed a service to run itself. Uninstallers are notorious for not stopping related services so they can be properly uninstalled. Also appears this software uses a kernel mode driver; that is what the service is for.

Did you reboot after uninstalling Driver Talent? Hopefully, the uninstaller also removed associated service registry entry in which case you shouldn't be seeing anymore Eset adware alerts.

Edited by itman
Link to comment
Share on other sites

I did reboot after uninstalling, still didn't work. I also ran the full disk scan and it came up with nothing. I will be sending you the logs shortly.

Link to comment
Share on other sites

  • 2 weeks later...
On ‎9‎/‎21‎/‎2018 at 1:40 PM, Marcos said:

Should the detection continue, please gather logs with ELC and provide me with the generated archive.

Did you do this as previously requested? If so, did @Marcos respond to you with a solution?

Link to comment
Share on other sites

@Marcos, I am attaching a FARBAR fix list for Driver Talent residuals I found over at the Malwarebytes forum malware assistance section. Based on what is shown in the fix list, appears Driver Talent is running its garbage-ware via Win task scheduler. This would explain the Eset alert showing svchost.exe as the source.

Ref.: https://forums.malwarebytes.com/topic/217846-pupoptionaldrivethelife/

 

fixlist.txt

Edited by itman
Link to comment
Share on other sites

The attachment you provided is no longer available. Do I just download the one listed in the malwarebytes forum?

Link to comment
Share on other sites

25 minutes ago, AMP said:

The attachment you provided is no longer available. Do I just download the one listed in the malwarebytes forum?

No problem with it on my end?

Anyway, remember this was a FARBAR fix customized for that individual requestor and his PC. Also some of the fixes might not be related to Driver Talent; the malware support forums will include fixes for other issues that might exist.

Assuming you still have Driver Talent uninstalled, what you can do is check if any of the following directories still exist on your PC. If they do, you can delete them. I can't guarantee this will fix the Eset alerts however.

  • C:\ProgramData\DriverTalent
  • C:\Users\xxxxxx\AppData\Roaming\DriverTalent 
Link to comment
Share on other sites

I did manage to delete the DriverTalent file in my roaming folder, but that did not fix the issue. The link for the FARBAR fix says I don't have permission to access it.

Link to comment
Share on other sites

17 hours ago, AMP said:

The link for the FARBAR fix says I don't have permission to access it.

I forgot that they changed the forum and now only mods. have access to attachments.

The only thing I can tell you at this point is that you need to find the service that is the source of the Eset alert. Unfortunately Eset doesn't display it; only the source, svchost.exe. Nor is the PID displayed or logged associated with the svchost.exe instance. You can also search the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and see if the driver, or anything else, associated with Driver Talent is still installed. If so, those will all have to be manually uninstalled.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...