Help removing Burst Search Chrome extension

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

danstelter

Thread Starter
Joined
Jan 21, 2013
Messages
33
So this Burst Search malware simply won't go away. I tried running Malwarebytes and BitDefender on it with no luck. Also tried Settings --> Clean Up Computer from Chrome and that didn't get it. And if I go to "Manage Extensions" and find the Burst Search extension, I can see it, but there's no way to remove it (see attached). Computer behaves fine, except when I search with Google a pop-up dialog comes up that asks me,"Are you sure you wanted to search this way?" and then it gives me an option to go to a website supported by Burst Search.
 

Attachments

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
602
Hi, danstelter.

I am DR M and I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. You have to reply to my posts within four days. If you need some additional time, just let me know. If I don't get any reply from you within these four days, the topic will be closed. You can send me a PM if you still want help, after this period of time.

2. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

3. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

4. Please, copy all the content of the required logs and paste it inside your post, unless directed otherwise.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

====================================================

Let's start now.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
602
Hello, danstelter.

Do you still need assistance?
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
602
Hi, danstelter.

Thank you for the logs.

I'm in the process of reviewing them. :)
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
602
Hi, Dan.

Is LastPass extension in Edge installed and working? The logs show an error with it. It's installed in Chrome. Check it in Edge, and if it has a problem we can remove it in another fix later.

Run an FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
FirewallRules: [{5328829D-E742-4578-951D-CDD1D4FA1965}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{3A2A340B-B068-4BDE-9EE5-F4BABE188783}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{B21F6D74-C22E-47F7-A8F2-25038022D959}] => (Allow) C:\Users\dan\AppData\Local\Temp\7zS3326\HP.EasyStart.exe => No File
Task: {9B708B01-3276-4A4A-865F-FB2F33ACD312} - System32\Tasks\SearchProTools2 => C:\Program Files (x86)\US Media Capital\SearchPro Tools\stoolsapp.exe
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
C:\ProgramData\Bitdefender
C:\Users\dan\Downloads\bitdefender_online.exe
C:\ProgramData\agent.1593868287.bdinstall.v2.bin
C:\ProgramData\Bitdefender Agent
C:\Users\dan\AppData\Roaming\MusiCalm_setup.exe
C:\Windows\system32\Tasks\SearchProTools2
C:\Users\dan\AppData\Roaming\MusiCalm_setup.exe
C:\Users\dan\AppData\Roaming\SearchProTools_Setup.exe
C:\Users\dan\AppData\Roaming\WebDiscovery_setup.exe
C:\Program Files\Common Files\McAfee
C:\Program Files (x86)\Common Files\Mcafee
C:\Program Files (x86)\US Media Capital
C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.50.1.0_neutral__qq0fmhteeht3j
C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js
C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
602
Hi, Dan.

1. Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) is unchecked.
Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

In your next reply, please make sure to post:
  1. The Fixlog.txt content
  2. The MBAM report
  3. AdwCleaner[S0*].txt
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
602
Hi, Dan.

1. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) is unchecked.
    Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

2. Run AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings under the titles Chromium and Chromium URSs are PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under "Preinstalled Software" is software that was apparently installed when the device was new, which you may or may not use. Feel free to keep or remove the "Preinstalled Software".

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine.
    Code:
    PUP.Optional.AmazonBrowserBar   Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
    PUP.Optional.Legacy             SwagButton - gngocbkfmikdgphklgmmehbjjlfgdemm
    PUP.Optional.Legacy             AVG Secure Search
    PUP.Optional.Legacy             AVG Secure Search
    PUP.Optional.Legacy             Web Search
    PUP.Optional.Legacy             searchenginejournal.com
    PUP.Optional.MySearch           AVG Secure Search
    PUP.Optional.MySearch           AVG Secure Search
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove. It is your PC so if you wish to keep them, feel free to do so. However, if you don't use them or are unsure, feel free to NOT select any of them.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start ADWCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply please post:
  1. The MBAM report
  2. AdwCleaner[S0*].txt

How is the computer running now?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top