Vosteran detected by Malwarebytes but it doesn't remove it.

Solved
mme prob.ordi -  
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   -
Hello,

Windows 8.1 / Firefox 34.05

Vosteran detected probably due to my partner's inattention... during an update? He is not a pro and doesn't remember which update... Now using an admin password to avoid this...

I ran ZHP Cleaner + cleanup and CC Cleaner okay + Avast antivirus okay + Malwarebytes still detects 3 optional PUPs Vosteran (HKLM/SOFTWARE) 2 types of registry keys and 1 type of registry value. It quarantines them, then I delete them and restart. New Malwarebytes scan and they reappear... What should I do?
I reset Firefox.
At my level, I don't see it anywhere: not in the search bar, nor any modification of the search engine...

Thank you in advance for any help you can provide.

10 answers

  1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Follow this FRST tutorial: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
    This will generate three FRST reports:
    * FRST.txt
    * Shortcut.txt
    * Additional.txt

    As explained, upload these three reports to the pjjoint site and provide the three pjjoint links for these reports so that they can be consulted.

    --
    Like the angel you are, you laugh creating a lightness in my chest,
    Your eyes they penetrate me,
    (Your answer's always 'maybe')
    That's when I got up and left
    2
  2. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Hello,

    You have installed adware and potentially unwanted programs on your PC that open advertisements and slow down the computer and web browsers.
    Here’s the procedure to follow to remove them:

    Start with this:

    Follow the AdwCleaner tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= (by Xplode)
    Download it to your desktop or download folder.
    Run AdwCleaner, click on [Scan].
    The analysis may take several minutes, please be patient.
    Once the scan is complete, do not uncheck anything, click on [Clean]

    Once the cleaning is complete, a report will open. Copy/paste the content of the report into your next reply by copy/paste.
    If that doesn't work, use the website http://pjjoint.malekal.com to host the report, provide the link to the report in a new message.

    Note: The report is also saved under C:\AdwCleaner[S1].txt

    --
    Like the angel you are, you laugh creating a lightness in my chest,
    Your eyes they penetrate me,
    (Your answer's always 'maybe')
    That's when I got up and left
    1
  3. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    There is no more malice.

    Do not pay attention to the ZHPDiag alerts.

    --
    Comme l'ange que tu es, tu ris en créant une légèreté dans ma poitrine,
    Tes yeux me pénètrent,
    (Ta réponse est toujours 'peut-être')
    C'est à ce moment-là que je me suis levé et suis parti.
    1
  4. mme prob.ordi
     
    Thank you for the quick response

    ADWcleaner:
    http://cjoint.com/?3Akqsd0QX8j

    Malwarebytes report
    http://www.cjoint.com/data3/3AkqmsnYdeQ_rapport_malwarebytes.txt
    0
  5. mme prob.ordi
     
    Alright, I'll do that and come back with the links.
    0
  6. mme prob.ordi
     
    Here are the 3 reports:

    useless links due to error so removed...
    0
    1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
       
      The reports are to be submitted on pjjoint for analysis.
      0
  7. Pierrot
     
    Bonjour, vosteram must always be in the registry, I am on 7, but I think 8.1 is the same. Press Windows+r and you should have the small window
    run in the window, type regedit and hit enter, and it will give you the registry editor panel. At the top, left-click on edit, left-click on search
    , check everything, and in the window write vosteran, then click on find next. Delete all the string and DWORD values it offers and delete them. At some point, it will tell you it can't find anything anymore, uncheck whole word only, and restart the search. CAUTION, YOU ARE WORKING ON THE REGISTRY, the slightest mistake and you could mess everything up, so make sure you see vosteran in what it offers you.
    0
    1. mme prob.ordi
       
      I saw a lot of things but there are only 2 where the word vosteran appears: name: hp_url type rez-sz and data http://vosteran.com/?f=1&a=vst-99fv-14-47-...
      and name tlbrSrch url type rez-sz data http://vosteran.com/?f=3&azvst-99fx-14-47-ie&c...

      I'm afraid to touch anything...
      0
  8. mme prob.ordi
     
    Sorry ''/

    FRST
    link removed

    I can't put them in direct link... Beginner...

    Shortcut
    link removed

    Additional
    link removed

    I hope I did it right this time...
    0
  9. mme prob.ordi
     
    Okay, so I won't risk anything.
    I can just let them "hang around" on my computer, right? Ignoring the warnings from Malwarebytes as long as it's the same three troublemakers if I've really understood everything correctly.
    That reassures me and A BIG THANK YOU for everything!!!!!!!!
    0
  10. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    :)

    There you go, it's done, you can delete the programs used.

    Some advice:

    Install Malwarebyte's Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    Run regular scans with it, it is effective.
    (unless you are on a netbook)

    To prevent malicious sites, you can install Blockulicious: https://forum.malekal.com/viewtopic.php?t=46656&start=

    So you won't get caught again.
    Read - Potentially Unwanted Programs / PUPs: https://www.malekal.com/adwares-pup-protection/

    --
    Like the angel you are, you laugh creating a lightness in my chest,
    Your eyes they penetrate me,
    (Your answer's always 'maybe')
    That's when I got up and left
    0