Outbyte DRIVER UPDATER popup virus.

Hello.

Either you delete the notifications in the relevant internet browser or see this page.

If you can't do it, follow these steps.

Download FRST once downloaded save it on the desktop then right-click on FRST and choose Run as administrator you will see this:

Click on Scan

Attention, wait for the messages saying that the scan is finished to appear.

At the end of the scan you will have two text files on the desktop FRST and Addition.

Then send the FRST and ADDITION reports to PJJOINT  then provide the two links generated by PJJOINT in your response.

bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated.

Hello

I just did the manip and here are the two links:

https://pjjoint.malekal.com/files.php?read=20230521_e11b14b13t5h6

https://pjjoint.malekal.com/files.php?id=20230521_s12s14x7n15u15

Best regards

EJB

Excuse me, here is the code:

https://pjjoint.malekal.com/files.php?id=FRST_20230521_s12m14d5f7e5

Best regards.

EJB

Procedure to follow in the order indicated:

1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script in the box below:

  Start:: CreateRestorePoint: CloseProcesses: CHR Notifications: Default -> hxxps://bestdealfor29.life FF Homepage: Mozilla\Firefox\Profiles\4wehuzif.default-1492630894706 -> hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_20&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByCtBzy0A0FtAyEtDyCtD0FyCyEzz0CtN0D0Tzu0StCzyyCyDtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0C0CtDtA0FzzyEtGtByD0DtDtGyEzz0DzztGyEyEyBtDtG0AtB0C0EyBzzzy0D0E0AtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0BzzyC0D0FyEtGyE0C0F0BtGyEyB0C0CtGzyzytA0EtGtB0CtAzztC0E0D0FyC0BtCtB2QtN0A0LzutB%26cr%3D566361938%26a%3Dwbf_ir_17_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M5AC0F431-925F-4113-899A-74F59FC6B890&SearchSource=55&CUI=&UM=6&UP=SPA24C49B6-5B32-4FEC-8C59-2DE968FE6DA2&SSPV= CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332182&octid=EB_ORIGINAL_CTID&ISID=M5AC0F431-925F-4113-899A-74F59FC6B890&SearchSource=55&CUI=&UM=6&UP=SPA24C49B6-5B32-4FEC-8C59-2DE968FE6DA2&SSPV=","hxxp://search.conduit.com/?ctid=CT3324416&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF20A57ED-58D0-419F-98D0-B5283A4964E6&SSPV=","hxxp://www.sweet-page.com/?type=hp&ts=1403282929&from=cor&uid=ST2000DM001-9YN164_W1E19T2TXXXXW1E19T2T","hxxp://www.only-search.com/?babsrc=HP_ss&mntrId=5E91ECA86B2F7F7D&affID=129280&tt=020914_onst&tsp=5373","hxxp://start.iminent.com/?appId=72AA8EDD-7C01-4310-AEE1-CFA13A5632E8","hxxp://istart.webssearches.com/?type=hp&ts=1416926832&from=slbnew&uid=ST2000DM001-9YN164_W1E19T2TXXXXW1E19T2T","hxxp://www.mystartsearch.com/?type=hp&ts=1420194864&from=bdo&uid=ST2000DM001-9YN164_W1E19T2TXXXXW1E19T2T","hxxp://www.mystartsearch.com/?type=hppp&ts=1420194905&from=bdo&uid=ST2000DM001-9YN164_W1E19T2TXXXXW1E19T2T","hxxp://homepage-web.com/?s=lenovo&m=start","hxxps://fr.search.yahoo.com/?type=715483&fr=yo-yhp-ch","hxxps://encrypted.google.com" CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] CHR HKU\S-1-5-21-1039383033-3952283656-2308961138-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] CHR HKU\S-1-5-21-1039383033-3952283656-2308961138-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] CHR HKU\S-1-5-21-1039383033-3952283656-2308961138-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1039383033-3952283656-2308961138-1002\...\Run: [] => [X] Task: {07558F76-9666-4E6F-AD5C-867BC54E5AD6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No file Task: {13A956DF-6F82-4A6C-924F-7CB4F334C842} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No file Task: {2AE47845-F828-45DD-A960-82445D078784} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No file Task: {2D23B428-CF00-4BAD-80AA-1316FA9497DD} - \Microsoft\Windows\UNP\RunCampaignManager -> No file Task: {3D14A245-76CF-41CE-BB60-3BED96B5CE25} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No file Task: {56E9FDCF-810B-4A97-8EB5-AA9C38BAB2C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No file Task: {593703D4-4761-49D1-A19D-39728156ADFE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No file Task: {5F441257-C9E6-4C67-8AE0-3AAE6C61368B} - \TweakBit\Internet Optimizer\Start Internet Optimizer оn logon -> No file Task: {6C558333-35BA-4394-B933-53934FF14C34} - \WPD\SqmUpload_S-1-5-21-1039383033-3952283656-2308961138-1002 -> No file Task: {6CE3C14B-39AE-4A41-804B-75B0089D7916} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No file Task: {7DC44A20-45EF-476D-B5DC-C8099493E9E3} - \TweakBit\Internet Optimizer\Time for deal -> No file Task: {936BF83F-0B84-4BC2-8A32-6402C00AE6B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No file Task: {A5D01FD9-2FC4-4CD4-9D11-789EF2938DB3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No file Task: {B98B6643-B875-4868-9C24-E8D7DE6F54C9} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe (No file) Task: {D668D662-65C8-4EC5-8E71-8087EDF7B9D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (No file) Task: {D82AEAA0-3135-4FB0-9677-A72837A98BD9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No file <==== ATTENTION Task: {DAE3FCAB-6B0F-4BF4-A056-18992E454CDA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No file Task: {DFD49C6A-D415-4E3D-A500-A25C86E5F031} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (No file) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction HKLM\SOFTWARE\Policies\Google: Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: (Restriction - Zones) R3 WinRing0_1_2_0; C:\Users\Ernestjean\AppData\Local\Temp\tmp5415.tmp [14544 2023-05-16] (Noriyuki MIYAZAKI -> OpenLibSys.org) Shortcut: C:\Users\Ernestjean\Desktop\Dossier Photos Vidéos\FileHistory\Ernestjean\LENOVO-PCBUREAU\Data\C\Users\Ernestjean\Documents\F1Gp (2016_01_18 10_49_11 UTC).lnk -> C:\ProgramF1\F1Gp.bat (No file) Shortcut: C:\Users\Ernestjean\Desktop\Dossier Photos Vidéos\FileHistory\Ernestjean\LENOVO-PCBUREAU\Data\C\Users\Ernestjean\Desktop\F1 GP (2016_01_18 10_49_11 UTC).lnk -> C:\ProgramF1\F1Gp.bat (No file) SearchScopes: HKU\S-1-5-21-1039383033-3952283656-2308961138-1002 -> {144DAD02-D8A3-4CD4-8F41-96BE5F50C75D} URL = SearchScopes: HKLM -> DefaultScope {144DAD02-D8A3-4CD4-8F41-96BE5F50C75D} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByCtBzy0A0FtAyEtDyCtD0FyCyEzz0CtN0D0Tzu0StCzyyCyDtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0C0CtDtA0FzzyEtGtByD0DtDtGyEzz0DzztGyEyEyBtDtG0AtB0C0EyBzzzy0D0E0AtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0BzzyC0D0FyEtGyE0C0F0BtGyEyB0C0CtGzyzytA0EtGtB0CtAzztC0E0D0FyC0BtCtB2QtN0A0LzutB%26cr%3D566361938%26a%3Dwbf_ir_17_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {00D7672B-7EF7-11E5-8266-7429AF340610} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_22_orgnl&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyByEtBzy0A0FtAyEtDyCtCtDyCyEzz0CtN0D0Tzu0StCyCtCtBtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtBtBtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0Ezy0FyD0E0EtAtGtAtAyEzytG0DyCtBtCtGtB0C0DyCtGyDtBtCzyyEtAyDyDtDtBzztC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0BzzyC0D0FyEtGyE0C0F0BtGyEyB0C0CtGzyzytA0EtGtB0CtAzztC0E0D0FyC0BtCtB2QtN0A0LzutB%26cr%3D1734019796%26a%3Dhdr_s_16_22_orgnl%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {144DAD02-D8A3-4CD4-8F41-96BE5F50C75D} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByCtBzy0A0FtAyEtDyCtD0FyCyEzz0CtN0D0Tzu0StCzyyCyDtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0C0CtDtA0FzzyEtGtByD0DtDtGyEzz0DzztGyEyEyBtDtG0AtB0C0EyBzzzy0D0E0AtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0BzzyC0D0FyEtGyE0C0F0BtGyEyB0C0CtGzyzytA0EtGtB0CtAzztC0E0D0FyC0BtCtB2QtN0A0LzutB%26cr%3D566361938%26a%3Dwbf_ir_17_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {144DAD02-D8A3-4CD4-8F41-96BE5F50C75D} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_20&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByCtBzy0A0FtAyEtDyCtD0FyCyEzz0CtN0D0Tzu0StCzyyCyDtN1L2XzutAtFtBzytFtAtFyByDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0C0CtDtA0FzzyEtGtByD0DtDtGyEzz0DzztGyEyEyBtDtG0AtB0C0EyBzzzy0D0E0AtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0BzzyC0D0FyEtGyE0C0F0BtGyEyB0C0CtGzyzytA0EtGtB0CtAzztC0E0D0FyC0BtCtB2QtN0A0LzutB%26cr%3D566361938%26a%3Dwbf_ir_17_20%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByEtBzy0A0FtAyEtDyCtCtDyCyEzz0CtN0D0Tzu0StCyDzytDtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0B0B0A0C0CtD0CtGyE0B0EtBtG0CtAyEzytGyB0FtDtAtGtC0ByDyCtByB0EtDyCyE0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyE0BzzyC0D0FyEtGyE0C0F0BtGyEyB0C0CtGzyzytA0EtGtB0CtAzztC0E0D0FyC0BtCtB2QtN0A0LzutB%26cr%3D1062453672%26a%3Dwbf_fs_16_19%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-1039383033-3952283656-2308961138-1002 -> {00D7672B-7EF7-11E5-8266-7429AF340610} URL = SearchScopes: HKU\S-1-5-21-1039383033-3952283656-2308961138-1002 -> {144DAD02-D8A3-4CD4-8F41-96BE5F50C75D} URL = SearchScopes: HKU\S-1-5-21-1039383033-3952283656-2308961138-1002 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://secure.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms} SearchScopes: HKU\S-1-5-21-1039383033-3952283656-2308961138-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=715483&p={searchTerms} EmptyTemp: End::

3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.

Let the fix complete and once it is done, you will be prompted to restart your PC, do so as soon as you are prompted, see below.

Then once your computer has restarted:
4- You will have a Fixlog file on your desktop; then send this fixlog report to PJJOINT and then provide the generated link from PJJOINT in your response.

5- CHECK AND LET ME KNOW IF YOUR PROBLEM IS STILL PRESENT

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you is always appreciated.

Here is the answer:

https://pjjoint.malekal.com/files.php?id=20230521_n12u5z5i12s12

The fixlog is OK, is your problem still present?

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.

Good evening.

I'm sorry to make you do all this research.

Thank you in advance for everything you're doing, I would never have found such an approach.

Thanks again.

Good evening

Unfortunately yes, a window has just opened again.

Thank you for trying and for spending all this time.

I will try to take a picture of it and send it.

Thanks again and have a good evening.

Sincerely, EJB

Make this new correction.

Procedure to follow in the order indicated:

1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script in the box below:

  Start:: CreateRestorePoint: CloseProcesses: Task: {14F1095C-9FBC-4AE5-BD82-3757144830C3} - System32\Tasks\Outbyte\Driver Updater\HackersAlert => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {1B1B195D-70C9-4CAF-BEE3-E8722ED3CA5A} - System32\Tasks\Outbyte\Driver Updater\DriverFlaws => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {314F35CA-83B1-4538-B91A-77C7BBD4FB2A} - System32\Tasks\Outbyte\Driver Updater\NvidiaFlaws => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {489403FE-0E68-4222-8BCE-05D40096E7ED} - System32\Tasks\Outbyte\Driver Updater\OutdatedDrivers => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {6F0C1FE7-FCD5-4E98-B244-B5CC5E7FF8E9} - System32\Tasks\Outbyte\Driver Updater\CauseErrors => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {C9785224-6FA2-4DBB-ABB8-8182C9DE16A3} - System32\Tasks\Outbyte\Driver Updater\Send update results => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {D1B7BC3B-64A9-4A52-8F02-22395C53DBCB} - System32\Tasks\Outbyte\Driver Updater\AttackersAlert => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {DBAE86EF-0258-46F4-8618-8651EEEF75D7} - System32\Tasks\Outbyte\Driver Updater\PoorPerformance => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) Task: {EF9E25E4-60F3-4BD8-A0AD-0A24F1A48ED8} - System32\Tasks\Outbyte\Driver Updater\Time for deal => C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe [6577416 2022-11-15] (Outbyte Computing Pty Ltd -> Outbyte) C:\Program Files (x86)\Outbyte EmptyTemp: End::

3- Once the script is copied, click Fix, FRST will automatically take the script from the clipboard.

Let the correction process complete; once it’s done, you will be asked to restart your PC. Do it as soon as you are prompted to, see below.

Then once your computer has restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to PJJOINT and provide the link generated by PJJOINT in your response.

5- CHECK AND LET ME KNOW IF YOUR PROBLEM STILL EXISTS

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.

Hello

Thank you for your perseverance.

Here is the result: https://pjjoint.malekal.com/files.php?id=20230522_c613f5i6p10

For now, no new window.

Thanks again.

Best regards.

EJB

The fixlog is OK.

Uninstall FRST, rename the FRST file you downloaded to uninstall, then once the file is renamed, open it; the uninstallation will be done automatically via a reboot of the PC.

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.

Hello again

Thank you so much for your intervention.

The FRST program has been successfully uninstalled following your instructions and no windows have reappeared.

Well done and thank you again

EJB