Remove PUADlManager:Win32/OfferCore using Windows Defender

Hello

We'll start with a PC diagnosis:

Read the entire procedure carefully before posting the reports
Do not post them directly in the messages as they are unreadable and incomplete

The reports FRST.txt and Addition.txt are expected

All reports must be hosted on https://textup.fr/ or on Cjoint and you will indicate the obtained links in your reply

---------------------------------------------------------------------------------------------

--> The SmartScreen filter may trigger an alert. Click on Actions or More Information, then on Run anyway

---------------------------------------------------------------------------------------------

--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop

--> For a 32-bit system
--> For a 64-bit system

How do I know which 32-bit or 64-bit version is running on my system?

--> Wait for your browser to offer the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> On Vista, Windows 7 / 8 and 10, you need to launch the file by right-clicking -> Run as administrator
--> Wait until it says The tool is ready to run
--> On the main menu, click on Analyze and wait for the analysis to complete
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next reply.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs

Thank you for considering my request.

Here is the link to the 2 reports:

https://textup.fr/779268os

Good luck

RE_

Nothing particular in the reports.

--> Copy what is here https://textup.fr/779284Ud from start:: to end:: (without pasting it anywhere)

--> Open FRST (or FRST64) as administrator and click on Fix
If FRST seems to freeze or not respond, let it run

--> The PC will ask to restart, accept it

--> A fixlog file is created in the same location as FRST, post it like the other reports

--> Run a scan with Windows Defender

--> Let me know if you still have the problem.

The problem still exists in Windows Defender...

Here is the link to the Fixlog file:

https://textup.fr/779288BQ

Thank you

RE_

Do you still have the detection when launching the WD analysis?

Are you connected in Chrome?

******

Clear the cache and see what that does:

=> In Chrome, in the address bar, copy/paste chrome://settings/clearBrowserData

=> In the window, select all the data and check Cached images and files

=> Click on Clear data

=> See what that does with WD

---

Yes, I was on Chrome and I just successfully completed the requested action regarding the cache as per your instructions.

However, a subsequent scan with WD still shows PUADlManager:Win32/OfferCore present...

RE_

My request concerns being synced on Chrome and not whether you were on Chrome at that moment. See => HERE <=

Can you take a screenshot of the detection? You can post it on https://fr.imgbb.com/ and provide the link in your response.

Yes, I am synced with Chrome and I have attached a photo regarding the synced settings as well.

Here are the requested photos

https://ibb.co/TP1LWsd
https://ibb.co/Bgvxtch
https://ibb.co/42m6Dm9

Thank you

In your "protection history" capture, can you click on weak to open the window and make a new capture?

Here by clicking on weak:

https://ibb.co/NtW7qyH

I tried the 3 options: block / quarantine and delete

thank you

The same info appears 3 times: https://ibb.co/smmD9hZ

RE_

Log out of Chrome:

1. On your computer, open Chrome.
2. In the top right, click on Profile Sync enabled.
3. Click on Disable

Then repeat the process => HERE <= and see what happens

I just completed the 2 requested actions and unfortunately the 3 messages still appear in WD... Sorry :)

Temporarily, I have remained in unsynchronized mode.

Re_

Did you follow up on a WD analysis?

Yes, and I still have the triple message in WD:

PUADlManager:Win32/OfferCore

RE_

We will try to delete them directly

--> Copy what is here https://textup.fr/779484rP from start:: to end:: (without pasting it anywhere)

--> Open FRST (or FRST64) as administrator and click on Fix
If FRST seems to freeze or not respond, let it run

--> The PC will ask to restart, accept it

--> A fixlog file will be created in the same location as FRST, post it like the other reports

--> Let me know if you still have the problem.

Operation completed

Restart

Problem still present in WD

Link to the report: https://textup.fr/779485Io

RE_

The files have indeed been deleted.

"C:\$Recycle.Bin\S-1-5-21-2456503335-566717015-390302106-1001\$RQP340R.exe" => not found
"C:\Users\gilbe\Desktop\LDPlayer9_ens_com.a7madapp.iegeesecuritycameraguide_3040_ld.exe" => not found
"C:\$Recycle.Bin\S-1-5-21-2456503335-566717015-390302106-1001\$RYBLC97.exe" => not found
"C:\Users\gilbe\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0011ac" => not found

Download DefenderUI and delete the WD history. (You can set it to French).

After restarting the PC, see what happens.

If you still have detections, try to locate the paths of the detected files.

After rebooting, there are no more messages in WD. It seems that the last operation with DefenderUI worked.

Is this the end of the operations?

Should I keep DefenderUI on my PC?

In any case, thank you for your help.

RE_

For DefenderUI, it's up to you; you can download it if needed.

If everything is still okay in two or three days, you can do this:

To automatically delete all files/folders created by FRST and the tool itself, rename FRST/FRST64.exe to uninstall.exe and run it.

This process requires a restart.

****

If it comes back, we'll see what we can do.

Noted, and I will keep an eye on it in the coming days.

Thank you very much for taking the time with me and thank you for your expertise in the matter.

I will send you a message in a few days on this conversation to keep you updated.

Thanks again.