wpad.dat repeating error

Hey team! Registered for this but add me to the list of folks affected by the “http://wpad.browserupdatecheck.in/wpad.dat” issue. Tried a handful of the typical stuff; Dealz extension folder, registry keys) scanning with various software. No luck :frowning:

URL: http://wpad.browserupdatecheck.in/wpad.dat
Infection: URL:Mal
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (also shows up as svchost.exe)

Pop ups generate based directly on my browser activity. Logs attached. Thank you!

You are running CIS, Bitdefender and Avast that is two antivirus programmes too many

Two will need to go

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: FF Extension: Firefox Security Update - C:\Users\RainDess\AppData\Roaming\Mozilla\Firefox\Profiles\4rua21gr.default\Extensions\jid1-sXWNoXABeFqKYg@jetpack.xpi [2015-05-20] FF Extension: Firefox Security Update - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-sXWNoXABeFqKYg@jetpack.xpi [2015-05-20] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-180321420-2486698249-2416898684-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: [S-1-5-21-180321420-2486698249-2416898684-1004] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-21-180321420-2486698249-2416898684-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing CHR Extension: (EverSave) - C:\Users\RainDess\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hpjocjloojeicikiokfiekcdpojgfefc [2015-06-03] CHR Extension: (Dealz) - C:\Users\RainDess\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\manaobgbdfpjjjnheogfghmjbikhjnlf [2015-06-24] Task: {FC23F489-31EF-4CF1-891F-FF9FC9183906} - System32\Tasks\EssentialUpdateMachine => chp.exe <==== ATTENTION RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Run FRST and in the search box copy/paste the following :

browserupdatecheck.in

Press search registry and then attach the search log generated

Cheers for your help Essex!

Pop-ups are still around :frowning:

Attached are my logs as requested. Bitdefender and CIS have since been removed are were only installed to see if they were catching the same errors as Avast.

Thanks!

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f Reg: reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f EmptyTemp:

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

No dice :(. Pop ups continue after reboot.

Log attached.

OK lets expand the search

Start FRST and copy/paste the following into the search box
Click search registry and attach the resultant log

browserupdatecheck.in;wpad.dat

Results attached!

I thought the last search was a little light

Right click this link and select save target as… https://dl.dropboxusercontent.com/u/73555776/tcpip.reg
Save TCPIP.reg to your desktop
Double click the reg file and allow it to merge accepting the warnings

Reboot and let me know that the alerts are history :slight_smile:

They totally are! Thank you so much for all your help Essex!

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme :wink:

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

Will do. I’ll keep an eye out and let you know if anything else unwanted pops up. :slight_smile: