Solved

How to remove Adware.PurityScan ??

Posted on 2007-11-29
7
1,197 Views
Last Modified: 2013-11-22
Hi,
I got a laptop (Dell Inspiron 6000), which came heavily infected with viruses. Everything has been cleaned up. I used Symantec AV (Enterprise version) with the latest signatures, Spybot and Adaware. I scanned the computer maybe 25 times, and all is gone, except the very stubborn 'Adware.Purityscan', which comes up every time after AV Scan. (to be exact, it shows as: 'Adware.Purityscan | Action - Cleaned | Count - 2 | Filename - regsvr32.exe).
I followed all the instructions I could find on the net, with checking the registry (nothing found there), and suspected files (nothing found).
I appreciate your advice.
Thank you!
0
Comment
Question by:Frossard
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 20374506
Well you can always go with www.superantispyware.com

the free scanner + malware remover should be able to remove that malware.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20374531
http://www.superantispyware.com/definition/purityscan/

PURITYSCAN.EXE Application/Process Description
Below is a description of PURITYSCAN.EXE. This application may not be safe to have on your computer. If this application is running on your computer, it is advised that you scan your computer for both viruses and spyware/adware immediately.

Summary of PURITYSCAN.EXE
Adware.ClickSpring/PuritySCAN.Process
      
Company Information
Clickspring, LLC
www.purityscan.com
      
Description of PURITYSCAN.EXE
Scans a user's hard drive for pornographic files. Serves advertisements and may slow system performance. May install eZula.

Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet.

This application may serve various types of advertising, not limited to pop-up ads.
      
Threat Level (1-10) 10
      
Processes PURITYSCAN.EXE


---
Tolomir
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 500 total points
ID: 20375347
Also, with PurityScan you will usually see files with ?'s in them. ie.

C:\WINDOWS\system32\d?xplore.exe
C:\WINDOWS\System32\??xplore.exe
C:\WINDOWS\System32\M?config.exe
 
The file with the question marks in it will have the same name as a legitimate file. So you need to be careful when removing them. Combofix will "unearth" these files and deal with Pscan, and a lot of other nasties if still present.

Download and Run ComboFix (by sUBs)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconnect from the Internet, than disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log. Upload to the following link and post the link to it back here.

http://www.ee-stuff.com

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware before reconnecting to the Internet.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20377097
SUPERAntispyware and or Combofix should remove it. You can also use the website's uninstaller(works always)

Sometimes Purityscan/clickspring are listed in add/remove programs.

Please check Add/Remove programs and uninstall any apps by OIN
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download their stand-alone uninstaller.
http://www.outerinfo.com/OiUninstaller.exe.
0
 

Author Comment

by:Frossard
ID: 20377694
"If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download their stand-alone uninstaller.
http://www.outerinfo.com/OiUninstaller.exe."
I tried that - didn't work.

Now, I'm getting ComboFix. Hopefully it will do something meaningful. (I don't get it why 'the best antivirus software' - as Symantec claims to be - can't remove this pest.)
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20378363
hmm.... their uninstaller no longer works??? thanks for that info.
well, combofix should.....and any bad files that combofix does not remove can be removed using CFScript.

>>(I don't get it why 'the best antivirus software' - as Symantec claims to be - can't remove this pest.)<<
most antivirus can't handle malware not just Symantec, I guess because they're designed to remove mainly viruses.
0
 

Author Comment

by:Frossard
ID: 20403190
ComboFix worked! Thanks for the tip.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Automated IT tasks 4 122
Zepto Ransomware - Decrypt/Restore files 5 240
Need to track down Infection in a Server 2008 domain user profile 7 48
Kaspersky Antivirus reports 4 59
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now