Solved

How to remove Adware.PurityScan ??

Posted on 2007-11-29
7
1,212 Views
Last Modified: 2013-11-22
Hi,
I got a laptop (Dell Inspiron 6000), which came heavily infected with viruses. Everything has been cleaned up. I used Symantec AV (Enterprise version) with the latest signatures, Spybot and Adaware. I scanned the computer maybe 25 times, and all is gone, except the very stubborn 'Adware.Purityscan', which comes up every time after AV Scan. (to be exact, it shows as: 'Adware.Purityscan | Action - Cleaned | Count - 2 | Filename - regsvr32.exe).
I followed all the instructions I could find on the net, with checking the registry (nothing found there), and suspected files (nothing found).
I appreciate your advice.
Thank you!
0
Comment
Question by:Frossard
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 20374506
Well you can always go with www.superantispyware.com

the free scanner + malware remover should be able to remove that malware.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20374531
http://www.superantispyware.com/definition/purityscan/

PURITYSCAN.EXE Application/Process Description
Below is a description of PURITYSCAN.EXE. This application may not be safe to have on your computer. If this application is running on your computer, it is advised that you scan your computer for both viruses and spyware/adware immediately.

Summary of PURITYSCAN.EXE
Adware.ClickSpring/PuritySCAN.Process
      
Company Information
Clickspring, LLC
www.purityscan.com
      
Description of PURITYSCAN.EXE
Scans a user's hard drive for pornographic files. Serves advertisements and may slow system performance. May install eZula.

Adware applications, toolbars and browser extensions may serve advertisements even while you are not surfing the Internet.

This application may serve various types of advertising, not limited to pop-up ads.
      
Threat Level (1-10) 10
      
Processes PURITYSCAN.EXE


---
Tolomir
0
 
LVL 20

Accepted Solution

by:
IndiGenus earned 500 total points
ID: 20375347
Also, with PurityScan you will usually see files with ?'s in them. ie.

C:\WINDOWS\system32\d?xplore.exe
C:\WINDOWS\System32\??xplore.exe
C:\WINDOWS\System32\M?config.exe
 
The file with the question marks in it will have the same name as a legitimate file. So you need to be careful when removing them. Combofix will "unearth" these files and deal with Pscan, and a lot of other nasties if still present.

Download and Run ComboFix (by sUBs)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconnect from the Internet, than disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log. Upload to the following link and post the link to it back here.

http://www.ee-stuff.com

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware before reconnecting to the Internet.
0
Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20377097
SUPERAntispyware and or Combofix should remove it. You can also use the website's uninstaller(works always)

Sometimes Purityscan/clickspring are listed in add/remove programs.

Please check Add/Remove programs and uninstall any apps by OIN
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download their stand-alone uninstaller.
http://www.outerinfo.com/OiUninstaller.exe.
0
 

Author Comment

by:Frossard
ID: 20377694
"If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download their stand-alone uninstaller.
http://www.outerinfo.com/OiUninstaller.exe."
I tried that - didn't work.

Now, I'm getting ComboFix. Hopefully it will do something meaningful. (I don't get it why 'the best antivirus software' - as Symantec claims to be - can't remove this pest.)
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20378363
hmm.... their uninstaller no longer works??? thanks for that info.
well, combofix should.....and any bad files that combofix does not remove can be removed using CFScript.

>>(I don't get it why 'the best antivirus software' - as Symantec claims to be - can't remove this pest.)<<
most antivirus can't handle malware not just Symantec, I guess because they're designed to remove mainly viruses.
0
 

Author Comment

by:Frossard
ID: 20403190
ComboFix worked! Thanks for the tip.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question