I need help removing WHITESMOKE PUP

Closed
cyndizworld - Aug 30, 2011 at 01:00 PM
 Anonymous User - Aug 30, 2011 at 05:14 PM
Hello,
I have a Windows VISTA and have had this WHITESMOKE PUP once, did a system restore, which removed it, but it is back and my system restore has no dates other than the 29th and 27th of this month, all other dates are gone and no prompt to go back more than five days (like usual) I cannot remove this pup and cannot find it anywhere, Please assist. I was told on a blog of how to get rid of this PUP that FISH66 helped someone from this site. I also tried to register on this site but never received my email confirmation of my registration...Maybe from the WHITEHOUSE PUP. I hear it does a lot of different things. THank you CYNDI


2 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,164
Aug 30, 2011 at 04:36 PM
Hello Cindy

I believe your machine got infected.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!

https://support.kaspersky.com/5350

Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.


*Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.

*If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.

*Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
right-click and select Run As Administrator.


*When the program opens, click the Start Scan button.

*Do not use the computer during the scan

*If the scan completes with nothing found, click Close to exit.

*If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

*Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.

*A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).

*Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.

Download Link

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
*Make sure you are connected to the Internet.

*Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.

*When the installation begins, follow the prompts and do not make any changes to default settings.

*When installation has finished, make sure you leave both of these checked:
?Update Malwarebytes' Anti-Malware

?Launch Malwarebytes' Anti-Malware


*Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
*If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

*If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
*Make sure the "Perform Quick Scan" option is selected.

*Then click on the Scan button.

*If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

*The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

*When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

*Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
*Click on the Show Results button to see a list of any malware that was found.

*Make sure that everything is checked, and click Remove Selected.

*When removal is completed, a log report will open in Notepad.

*The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

*Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

*Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Good luck
0
Anonymous User
Aug 30, 2011 at 05:14 PM
Follow the steps given by ambucias to remove pup white smoke infection


Next is Uninstalling PUP White smoke

Eventhough MBAM removes it ,sometime it becomes hard to uninstall PUP white smoke

So here are the steps you can follow


Step 1:

Does your add or remove programs still show PUP white smoke?

Make sure that PUP white smoke is removed.

Now go to C:/Program files and remove PUP white smoke folder

search for whitesmoke and remove every folder and file that points to White smoke


Reset your browsers to default.

Step 2:

https://www.softpedia.com/get/Tweak/Uninstallers/Revo-Uninstaller.shtml

Install revo uninstaller,uninstall pup white smoke if revo uninstaller still detects it


Step 3:

Go to run and type

Regedit

Now select ctrl+F and search for white

that should show you entries of white smoke in registry.Remove everything that points to whitesmoke
0