Goodluckdog Popup

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ONEEYEMAN, Dec 29, 2020.

  1. ONEEYEMAN

    ONEEYEMAN Corporal

    Hi, ALL,

    One of the sites I frequently visit started redirecting me to that "goodluckdog" crap.

    I use FF exclusively on all 3 platforms I use - Windows, Linux (Gentoo) and Mac.
    For Windows I tried to do what Google suggested to no availability. I don't see anything related in the Control Panel -> Programs, and nothing in the FF Add-Ons screen.

    So when I became tired of retyping the address and I ran the R&R. ;-)

    Attached are the logs.

    Thank you.
     

    Attached Files:

    ONEEYEMAN, Dec 29, 2020
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have a Pokki infection.
    In ADWCleaner, please remove:
    ***** [ Folders ] *****

    Adware.pokki C:\ProgramData\Pokki
    Adware.pokki C:\Users\MSSQLFDLauncher\AppData\Local\Pokki
    Adware.pokki C:\Users\MSSQLSERVER\AppData\Local\Pokki
    Adware.pokki C:\Users\Public\Pokki
    PUP.Adware.Heuristic C:\ProgramData\CA80D56000006FB4

    ***** [ Registry ] *****

    Adware.pokki HKCU\Software\SweetLabs App Platform
    PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{977a63}c

    In Roguekiller, remove:
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Pokki|PUP.Gen1 (Potentially Malicious)] (shortcut) Pirate Storm.lnk -- C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirate Storm.lnk => C:\Users\Igor\AppData\Local\Pokki\Engine\HostAppService.exe [ /OPEN"17dd240efdb0c50e8a5015de26b6d100f1b1072c"] -> Found
    [PUP.Pokki|PUP.Gen1 (Potentially Malicious)] (shortcut) The Godfather.lnk -- C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Godfather.lnk => C:\Users\Igor\AppData\Local\Pokki\Engine\HostAppService.exe [ /OPEN"923d0f1d35897f6a6a73ba838623cda94c4ab689"] -> Found
    [PUP.Pokki|PUP.Gen1 (Potentially Malicious)] (folder) Pokki -- C:\ProgramData\Pokki -> Found

    Reboot and rescan with ADW and RogueKiller. Attack the new logs.
     
    TimW, Dec 29, 2020
    #2
  3. ONEEYEMAN

    ONEEYEMAN Corporal

    Hi,
    Logs attached.

    Thank you
     

    Attached Files:

    ONEEYEMAN, Dec 29, 2020
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good...are you still having malware issues?
     
    TimW, Dec 29, 2020
    #4
  5. ONEEYEMAN

    ONEEYEMAN Corporal

    Hi, Tim,
    It was OK for a while.
    I just update my CoMoDo and after reboot that stupid "goodluckdog.sace" shows up again.

    I didn't flash anything yet (no finalize steps performed).

    What should I do? What to re-run?

    Thank you.
     
    ONEEYEMAN, Jan 5, 2021
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    ADWCleaner and Roguekiller

    Which browser are you using?
     
    TimW, Jan 5, 2021
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds