# Can't get rid of pup.optional.linkury



## HarvesterOfSorrow (Mar 15, 2018)

Recently malwarebytes daily scan have give me results of finding pup.optional.linkury, and it keeps coming back everytime i delete it. I have tried scanning with Adwcleaner and it didnt find anything. I have attached picture of malwarebytes.
edit: sorry for not letting you know what i've tried, still bit dizzy from woking up.

I have tried
*Malwarebytes scan as @jboydgolfer suggested
*Defender offline scan aswell as regular full scan
*Adwcleaner



Thanks!


----------



## EarthDog (Mar 15, 2018)

Try scanning and removal in safe mode?

What have you done so far...just run it again?


----------



## INSTG8R (Mar 15, 2018)

Considering it’s location it looks to be in a bad spot. Not sure how to get rid of it though.


----------



## jboydgolfer (Mar 15, 2018)

Try running it off-line scan with Windows defender. It'll reboot the computer, and do the scan before loading win.

also try running *Malwarebytes anti-rootkit*
also, try running Malwarebytes With Rootkit detection ENABLED (make it a "custom Scan"). (you'll need to set it as enabled, because by default it isnt (even if You've previously set it to enabled, it isnt)
it would seem like you have a program that is reacquiring it if Your removing it, and it keep reappearing. you may need to find the program that is getting it back on Your Pc.
open your taskmanager, and see what is set to "auto launch" at startup tab.


Spoiler: MBAM report on Your Pup



*Common infection method*

PUP.Optional.Linkury is adware that comes bundled with many freeware utilities.
Avoidance advice:

Update your OS and active applications
Run Malwarebytes products
Read up on how to avoid potentially unwanted programs
 
*Remediation*

Malwarebytes completely removes this threat.

For additional details on removal, please check out the removal guide for SafeFinder.
 
*Screenshots*


----------



## newtekie1 (Mar 15, 2018)

Check your Chrome extensions as well as all the settings in Chrome.

The problem is the Chrome sync service.  I'd guess you are logged into Chrome.  If an outside program modifies Chrome's settings or extensions, the next time you launch Chrome, the sync service will just change things back tot he way they were before.  So when MBAM deleted the PUP from Chrome, the next time you open Chrome, Chrome just puts it right back.  You have to find what is causing it in Chrome and manually delete/change it.

Usually it is caused by an extension, but sometime it is a setting that has been changed.  Unfortunately there is no way for MBAM to permanently fix it for you because of the way Chrome's syncing works.  And before we here "OMG this is why I use Firefox", Firefox's Sync caused the same problem.


----------



## jboydgolfer (Mar 15, 2018)

Please be sure to post back ,and let us know  how it turned out.

@HarvesterOfSorrow
"Language of the mad" 



btw, anyone who needs MBAM, its on sale for almost 50% off on NEwegg.

*use Promo code EMCPSES222  $25 1 year 3 PC (physical card)*


----------



## qubit (Mar 15, 2018)

newtekie1 said:


> And before we here "OMG this is why I use Firefox", Firefox's Sync caused the same problem.


OMG that's exactly why I use Firefox! 

To @HarvesterOfSorrow 

But seriously, if you can't see a setting in Chrome that's doing it, try to purge the profile and see if that does it. If not, then perhaps uninstall it and reinstall, not preserving any settings. Remember to first back up any bookmarks you may have.


----------



## cakehunter (Mar 15, 2018)

This seems like an user setting folder
C:\users\leevi\*
Leevi I guess is your username there?
In these foders are stored your desktop settings, preferences, application data. Everything thats after leevi\ is not necessary for system to function, however, if the malware has Admin rights, it can continiue to write there and elsewhere it wants.
Try creating a new user with user rights (your desktop and et cetera will be default, but you can tune it) and see if the malware also gets the new user.

(I assume user Leevi doesnt have admin rights; a renamed Administrator account)


----------



## HarvesterOfSorrow (Mar 15, 2018)

jboydgolfer said:


> Please be sure to post back ,and let us know  how it turned out.
> 
> @HarvesterOfSorrow
> "Language of the mad"
> ...


Funny thing i noticed, that malwarebytes finds the malware when using quick scan, and custom scan finds nothing. Will investigate more.



cakehunter said:


> This seems like an user setting folder
> C:\users\leevi\*
> Leevi I guess is your username there?
> In these foders are stored your desktop settings, preferences, application data. Everything thats after leevi\ is not necessary for system to function, however, if the malware has Admin rights, it can continiue to write there and elsewhere it wants.
> ...


User Leevi does have admin rights, ill try if it does the trick.


----------



## Bill_Bright (Mar 15, 2018)

Have you tried the obvious? That is, go to Control Panel > Programs and features then uninstall the Linkury entry?


----------



## EarthDog (Mar 15, 2018)

That's assuming it would be in there... most things like this tend not to be?


----------



## CrAsHnBuRnXp (Mar 15, 2018)

Im giving you a like just for the name and avatar.


----------



## newtekie1 (Mar 15, 2018)

cakehunter said:


> This seems like an user setting folder
> C:\users\leevi\*
> Leevi I guess is your username there?
> In these foders are stored your desktop settings, preferences, application data. Everything thats after leevi\ is not necessary for system to function, however, if the malware has Admin rights, it can continiue to write there and elsewhere it wants.
> ...





Bill_Bright said:


> Have you tried the obvious? That is, go to Control Panel > Programs and features then uninstall the Linkury entry?



Look at the full path, it's obviously installed under Chrome.  So either an extension or a Chrome setting.

C:\USERS\<username>\APPDATA\LOCAL\*GOOGLE*\*CHROME*\USER DATA\DEFAULT\Secure Preferences

Deleting it, or switching to a different Windows user is not likely going to permanently get rid of it.  The moment he logs into Chrome, it will sync and the PUP will reappear.


----------



## Bill_Bright (Mar 15, 2018)

EarthDog said:


> That's assuming it would be in there... most things like this tend not to be?


I agree - "most" things "like" this are not. 

But many things "like" the Linkury Smartbar that get foisted our systems are not evil and still comply with common practices and can be uninstalled in the normal way. It is still best to check since it only takes a couple seconds as uninstalling through the Control panel gives a better chance of thorough uninstalls - including clearing Registry settings.

I think it is important to note that not all "potentially" "unwanted" programs are malicious or unwanted.


----------



## HarvesterOfSorrow (Mar 15, 2018)

I fixed it by uninstalling Chrome  Honestly i prefer Edge more, and no linury wasnt in control panel programs.


----------



## Bill_Bright (Mar 15, 2018)

HarvesterOfSorrow said:


> Honestly i prefer Edge more


Pale Moon is still my preferred but I have to admit, Edge is starting (finally!) to impress me. It still needs a lot of work, however. 

Anyway, I am glad you got it sorted out and thanks for the followup.


----------



## CrAsHnBuRnXp (Mar 15, 2018)

HarvesterOfSorrow said:


> I fixed it by uninstalling Chrome  Honestly i prefer Edge more, and no linury wasnt in control panel programs.


Thats...thats not metal at all 

 at any rate. at least you have it solved now.


----------



## FatLeeAdama (Mar 15, 2018)

https://forums.malwarebytes.com/topic/214441-pupoptionallinkury-wont-go-away/

Malwarebytes forum has this. That fix.


----------

