Jump to content

Recommended Posts

  • Staff

What is Access+?

The Malwarebytes research team has determined that Access+ is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
This particular one changes your Google search results and their affiliate site uses web push notifications.

notifications.png

How do I know if my computer is affected by Access+?

You may see this entry in your list of installed Chrome extensions:

main.png

and these warnings during install:

warning1.png

warning2.png

You will see this icon in your Chrome menu-bar:

icons.png

How did Access+ get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:

webstore.png

after a redirect from their website:

website.png

How do I remove Access+?

Our program Malwarebytes can detect and remove this potentially unwanted program.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Access+?

  • No, Malwarebytes removes Access+ completely.
  • If you have allowed the notifications you can read here how to disable them.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes would have protected you against the Access+ hijacker. It would have blocked their website, giving you a chance to stop before it became too late.


 

protection1.png

 

Technical details for experts

Possible signs in FRST logs:


 

CHR Extension: (Access+) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnpfpbbhgpppcoihmnjggdegaipdphg [2020-04-03]

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnpfpbbhgpppcoihmnjggdegaipdphg\3.2.16_0
       Adds the file googlesearch.js"="3/8/2020 7:59 AM, 2936 bytes, A
       Adds the file icon128.png"="4/3/2020 8:56 AM, 13540 bytes, A
       Adds the file manifest.json"="4/3/2020 8:56 AM, 2131 bytes, A
       Adds the file meta.js"="3/8/2020 8:00 AM, 188 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnpfpbbhgpppcoihmnjggdegaipdphg\3.2.16_0\_metadata
       Adds the file computed_hashes.json"="4/3/2020 8:56 AM, 239 bytes, A
       Adds the file verified_contents.json"="3/8/2020 8:00 AM, 1632 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings]
       "plnpfpbbhgpppcoihmnjggdegaipdphg"="REG_SZ", "C83B5543E320CCA3853CB62210B50109C3FAD7018031E6B19A7C3DB05DD10476"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/3/20
Scan Time: 9:19 AM
Log File: 7becca18-757b-11ea-bda4-00ffdcc6fdfc.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.859
Update Package Version: 1.0.21824
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234039
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 3 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.SponsoredSearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|plnpfpbbhgpppcoihmnjggdegaipdphg, Quarantined, 15182, 806876, , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PLNPFPBBHGPPPCOIHMNJGGDEGAIPDPHG, Quarantined, 15182, 806876, 1.0.21824, , ame, 

File: 3
PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 15182, 806876, , , , 
PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 15182, 806876, , , , 
PUP.Optional.SponsoredSearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PLNPFPBBHGPPPCOIHMNJGGDEGAIPDPHG\3.2.16_0\MANIFEST.JSON, Quarantined, 15182, 806876, 1.0.21824, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.