Metallica

Staff

View Profile See their activity

Content Count
2,252
Joined
April 21, 2008
Last visited
22 hours ago

4 Followers

About Metallica

Rank
Master of PUPs
Birthday 05/19/1963

Profile Information

Location
Netherlands

Recent Profile Visitors

162,650 profile views

YuriR

Monday at 10:15 AM
picasso

December 7
Amaroq_Starwind

December 4
rubberswip

November 12
chantal11

October 23
ncodex

August 5
JBlaz

August 2
Fedor23

June 29
MHN39

May 31
ALEKSEI_J

May 18
ctam

April 26

Removal instructions for MuzikFury

Metallica posted a topic in Malware Removal Self-Help Guides

What is Muzik Fury?The Malwarebytes research team has determined that Muzik Fury is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Muzik Fury is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by Muzik Fury?You may see these browser extensions/add-ons:these warnings during install:You may see this type of new settings:and this newtab-page in the affected browsers:How did Muzik Fury get on my computer?Browser hijackers use different methods for distributing themselves. This particular Firefox add-on was downloaded from their website.and the Chrome extension was available in the webstore:How do I remove Muzik Fury?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Muzik Fury? No, Malwarebytes' Anti-Malware removes Muzik Fury completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Muzik Fury hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in a FRST log: FF HomepageOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF NewTabOverride: Mozilla\Firefox\Profiles\{profile}.default -> Enabled: _otMembers_@muzikfury.thewhizmarketing.com FF Extension: (Muzik Fury) - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_otMembers_@muzikfury.thewhizmarketing.com.xpi [2018-12-13] CHR NewTab: Default -> Active:"chrome-extension://njnmnphjljmejmfacphkagccdnajkghk/newtabproduct.html" CHR Extension: (Muzik Fury) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk [2018-12-13] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0 Adds the file manifest.json"="12/13/2018 8:28 PM, 2389 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en Adds the file messages.json"="12/13/2018 8:28 PM, 252 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata Adds the file computed_hashes.json"="12/13/2018 8:28 PM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1975 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons Adds the file icon128.png"="12/13/2018 8:28 PM, 2874 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 227 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 265 bytes, A Adds the file icon19on.png"="12/13/2018 8:28 PM, 412 bytes, A Adds the file icon48.png"="12/13/2018 8:28 PM, 1353 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk Adds the file 000003.log"="12/13/2018 8:28 PM, 1985 bytes, A Adds the file CURRENT"="12/13/2018 8:28 PM, 16 bytes, A Adds the file LOCK"="12/13/2018 8:28 PM, 0 bytes, A Adds the file LOG"="12/13/2018 8:28 PM, 184 bytes, A Adds the file MANIFEST-000001"="12/13/2018 8:28 PM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com Adds the file storage.js"="12/13/2018 8:23 PM, 2677 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _otMembers_@muzikfury.thewhizmarketing.com.xpi"="12/13/2018 8:23 PM, 46492 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "njnmnphjljmejmfacphkagccdnajkghk"="REG_SZ", "0270731775B75ECD2BD8155557F1FD31427F4F880F540FA567BEE86DA3A48047" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/18 Scan Time: 8:34 PM Log File: 2af0f02e-ff0e-11e8-ae5c-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8303 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237019 Threats Detected: 58 Threats Quarantined: 58 Time Elapsed: 2 min, 54 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_otMembers_@muzikfury.thewhizmarketing.com, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK, Quarantined, [1858], [443097],1.0.8303 File: 47 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_otMembers_@muzikfury.thewhizmarketing.com.xpi, Quarantined, [1712], [457930],1.0.8303 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_otMembers_@muzikfury.thewhizmarketing.com\storage.js, Quarantined, [1712], [468075],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\000003.log, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\CURRENT, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOCK, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\LOG, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\njnmnphjljmejmfacphkagccdnajkghk\MANIFEST-000001, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NJNMNPHJLJMEJMFACPHKAGCCDNAJKGHK\13.817.14.14883_0\MANIFEST.JSON, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\config\config.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon128.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon16.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19disabled.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon19on.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\icons\icon48.png, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\initOfferCEF.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ajax.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\b2b-partner-tracking.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\background.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\browserUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\chrome.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\content_script.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlp.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\dlpHelper.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\extension_detect.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\genericLoadRemoteSettings.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\index.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\logger.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\offerService.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\pageUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\PartnerId.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\product.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\splashPageRedirectHandler.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\storage.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TabManager.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\TemplateParser.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\ul.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlFragmentActions.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\urlUtils.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\util.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webtooltabAPI.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\js\webTooltabAPIProxy.js, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_locales\en\messages.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\computed_hashes.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\_metadata\verified_contents.json, Quarantined, [1858], [443097],1.0.8303 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnmnphjljmejmfacphkagccdnajkghk\13.817.14.14883_0\newtabproduct.html, Quarantined, [1858], [443097],1.0.8303 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Friday at 08:00 AM
- - pup.optional.mindspark.generic
  - pup.optional.mysearch.generic
  - (and 2 more)
    Tagged with:
    
    pup.optional.mindspark.generic
    
    pup.optional.mysearch.generic
    
    njnmnphjljmejmfacphkagccdnajkghk
    
    _otmembers_@muzikfury.thewhizmarketing.com
Removal instructions for WiperSoft

Metallica posted a topic in Malware Removal Self-Help Guides

What is WiperSoft?The Malwarebytes research team has determined that WiperSoft is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with WiperSoft?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did WiperSoft get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove WiperSoft?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of WiperSoft? No, Malwarebytes removes WiperSoft completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the WiperSoft installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. Technical details for expertsYou may see these entries in FRST logs: (WiperSoft) C:\Program Files\WiperSoft\WiperSoft.exe (Wiper Software) C:\Windows\system32\wiperrm.exe C:\Windows\System32\Tasks\WiperSoft Startup C:\Users\{username}\Desktop\WiperSoft.lnk C:\Users\{username}\AppData\Roaming\WiperSoft C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft C:\Program Files\WiperSoft WiperSoft 1.1.1143.64 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.1.1143.64 - WiperSoft) Task: {5C2F4539-1A4E-4172-8BFB-B5620E4E75EC} - System32\Tasks\WiperSoft Startup => C:\Program Files\WiperSoft\WiperSoft.exe [2018-12-13] (WiperSoft) () C:\Program Files\WiperSoft\CrashRpt1403.dll Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files\WiperSoft Adds the file crashrpt_lang.ini"="12/13/2018 8:52 AM, 8214 bytes, A Adds the file CrashRpt1403.dll"="12/13/2018 8:52 AM, 339568 bytes, A Adds the file CrashSender1403.exe"="12/13/2018 8:52 AM, 1732208 bytes, A Adds the file install.dat"="12/13/2018 8:52 AM, 12960 bytes, A Adds the file license_en.txt"="12/13/2018 8:52 AM, 33459 bytes, A Adds the file offreg.dll"="12/13/2018 8:52 AM, 69000 bytes, A Adds the file OpenSans-Bold.ttf"="12/13/2018 8:52 AM, 224592 bytes, A Adds the file OpenSans-Light.ttf"="12/13/2018 8:52 AM, 222412 bytes, A Adds the file OpenSans-Regular.ttf"="12/13/2018 8:52 AM, 217360 bytes, A Adds the file OpenSans-Semibold.ttf"="12/13/2018 8:52 AM, 221328 bytes, A Adds the file WiperSoft.exe"="12/13/2018 8:52 AM, 4940400 bytes, A Adds the file WiperSoft-inst.exe"="12/13/2018 8:52 AM, 2046576 bytes, A In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs Alters the file Google Chrome.lnk 12/5/2018 8:27 AM, 2224 bytes, A ==> 12/13/2018 8:54 AM, 2224 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft Adds the file WiperSoft Uninstall.lnk"="12/13/2018 8:52 AM, 1519 bytes, A Adds the file WiperSoft.lnk"="12/13/2018 8:52 AM, 557 bytes, A Adds the folder C:\Users\{username}\AppData\Local\CrashRpt\UnsentCrashReports\WiperSoft.exe_1.1.1143.64\Logs Adds the folder C:\Users\{username}\AppData\Roaming\WiperSoft Adds the file signatures.dat"="12/13/2018 8:52 AM, 26286080 bytes, A Adds the file whitelist.dat"="12/13/2018 8:52 AM, 28672 bytes, A Adds the file wipersoft.dat"="12/13/2018 8:52 AM, 0 bytes, A Adds the file wipersoft.eni"="12/13/2018 8:52 AM, 524012 bytes, A Adds the file WiperSoft.Fix.log"="12/13/2018 8:52 AM, 0 bytes, A Adds the file WiperSoft.Scan.log"="12/13/2018 8:53 AM, 751775 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file WiperSoft.lnk"="12/13/2018 8:52 AM, 770 bytes, A In the existing folder C:\Windows\System32 Adds the file wiperrm.exe"="12/13/2018 8:52 AM, 27888 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file WiperSoft Startup"="12/13/2018 8:52 AM, 3312 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1] "DisplayIcon"="REG_SZ", "C:\Program Files\WiperSoft\wipersoft-inst.exe,-128" "DisplayName"="REG_SZ", "WiperSoft 1.1.1143.64" "DisplayVersion"="REG_SZ", "1.1.1143.64" "EstimatedSize"="REG_DWORD", 36063 "HelpLink"="REG_SZ", "http://www.wipersoft.com/" "InstallDate"="REG_SZ", "20181213" "InstallLocation"="REG_SZ", "C:\Program Files\WiperSoft" "Publisher"="REG_SZ", "WiperSoft" "QuietUninstallString"="REG_SZ", ""C:\Program Files\WiperSoft\WiperSoft-inst.exe" /lng=en /silent /remove=install.dat" "UninstallString"="REG_SZ", ""C:\Program Files\WiperSoft\WiperSoft-inst.exe" /lng=en /remove=install.dat" "URLInfoAbout"="REG_SZ", "http://www.wipersoft.com/" "URLUpdateInfo"="REG_SZ", "http://www.wipersoft.com/" "WiperSoft-GUID"="REG_SZ", "" [HKEY_CURRENT_USER\Software\WiperSoft\WiperSoft] "lng"="REG_SZ", "en" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/13/18 Scan Time: 9:01 AM Log File: 49311c1f-fead-11e8-bfa4-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.508 Update Package Version: 1.0.8291 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 236938 Threats Detected: 34 Threats Quarantined: 34 Time Elapsed: 1 min, 4 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\WiperSoft.exe, Quarantined, [4406], [340915],1.0.8291 Module: 2 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\CrashRpt1403.dll, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\WiperSoft.exe, Quarantined, [4406], [340915],1.0.8291 Registry Key: 5 PUP.Optional.WiperSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WiperSoft Startup, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C2F4539-1A4E-4172-8BFB-B5620E4E75EC}, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5C2F4539-1A4E-4172-8BFB-B5620E4E75EC}, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, HKCU\SOFTWARE\WiperSoft, Quarantined, [4406], [340919],1.0.8291 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.WiperSoft, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIPERSOFT, Quarantined, [4406], [340917],1.0.8291 PUP.Optional.WiperSoft, C:\USERS\{username}\APPDATA\ROAMING\WIPERSOFT, Quarantined, [4406], [340918],1.0.8291 File: 24 PUP.Optional.WiperSoft, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\WIPERSOFT\WIPERSOFT.LNK, Quarantined, [4406], [340917],1.0.8291 PUP.Optional.WiperSoft, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft\WiperSoft Uninstall.lnk, Quarantined, [4406], [340917],1.0.8291 PUP.Optional.WiperSoft, C:\PROGRAM FILES\WIPERSOFT\INSTALL.DAT, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\CrashRpt1403.dll, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\crashrpt_lang.ini, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\CrashSender1403.exe, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\license_en.txt, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\OpenSans-Bold.ttf, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\OpenSans-Light.ttf, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\OpenSans-Regular.ttf, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\OpenSans-Semibold.ttf, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\WiperSoft-inst.exe, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\Program Files\WiperSoft\WiperSoft.exe, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\WINDOWS\SYSTEM32\TASKS\WiperSoft Startup, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\USERS\{username}\DESKTOP\WiperSoft.lnk, Quarantined, [4406], [340915],1.0.8291 PUP.Optional.WiperSoft, C:\USERS\{username}\APPDATA\ROAMING\WIPERSOFT\SIGNATURES.DAT, Quarantined, [4406], [340918],1.0.8291 PUP.Optional.WiperSoft, C:\Users\{username}\AppData\Roaming\WiperSoft\whitelist.dat, Quarantined, [4406], [340918],1.0.8291 PUP.Optional.WiperSoft, C:\Users\{username}\AppData\Roaming\WiperSoft\wipersoft.dat, Quarantined, [4406], [340918],1.0.8291 PUP.Optional.WiperSoft, C:\Users\{username}\AppData\Roaming\WiperSoft\wipersoft.eni, Quarantined, [4406], [340918],1.0.8291 PUP.Optional.WiperSoft, C:\Users\{username}\AppData\Roaming\WiperSoft\WiperSoft.Fix.log, Quarantined, [4406], [340918],1.0.8291 PUP.Optional.WiperSoft, C:\Users\{username}\AppData\Roaming\WiperSoft\WiperSoft.Scan.log, Quarantined, [4406], [340918],1.0.8291 PUP.Optional.WiperSoft, C:\USERS\{username}\DESKTOP\WIPERSOFT-INSTALLER.EXE, Quarantined, [4406], [340923],1.0.8291 PUP.Optional.WiperSoft, C:\DOWNLOADS\WIPERSOFT-INSTALLER.EXE, Quarantined, [4406], [340923],1.0.8291 PUP.Optional.WiperSoft, C:\WINDOWS\SYSTEM32\WIPERRM.EXE, Quarantined, [4406], [584847],1.0.8291 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Thursday at 10:49 AM
- - pup.optional.wipersoft
  - wipersoft.com
  - (and 1 more)
    Tagged with:
    
    pup.optional.wipersoft
    
    wipersoft.com
    
    wiperrm.exe
Removal instructions for Quick Converter

Metallica posted a topic in Malware Removal Self-Help Guides

What is Quick Converter?The Malwarebytes research team has determined that Quick Converter is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Quick Converter?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did Quick Converter get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Quick Converter?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Quick Converter? No, Malwarebytes removes Quick Converter completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.The full version of Malwarebytes would have protected you against the Quick Converter hijacker. It would have blocked their website, giving you a chance to stop it before it became too late.Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.quick-converter.com/?q={searchTerms}&publisher=quick-converter&barcodeid=537360000000000 CHR DefaultSearchKeyword: Default -> QuickConverter CHR DefaultSuggestURL: Default -> hxxps://suggest.quick-converter.com/suggest/get?q={searchTerms} CHR Extension: (QuickConverter) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd [2018-12-12] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0 Adds the file closer.js"="9/13/2017 11:07 AM, 15 bytes, A Adds the file manifest.json"="12/12/2018 8:57 AM, 2340 bytes, A Adds the file popup.html"="10/17/2018 7:19 AM, 1157 bytes, A Adds the file tab.html"="9/13/2017 11:07 AM, 165 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\_metadata Adds the file computed_hashes.json"="12/12/2018 8:57 AM, 2561 bytes, A Adds the file verified_contents.json"="10/17/2018 7:53 AM, 2947 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images Adds the file how-1.png"="4/12/2018 3:27 PM, 2862 bytes, A Adds the file how-2.png"="4/12/2018 3:27 PM, 3247 bytes, A Adds the file logo-small.png"="10/15/2018 9:18 AM, 2760 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\icons Adds the file 128x128.png"="12/12/2018 8:57 AM, 7606 bytes, A Adds the file 16x16.png"="12/12/2018 8:57 AM, 828 bytes, A Adds the file 64x64.png"="12/12/2018 8:57 AM, 4455 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\scripts Adds the file background.js"="10/17/2018 8:00 AM, 30357 bytes, A Adds the file jquery-3.3.1.min.js"="4/12/2018 3:27 PM, 86927 bytes, A Adds the file popup.js"="10/17/2018 7:17 AM, 584 bytes, A Adds the file sitecontent.js"="4/12/2018 3:27 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\styles Adds the file popup.css"="4/12/2018 3:27 PM, 1270 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ifmbhhfjodlbpaoklcmljmjmffecgggd Adds the file Quick Converter.ico"="12/12/2018 8:57 AM, 195460 bytes, A Adds the file Quick Converter.ico.md5"="12/12/2018 8:57 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ifmbhhfjodlbpaoklcmljmjmffecgggd"="REG_SZ", "5A983FCE3C3D49A1C4E9AB29F66F9FBFE13D001E6E56688C6897E71490E32DEF" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/12/18 Scan Time: 9:09 AM Log File: 35c597cd-fde5-11e8-af65-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8273 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237031 Threats Detected: 27 Threats Quarantined: 27 Time Elapsed: 3 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.QuickConverter, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ifmbhhfjodlbpaoklcmljmjmffecgggd, Quarantined, [2162], [610588],1.0.8273 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\icons, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\_metadata, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\scripts, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\styles, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\ifmbhhfjodlbpaoklcmljmjmffecgggd, Quarantined, [2162], [610588],1.0.8273 File: 19 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\icons\128x128.png, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\icons\16x16.png, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\icons\64x64.png, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\how-1.png, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\how-2.png, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\images\logo-small.png, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\scripts\background.js, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\scripts\jquery-3.3.1.min.js, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\scripts\popup.js, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\scripts\sitecontent.js, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\styles\popup.css, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\_metadata\computed_hashes.json, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\_metadata\verified_contents.json, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\closer.js, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\manifest.json, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\popup.html, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmbhhfjodlbpaoklcmljmjmffecgggd\3.0.0_0\tab.html, Quarantined, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2162], [610588],1.0.8273 PUP.Optional.QuickConverter, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2162], [610588],1.0.8273 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Wednesday at 09:55 AM
- - pup.optional.quickconverter
  - ifmbhhfjodlbpaoklcmljmjmffecgggd
  - (and 1 more)
    Tagged with:
    
    pup.optional.quickconverter
    
    ifmbhhfjodlbpaoklcmljmjmffecgggd
    
    quick-converter.com
Removal instructions for BestMovies Now

Metallica posted a topic in Malware Removal Self-Help Guides

What is BestMovies Now?The Malwarebytes research team has determined that BestMovies Now is a newtab browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by BestMovies Now?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You may notice this new setting:and you will see this icon in your Chrome menu-bar:How did BestMovies Now get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove BestMovies Now?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of BestMovies Now? No, Malwarebytes removes BestMovies Now completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Name of the rogue hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR NewTab: Default -> Active:"chrome-extension://bgmecmcakcenjilbicdkkalcheegpbfc/index.html" CHR Extension: (bestMovies Now) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc [2018-12-11] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0 Adds the file index.html"="5/9/2017 3:22 PM, 29806 bytes, A Adds the file manifest.json"="12/11/2018 8:46 AM, 1775 bytes, A Adds the file mobile_sync.html"="2/19/2017 5:26 PM, 1726 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\_metadata Adds the file computed_hashes.json"="12/11/2018 8:46 AM, 47161 bytes, A Adds the file verified_contents.json"="5/9/2017 1:53 PM, 11985 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about Adds the file index.html"="2/19/2017 5:26 PM, 4773 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\css Adds the file style.css"="2/19/2017 5:26 PM, 4082 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\js Adds the file main.js"="2/19/2017 5:26 PM, 3720 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css Adds the file cards.css"="2/19/2017 5:26 PM, 5489 bytes, A Adds the file first.css"="2/19/2017 5:26 PM, 2994 bytes, A Adds the file mobile_sync.css"="2/19/2017 5:26 PM, 1664 bytes, A Adds the file style.css"="2/19/2017 6:56 PM, 38940 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts Adds the file material-icons.css"="2/19/2017 5:26 PM, 1037 bytes, A Adds the file MaterialIcons-Regular.eot"="2/19/2017 5:26 PM, 143258 bytes, A Adds the file MaterialIcons-Regular.ijmap"="2/19/2017 5:26 PM, 28416 bytes, A Adds the file MaterialIcons-Regular.svg"="2/19/2017 5:26 PM, 284031 bytes, A Adds the file MaterialIcons-Regular.ttf"="2/19/2017 5:26 PM, 128180 bytes, A Adds the file MaterialIcons-Regular.woff"="2/19/2017 5:26 PM, 78776 bytes, A Adds the file MaterialIcons-Regular.woff2"="2/19/2017 5:26 PM, 42304 bytes, A Adds the file RobotoCondensed-Regular.ttf"="2/19/2017 5:26 PM, 125332 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs Adds the file google-play-badge.png"="2/19/2017 5:26 PM, 13957 bytes, A Adds the file icon_chrome.svg"="2/19/2017 5:26 PM, 1029 bytes, A Adds the file icon128.png"="12/11/2018 8:46 AM, 11451 bytes, A Adds the file icon16.png"="12/11/2018 8:46 AM, 782 bytes, A Adds the file icon38.png"="12/11/2018 8:46 AM, 2569 bytes, A Adds the file icon45.png"="2/19/2017 2:37 AM, 4245 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites Adds the file amazon.png"="2/19/2017 5:26 PM, 2395 bytes, A Adds the file ebay.png"="2/19/2017 5:26 PM, 2510 bytes, A Adds the file facebook.png"="2/19/2017 5:26 PM, 1858 bytes, A Adds the file gmail.png"="2/19/2017 5:26 PM, 2201 bytes, A Adds the file google.png"="2/19/2017 5:26 PM, 2237 bytes, A Adds the file instagram.png"="2/19/2017 5:26 PM, 2262 bytes, A Adds the file linkedin.png"="2/19/2017 5:26 PM, 2006 bytes, A Adds the file pinterest.png"="2/19/2017 5:26 PM, 2728 bytes, A Adds the file twitter.png"="2/19/2017 5:26 PM, 2159 bytes, A Adds the file wikipedia.png"="2/19/2017 5:26 PM, 1702 bytes, A Adds the file yahoo.png"="2/19/2017 5:26 PM, 2222 bytes, A Adds the file youtube.png"="2/19/2017 5:26 PM, 2298 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\interactive Adds the file itour.css"="2/19/2017 5:26 PM, 15491 bytes, A Adds the file jquery.itour.js"="2/19/2017 5:26 PM, 62550 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js Adds the file auto_complete.js"="5/9/2017 2:06 PM, 4028 bytes, A Adds the file content.js"="5/9/2017 3:33 PM, 58040 bytes, A Adds the file mobile_sync.js"="2/19/2017 5:26 PM, 1688 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background Adds the file base.js"="5/9/2017 2:06 PM, 26324 bytes, A Adds the file init.js"="2/19/2017 5:26 PM, 1057 bytes, A Adds the file mail.js"="3/23/2017 5:08 PM, 5807 bytes, A Adds the file mobile.js"="2/19/2017 5:26 PM, 4330 bytes, A Adds the file user.js"="2/19/2017 5:26 PM, 9092 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts Adds the file bootstrap.min.js"="2/19/2017 5:26 PM, 36874 bytes, A Adds the file jquery.min.js"="2/19/2017 5:26 PM, 85584 bytes, A Adds the file jquery.qrcode.min.js"="2/19/2017 5:26 PM, 14023 bytes, A Adds the file jquery-ui.min.js"="2/19/2017 5:26 PM, 240457 bytes, A Adds the file material.min.js"="2/19/2017 5:26 PM, 62359 bytes, A Adds the file TweenMax.min.js"="2/19/2017 5:26 PM, 101817 bytes, A Adds the file xregexp-all.js"="2/19/2017 5:26 PM, 243814 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news Adds the file editions.html"="2/19/2017 5:26 PM, 5711 bytes, A Adds the file jquery.ticker.js"="2/19/2017 5:26 PM, 16405 bytes, A Adds the file rss"="2/19/2017 5:26 PM, 57296 bytes, A Adds the file style.css"="2/19/2017 5:26 PM, 1415 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\font Adds the file League_Gothic-webfont.eot"="2/19/2017 5:26 PM, 31966 bytes, A Adds the file League_Gothic-webfont.svg"="2/19/2017 5:26 PM, 48166 bytes, A Adds the file League_Gothic-webfont.ttf"="2/19/2017 5:26 PM, 31752 bytes, A Adds the file League_Gothic-webfont.woff"="2/19/2017 5:26 PM, 18808 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\rate Adds the file rate.css"="2/19/2017 5:26 PM, 6243 bytes, A Adds the file rate.js"="2/19/2017 5:26 PM, 4437 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical Adds the file 440x280.jpg"="2/19/2017 2:37 AM, 75210 bytes, A Adds the file banner.jpg"="2/19/2017 5:26 PM, 31066 bytes, A Adds the file first_bg.jpg"="2/19/2017 5:26 PM, 255339 bytes, A Adds the file icon_vertical.png"="2/19/2017 2:37 AM, 3088 bytes, A Adds the file init.js"="2/19/2017 5:26 PM, 1400 bytes, A Adds the file menu.html"="2/19/2017 5:26 PM, 555 bytes, A Adds the file pop.js"="2/19/2017 5:26 PM, 2563 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather Adds the file weatherwidget.js"="2/19/2017 6:56 PM, 135914 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\css Adds the file weatherwidget.css"="2/19/2017 5:26 PM, 47372 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts Adds the file glyphicons-halflings-regular.eot"="2/19/2017 5:26 PM, 20127 bytes, A Adds the file glyphicons-halflings-regular.svg"="2/19/2017 5:26 PM, 109025 bytes, A Adds the file glyphicons-halflings-regular.ttf"="2/19/2017 5:26 PM, 45404 bytes, A Adds the file glyphicons-halflings-regular.woff"="2/19/2017 5:26 PM, 23424 bytes, A Adds the file glyphicons-halflings-regular.woff2"="2/19/2017 5:26 PM, 18028 bytes, A Adds the file weathericons-regular-webfont.eot"="2/19/2017 5:26 PM, 99774 bytes, A Adds the file weathericons-regular-webfont.svg"="2/19/2017 5:26 PM, 185225 bytes, A Adds the file weathericons-regular-webfont.ttf"="2/19/2017 5:26 PM, 99564 bytes, A Adds the file weathericons-regular-webfont.woff"="2/19/2017 5:26 PM, 56468 bytes, A Adds the file weathericons-regular-webfont.woff2"="2/19/2017 5:26 PM, 44720 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\img Adds the file icn_find.png"="2/19/2017 5:26 PM, 288 bytes, A Adds the file img_spinner.gif"="2/19/2017 5:26 PM, 847 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc Adds the file 000003.log"="12/11/2018 8:48 AM, 2419 bytes, A Adds the file CURRENT"="12/11/2018 8:46 AM, 16 bytes, A Adds the file LOCK"="12/11/2018 8:46 AM, 0 bytes, A Adds the file LOG"="12/11/2018 8:46 AM, 183 bytes, A Adds the file MANIFEST-000001"="12/11/2018 8:46 AM, 41 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "bgmecmcakcenjilbicdkkalcheegpbfc"="REG_SZ", "47539F4900287D37ED7E8529174711A5A2863E6534A48E00D0CF75060B55084E" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/11/18 Scan Time: 8:59 AM Log File: bc8dd1fb-fd1a-11e8-840c-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8259 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237145 Threats Detected: 117 Threats Quarantined: 117 Time Elapsed: 3 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.NJoyApps.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bgmecmcakcenjilbicdkkalcheegpbfc, Quarantined, [14435], [443091],1.0.8259 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 23 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\interactive, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\img, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\font, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\_metadata, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\rate, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BGMECMCAKCENJILBICDKKALCHEEGPBFC, Quarantined, [14435], [443091],1.0.8259 File: 93 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc\000003.log, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc\CURRENT, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc\LOCK, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc\LOG, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bgmecmcakcenjilbicdkkalcheegpbfc\MANIFEST-000001, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BGMECMCAKCENJILBICDKKALCHEEGPBFC\1.0.0_0\MANIFEST.JSON, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\css\style.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\js\main.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\about\index.html, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\material-icons.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\cards.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\first.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\mobile_sync.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\css\style.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\amazon.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\ebay.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\facebook.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\gmail.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\google.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\instagram.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\linkedin.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\pinterest.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\twitter.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\wikipedia.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\yahoo.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\topsites\youtube.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\google-play-badge.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\icon128.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\icon16.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\icon38.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\icon45.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\imgs\icon_chrome.svg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\interactive\itour.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\interactive\jquery.itour.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background\base.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background\init.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background\mail.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background\mobile.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\background\user.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\bootstrap.min.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\jquery-ui.min.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\jquery.min.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\jquery.qrcode.min.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\material.min.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\TweenMax.min.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\officialscripts\xregexp-all.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\auto_complete.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\content.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\js\mobile_sync.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\font\League_Gothic-webfont.eot, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\font\League_Gothic-webfont.svg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\font\League_Gothic-webfont.ttf, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\font\League_Gothic-webfont.woff, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\editions.html, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\jquery.ticker.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\rss, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\news\style.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\rate\rate.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\rate\rate.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\440x280.jpg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\banner.jpg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\first_bg.jpg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\icon_vertical.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\init.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\menu.html, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\vertical\pop.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\css\weatherwidget.css, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\glyphicons-halflings-regular.eot, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\glyphicons-halflings-regular.svg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\glyphicons-halflings-regular.ttf, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\glyphicons-halflings-regular.woff, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\glyphicons-halflings-regular.woff2, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\weathericons-regular-webfont.eot, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\weathericons-regular-webfont.svg, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\weathericons-regular-webfont.ttf, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\weathericons-regular-webfont.woff, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\fonts\weathericons-regular-webfont.woff2, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\img\icn_find.png, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\img\img_spinner.gif, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\weather\weatherwidget.js, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\_metadata\computed_hashes.json, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\_metadata\verified_contents.json, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\index.html, Quarantined, [14435], [443091],1.0.8259 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmecmcakcenjilbicdkkalcheegpbfc\1.0.0_0\mobile_sync.html, Quarantined, [14435], [443091],1.0.8259 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Tuesday at 11:00 AM
- - pup.optional.njoyapps.generic
  - bgmecmcakcenjilbicdkkalcheegpbfc
  - (and 1 more)
    Tagged with:
    
    pup.optional.njoyapps.generic
    
    bgmecmcakcenjilbicdkkalcheegpbfc
    
    njoyapps.com
Removal instructions for Fanatical Assistant

Metallica posted a topic in Malware Removal Self-Help Guides

What is Fanatical Assistant?The Malwarebytes research team has determined that Fanatical Assistant is a potentially unwanted program (PUP) that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by Fanatical Assistant?You may see these warnings during install:and these new browser extensions:and you may see this icon in the browsers menu-bar:How did Fanatical Assistant get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed from the webstores:after a redirect from their website:How do I remove Fanatical Assistant?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Fanatical Assistant? No, Malwarebytes removes Fanatical Assistant completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the Fanatical Assistant adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: FF Extension: (Fanatical Assistant) - C:\Users\Metallica\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\{f3f06b71-06b9-435d-a33b-9301f1619d71}.xpi [2018-12-07] CHR Extension: (Fanatical Assistant) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb [2018-12-07] Changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0 Adds the file background.bundle.js"="11/2/2018 2:37 AM, 3517 bytes, A Adds the file background.html"="11/2/2018 2:37 AM, 181 bytes, A Adds the file content.bundle.js"="11/2/2018 2:37 AM, 55330 bytes, A Adds the file frame.bundle.js"="11/2/2018 2:37 AM, 225252 bytes, A Adds the file frame.html"="11/2/2018 2:37 AM, 240 bytes, A Adds the file icon-128.png"="12/7/2018 9:08 AM, 2938 bytes, A Adds the file icon-16.png"="12/7/2018 9:08 AM, 384 bytes, A Adds the file icon-32.png"="12/7/2018 9:08 AM, 721 bytes, A Adds the file icon-48.png"="12/7/2018 9:08 AM, 1067 bytes, A Adds the file manifest.json"="12/7/2018 9:08 AM, 2446 bytes, A Adds the file options.bundle.js"="11/2/2018 2:37 AM, 6812 bytes, A Adds the file options.html"="11/2/2018 2:37 AM, 178 bytes, A Adds the file popup.bundle.js"="11/2/2018 2:37 AM, 608144 bytes, A Adds the file popup.html"="11/2/2018 2:37 AM, 295 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\_metadata Adds the file computed_hashes.json"="12/7/2018 9:08 AM, 11158 bytes, A Adds the file verified_contents.json"="11/2/2018 2:37 AM, 2755 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb Adds the file 000003.log"="12/7/2018 9:08 AM, 63 bytes, A Adds the file CURRENT"="12/7/2018 9:08 AM, 16 bytes, A Adds the file LOCK"="12/7/2018 9:08 AM, 0 bytes, A Adds the file LOG"="12/7/2018 9:08 AM, 184 bytes, A Adds the file MANIFEST-000001"="12/7/2018 9:08 AM, 41 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file {f3f06b71-06b9-435d-a33b-9301f1619d71}.xpi"="12/7/2018 9:03 AM, 253534 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "oobijlcdpmmmpgkonmjnpkkbdmnjpeeb"="REG_SZ", "8E1D65575A9CB5C07B31FFF42597E12278742A61E4E26300DC42E41834CC0A67" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/10/18 Scan Time: 9:16 AM Log File: f63f2633-fc53-11e8-9c57-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8241 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237212 Threats Detected: 29 Threats Quarantined: 29 Time Elapsed: 3 min, 59 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.FanaticalAssistant, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|oobijlcdpmmmpgkonmjnpkkbdmnjpeeb, Quarantined, [2200], [609015],1.0.8241 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\_metadata, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb, Quarantined, [2200], [609015],1.0.8241 File: 24 PUP.Optional.FanaticalAssistant, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\{F3F06B71-06B9-435D-A33B-9301F1619D71}.XPI, Quarantined, [2200], [608333],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\_metadata\computed_hashes.json, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\_metadata\verified_contents.json, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\background.bundle.js, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\background.html, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\content.bundle.js, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\frame.bundle.js, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\frame.html, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\icon-128.png, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\icon-16.png, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\icon-32.png, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\icon-48.png, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\manifest.json, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\options.bundle.js, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\options.html, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\popup.bundle.js, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\1.5.0_0\popup.html, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\000003.log, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\CURRENT, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\LOCK, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\LOG, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oobijlcdpmmmpgkonmjnpkkbdmnjpeeb\MANIFEST-000001, Quarantined, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2200], [609015],1.0.8241 PUP.Optional.FanaticalAssistant, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2200], [609015],1.0.8241 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- Monday at 09:40 AM
- - pup.optional.fanaticalassistant
  - oobijlcdpmmmpgkonmjnpkkbdmnjpeeb
  - (and 2 more)
    Tagged with:
    
    pup.optional.fanaticalassistant
    
    oobijlcdpmmmpgkonmjnpkkbdmnjpeeb
    
    fanatical.com
    
    {f3f06b71-06b9-435d-a33b-9301f1619d71}.xpi
Removal instructions for ConvertoWiz

Metallica posted a topic in Malware Removal Self-Help Guides

What is ConvertoWiz?The Malwarebytes research team has determined that ConvertoWiz is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by ConvertoWiz?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did ConvertoWiz get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove ConvertoWiz?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of ConvertoWiz? No, Malwarebytes removes ConvertoWiz completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the ConvertoWiz hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.convertowiz.com/?q={searchTerms}&publisher=convertowiz&barcodeid=538960000000000 CHR DefaultSearchKeyword: Default -> ConvertoWiz CHR DefaultSuggestURL: Default -> hxxps://suggest.convertowiz.com/suggest/get?q={searchTerms} CHR Extension: (ConvertoWiz) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf [2018-12-07] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0 Adds the file closer.js"="11/4/2018 3:08 PM, 15 bytes, A Adds the file manifest.json"="12/7/2018 10:43 AM, 2294 bytes, A Adds the file popup.html"="11/4/2018 3:08 PM, 1149 bytes, A Adds the file tab.html"="11/4/2018 3:08 PM, 165 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\_metadata Adds the file computed_hashes.json"="12/7/2018 10:43 AM, 2561 bytes, A Adds the file verified_contents.json"="11/4/2018 3:08 PM, 2947 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images Adds the file how-1.png"="11/4/2018 3:08 PM, 2862 bytes, A Adds the file how-2.png"="11/4/2018 3:08 PM, 3247 bytes, A Adds the file logo-small.png"="11/4/2018 3:08 PM, 1171 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\icons Adds the file 128x128.png"="12/7/2018 10:43 AM, 9539 bytes, A Adds the file 16x16.png"="12/7/2018 10:43 AM, 800 bytes, A Adds the file 64x64.png"="12/7/2018 10:43 AM, 4347 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\scripts Adds the file background.js"="11/4/2018 3:08 PM, 31294 bytes, A Adds the file jquery-3.3.1.min.js"="11/4/2018 3:08 PM, 86927 bytes, A Adds the file popup.js"="11/4/2018 3:08 PM, 649 bytes, A Adds the file sitecontent.js"="11/4/2018 3:08 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\styles Adds the file popup.css"="11/4/2018 3:08 PM, 1270 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ffmnloealihfajgcecbndhaehbhcdelf Adds the file ConvertoWiz.ico"="12/7/2018 10:44 AM, 196434 bytes, A Adds the file ConvertoWiz.ico.md5"="12/7/2018 10:44 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "ffmnloealihfajgcecbndhaehbhcdelf"="REG_SZ", "E57C72621FD9CE0254AAEB5A0D4B4DD2C0424958FB7B288356267678CAC9B3BA" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/7/18 Scan Time: 10:51 AM Log File: b53747e6-fa05-11e8-a2dd-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8209 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237482 Threats Detected: 29 Threats Quarantined: 29 Time Elapsed: 3 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Convertowiz, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ffmnloealihfajgcecbndhaehbhcdelf, Quarantined, [279], [601143],1.0.8209 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\icons, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\_metadata, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\scripts, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\styles, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FFMNLOEALIHFAJGCECBNDHAEHBHCDELF, Quarantined, [279], [601143],1.0.8209 File: 21 PUP.Optional.Convertowiz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FFMNLOEALIHFAJGCECBNDHAEHBHCDELF\1.0.1_0\MANIFEST.JSON, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\icons\128x128.png, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\icons\16x16.png, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\icons\64x64.png, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\how-1.png, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\how-2.png, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\images\logo-small.png, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\scripts\background.js, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\scripts\jquery-3.3.1.min.js, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\scripts\popup.js, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\scripts\sitecontent.js, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\styles\popup.css, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\_metadata\computed_hashes.json, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\_metadata\verified_contents.json, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\closer.js, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\popup.html, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmnloealihfajgcecbndhaehbhcdelf\1.0.1_0\tab.html, Quarantined, [279], [601143],1.0.8209 PUP.Optional.Convertowiz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [279], [601144],1.0.8209 PUP.Optional.Convertowiz, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [279], [601144],1.0.8209 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- December 7
- - pup.optional.convertowiz
  - ffmnloealihfajgcecbndhaehbhcdelf
  - (and 1 more)
    Tagged with:
    
    pup.optional.convertowiz
    
    ffmnloealihfajgcecbndhaehbhcdelf
    
    convertowiz.com
Removal instructions for New Browse

Metallica posted a topic in Malware Removal Self-Help Guides

What is New Browse?The Malwarebytes research team has determined that New Browse is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by New Browse?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did New Browse get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove New Browse?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of New Browse? No, Malwarebytes removes New Browse completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the New Browse hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://media.eanswers.com/go/?category=web&s=nbds&q={searchTerms} CHR DefaultSearchKeyword: Default -> New Browse CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms} CHR Extension: (New Browse) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk [2018-12-06] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0 Adds the file manifest.json"="12/6/2018 8:54 AM, 2146 bytes, A Adds the file popup.html"="7/20/2017 1:42 PM, 4841 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\_metadata Adds the file computed_hashes.json"="12/6/2018 8:54 AM, 15850 bytes, A Adds the file verified_contents.json"="8/13/2017 4:34 PM, 4188 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css Adds the file style.css"="7/20/2017 1:42 PM, 4082 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts Adds the file material-icons.css"="7/20/2017 1:42 PM, 1037 bytes, A Adds the file MaterialIcons-Regular.eot"="7/20/2017 1:42 PM, 143258 bytes, A Adds the file MaterialIcons-Regular.ijmap"="7/20/2017 1:42 PM, 28416 bytes, A Adds the file MaterialIcons-Regular.svg"="7/20/2017 1:42 PM, 284031 bytes, A Adds the file MaterialIcons-Regular.ttf"="7/20/2017 1:42 PM, 128180 bytes, A Adds the file MaterialIcons-Regular.woff"="7/20/2017 1:42 PM, 78776 bytes, A Adds the file MaterialIcons-Regular.woff2"="7/20/2017 1:42 PM, 42304 bytes, A Adds the file RobotoCondensed-Light.ttf"="7/20/2017 1:42 PM, 126168 bytes, A Adds the file RobotoCondensed-Regular.ttf"="7/20/2017 1:42 PM, 125332 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\images Adds the file icon128.png"="12/6/2018 8:54 AM, 3527 bytes, A Adds the file icon16.png"="12/6/2018 8:54 AM, 414 bytes, A Adds the file icon38.png"="12/6/2018 8:54 AM, 989 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js Adds the file base.js"="8/13/2017 2:33 PM, 20659 bytes, A Adds the file init.js"="7/20/2017 1:42 PM, 329 bytes, A Adds the file main.js"="8/13/2017 4:32 PM, 3765 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\official Adds the file bootstrap.min.js"="7/20/2017 1:42 PM, 36874 bytes, A Adds the file jquery.min.js"="7/20/2017 1:42 PM, 85660 bytes, A Adds the file material.min.js"="7/20/2017 1:42 PM, 62359 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\vertical Adds the file 440x280.jpg"="8/13/2017 2:25 AM, 31976 bytes, A Adds the file init.js"="7/20/2017 1:42 PM, 610 bytes, A Adds the file pop.js"="7/20/2017 1:42 PM, 2775 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mpbfeeamnphblafmkngbgikigkjhjgbk"="REG_SZ", "740407A228D03F5391727D3DA68AF74F3C8BEDC784E345D5F68EC78CB1A975CC" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/6/18 Scan Time: 9:01 AM Log File: 18bd5281-f92d-11e8-8a71-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8187 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237505 Threats Detected: 40 Threats Quarantined: 40 Time Elapsed: 2 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.Eanswers.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mpbfeeamnphblafmkngbgikigkjhjgbk, Quarantined, [237], [589896],1.0.8187 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\official, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\_metadata, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\vertical, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\images, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MPBFEEAMNPHBLAFMKNGBGIKIGKJHJGBK, Quarantined, [237], [589896],1.0.8187 File: 30 PUP.Optional.Eanswers.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MPBFEEAMNPHBLAFMKNGBGIKIGKJHJGBK\1.0.1_0\MANIFEST.JSON, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\material-icons.css, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\RobotoCondensed-Light.ttf, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\css\style.css, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\images\icon128.png, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\images\icon16.png, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\images\icon38.png, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\official\bootstrap.min.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\official\jquery.min.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\official\material.min.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\base.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\init.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\js\main.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\vertical\440x280.jpg, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\vertical\init.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\vertical\pop.js, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\_metadata\computed_hashes.json, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\_metadata\verified_contents.json, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbfeeamnphblafmkngbgikigkjhjgbk\1.0.1_0\popup.html, Quarantined, [237], [589896],1.0.8187 PUP.Optional.Eanswers.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [237], [495659],1.0.8187 PUP.Optional.Eanswers.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [237], [495659],1.0.8187 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- December 6
- - pup.optional.eanswers.generic
  - mpbfeeamnphblafmkngbgikigkjhjgbk
  - (and 2 more)
    Tagged with:
    
    pup.optional.eanswers.generic
    
    mpbfeeamnphblafmkngbgikigkjhjgbk
    
    ezbrowsing.com
    
    eanswers.com
Removal instructions for LearnTheLyrics

Metallica posted a topic in Malware Removal Self-Help Guides

What is LearnTheLyrics?The Malwarebytes research team has determined that LearnTheLyrics is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.LearnTheLyrics is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by LearnTheLyrics?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage in the affected browsers:How did LearnTheLyrics get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was also available in the webstore:How do I remove LearnTheLyrics?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of LearnTheLyrics? No, Malwarebytes' Anti-Malware removes LearnTheLyrics completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the LearnTheLyrics hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/learnthelyrics/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_rnMembers_@free.learnthelyrics.com.xpi [2018-12-05] CHR Extension: (LearnTheLyrics) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf [2018-12-05] C:\Users\{username}\AppData\Local\LearntheLyricsTooltab (Mindspark Interactive Network, Inc.) C:\Users\{username}\Desktop\learnthelyrics.exe LearntheLyrics Internet Explorer Homepage and New Tab (HKCU\...\LearntheLyricsTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0 Adds the file manifest.json"="12/5/2018 9:00 AM, 2498 bytes, A Adds the file newtabproduct.html"="8/20/2018 2:38 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata Adds the file computed_hashes.json"="12/5/2018 9:00 AM, 4346 bytes, A Adds the file verified_contents.json"="8/20/2018 2:38 PM, 5148 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\config Adds the file config.json"="8/20/2018 2:38 PM, 1756 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons Adds the file icon128.png"="12/5/2018 9:00 AM, 5866 bytes, A Adds the file icon16.png"="8/20/2018 2:38 PM, 1575 bytes, A Adds the file icon19disabled.png"="8/20/2018 2:38 PM, 1537 bytes, A Adds the file icon19on.png"="12/5/2018 9:00 AM, 735 bytes, A Adds the file icon48.png"="12/5/2018 9:00 AM, 1952 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js Adds the file ajax.js"="8/20/2018 2:38 PM, 2218 bytes, A Adds the file background.js"="8/20/2018 2:38 PM, 21378 bytes, A Adds the file browserUtils.js"="8/20/2018 2:38 PM, 912 bytes, A Adds the file chrome.js"="8/20/2018 2:38 PM, 146 bytes, A Adds the file content_script.js"="8/20/2018 2:38 PM, 2151 bytes, A Adds the file dlp.js"="8/20/2018 2:38 PM, 5659 bytes, A Adds the file dlpHelper.js"="8/20/2018 2:38 PM, 1799 bytes, A Adds the file extension_detect.js"="8/20/2018 2:38 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="8/20/2018 2:38 PM, 2855 bytes, A Adds the file index.js"="8/20/2018 2:38 PM, 49 bytes, A Adds the file initOfferCEF.js"="8/20/2018 2:38 PM, 8802 bytes, A Adds the file logger.js"="8/20/2018 2:38 PM, 541 bytes, A Adds the file offerService.js"="8/20/2018 2:38 PM, 10337 bytes, A Adds the file pageUtils.js"="8/20/2018 2:38 PM, 2805 bytes, A Adds the file PartnerId.js"="8/20/2018 2:38 PM, 16402 bytes, A Adds the file product.js"="8/20/2018 2:38 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="8/20/2018 2:38 PM, 2868 bytes, A Adds the file storage.js"="8/20/2018 2:38 PM, 1640 bytes, A Adds the file TabManager.js"="8/20/2018 2:38 PM, 151 bytes, A Adds the file TemplateParser.js"="8/20/2018 2:38 PM, 3038 bytes, A Adds the file ul.js"="8/20/2018 2:38 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="8/20/2018 2:38 PM, 1825 bytes, A Adds the file urlUtils.js"="8/20/2018 2:38 PM, 5349 bytes, A Adds the file util.js"="8/20/2018 2:38 PM, 2184 bytes, A Adds the file webtooltabAPI.js"="8/20/2018 2:38 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="8/20/2018 2:38 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf Adds the file 000003.log"="12/5/2018 9:01 AM, 5689 bytes, A Adds the file CURRENT"="12/5/2018 9:00 AM, 16 bytes, A Adds the file LOCK"="12/5/2018 9:00 AM, 0 bytes, A Adds the file LOG"="12/5/2018 9:01 AM, 412 bytes, A Adds the file LOG.old"="12/5/2018 9:00 AM, 185 bytes, A Adds the file MANIFEST-000001"="12/5/2018 9:00 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Local\LearntheLyricsTooltab Adds the file TooltabExtension.dll"="6/28/2018 11:23 PM, 266864 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_rnMembers_@free.learnthelyrics.com Adds the file storage.js"="12/5/2018 9:01 AM, 2793 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _rnMembers_@free.learnthelyrics.com.xpi"="12/5/2018 8:56 AM, 60499 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "iekdaegkmghillhfecnncgepaapdfcgf"="REG_SZ", "655165ADF28A80A4BC2F03F3F8D43DE92F1A394253F199218E26511558C32B1D" [HKEY_CURRENT_USER\Software\LearntheLyrics] "Start Page"="REG_SZ", "http://hp.myway.com/learnthelyrics/ttab02/index.html?n={n}&p2=^CZS^mni000^TTAB02&ptb={ptb}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3Fc%3D{ptb}%26ptb%3D{ptb2}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/learnthelyrics/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\LearntheLyricsTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "LearntheLyrics Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\LearntheLyricsTooltab\TooltabExtension.dll" U uninstall:LearntheLyrics" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/5/18 Scan Time: 9:08 AM Log File: e98e106c-f864-11e8-aa71-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8173 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237463 Threats Detected: 64 Threats Quarantined: 64 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\LearntheLyricsTooltab\TooltabExtension.dll, Quarantined, [1711], [356944],1.0.8173 Registry Key: 2 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LearntheLyricsTooltab Uninstall Internet Explorer, Quarantined, [1711], [356944],1.0.8173 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\LearntheLyrics, Quarantined, [1711], [444113],1.0.8173 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\LearntheLyrics|START PAGE, Quarantined, [1711], [444113],1.0.8173 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LearntheLyricsTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [577], [352442],1.0.8173 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|iekdaegkmghillhfecnncgepaapdfcgf, Quarantined, [1711], [456843],1.0.8173 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [577], [293497],1.0.8173 Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\LearntheLyricsTooltab, Quarantined, [1711], [356944],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\BROWSER-EXTENSION-DATA\_rnMembers_@free.learnthelyrics.com, Quarantined, [1711], [468075],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\config, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IEKDAEGKMGHILLHFECNNCGEPAAPDFCGF, Quarantined, [1711], [456843],1.0.8173 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\LearntheLyricsTooltab\TooltabExtension.dll, Quarantined, [1711], [356944],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60L2DG92.DEFAULT-1519559592148\EXTENSIONS\_rnMembers_@free.learnthelyrics.com.xpi, Quarantined, [1711], [457930],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\60l2dg92.default-1519559592148\browser-extension-data\_rnMembers_@free.learnthelyrics.com\storage.js, Quarantined, [1711], [468075],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\000003.log, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\CURRENT, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\LOCK, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\LOG, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\LOG.old, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iekdaegkmghillhfecnncgepaapdfcgf\MANIFEST-000001, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IEKDAEGKMGHILLHFECNNCGEPAAPDFCGF\13.781.13.57290_0\MANIFEST.JSON, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\config\config.json, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon128.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon16.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon19disabled.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon19on.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\icons\icon48.png, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\pageUtils.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\ajax.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\background.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\browserUtils.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\chrome.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\content_script.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\dlp.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\dlpHelper.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\extension_detect.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\genericLoadRemoteSettings.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\index.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\initOfferCEF.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\logger.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\offerService.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\PartnerId.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\product.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\splashPageRedirectHandler.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\storage.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\TabManager.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\TemplateParser.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\ul.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\urlFragmentActions.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\urlUtils.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\util.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\webtooltabAPI.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\js\webTooltabAPIProxy.js, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata\computed_hashes.json, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\_metadata\verified_contents.json, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekdaegkmghillhfecnncgepaapdfcgf\13.781.13.57290_0\newtabproduct.html, Quarantined, [1711], [456843],1.0.8173 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\LEARNTHELYRICS.EXE, Quarantined, [577], [365288],1.0.8173 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- December 5
- - pup.optional.mindspark
  - iekdaegkmghillhfecnncgepaapdfcgf
  - (and 2 more)
    Tagged with:
    
    pup.optional.mindspark
    
    iekdaegkmghillhfecnncgepaapdfcgf
    
    _rnmembers_@free.learnthelyrics.com
    
    myway.com
Removal instructions for nJoyMovies Search Plus

Metallica posted a topic in Malware Removal Self-Help Guides

What is nJoyMovies Search Plus?The Malwarebytes research team has determined that nJoyMovies Search Plus is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by nJoyMovies Search Plus?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did nJoyMovies Search Plus get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove nJoyMovies Search Plus?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of nJoyMovies Search Plus? No, Malwarebytes removes nJoyMovies Search Plus completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the nJoyMovies Search Plus hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxp://movix.searchalgo.com/search/?category=web&s=nmdp&vert=movies&var=plus&q={searchTerms} CHR DefaultSearchKeyword: Default -> nJoyMovies CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms} CHR Extension: (nJoyMovies Search Plus) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao [2018-12-04] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0 Adds the file manifest.json"="12/4/2018 8:54 AM, 2307 bytes, A Adds the file popup.html"="6/6/2017 12:14 PM, 5793 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\_metadata Adds the file computed_hashes.json"="12/4/2018 8:54 AM, 16431 bytes, A Adds the file verified_contents.json"="6/14/2017 3:44 PM, 4304 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css Adds the file style.css"="6/6/2017 1:35 PM, 4085 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts Adds the file material-icons.css"="2/19/2017 5:26 PM, 1037 bytes, A Adds the file MaterialIcons-Regular.eot"="2/19/2017 5:26 PM, 143258 bytes, A Adds the file MaterialIcons-Regular.ijmap"="2/19/2017 5:26 PM, 28416 bytes, A Adds the file MaterialIcons-Regular.svg"="2/19/2017 5:26 PM, 284031 bytes, A Adds the file MaterialIcons-Regular.ttf"="2/19/2017 5:26 PM, 128180 bytes, A Adds the file MaterialIcons-Regular.woff"="2/19/2017 5:26 PM, 78776 bytes, A Adds the file MaterialIcons-Regular.woff2"="2/19/2017 5:26 PM, 42304 bytes, A Adds the file RobotoCondensed-Light.ttf"="2/19/2017 5:26 PM, 126168 bytes, A Adds the file RobotoCondensed-Regular.ttf"="2/19/2017 5:26 PM, 125332 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\images Adds the file icon128.png"="12/4/2018 8:54 AM, 13970 bytes, A Adds the file icon16.png"="12/4/2018 8:54 AM, 818 bytes, A Adds the file icon38.png"="12/4/2018 8:54 AM, 2862 bytes, A Adds the file icon45.png"="2/28/2017 5:35 AM, 4781 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js Adds the file base.js"="6/14/2017 3:10 PM, 17775 bytes, A Adds the file init.js"="2/19/2017 5:26 PM, 331 bytes, A Adds the file main.js"="6/6/2017 1:24 PM, 4672 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\official Adds the file bootstrap.min.js"="2/19/2017 5:26 PM, 36874 bytes, A Adds the file jquery.min.js"="2/19/2017 5:26 PM, 85660 bytes, A Adds the file material.min.js"="2/19/2017 5:26 PM, 62359 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\vertical Adds the file 440x280.jpg"="2/28/2017 5:35 AM, 66735 bytes, A Adds the file init.js"="2/19/2017 5:26 PM, 605 bytes, A Adds the file pop.js"="2/19/2017 5:26 PM, 2563 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "mhihaoaeilmmpnppbafedfhlbnhphpao"="REG_SZ", "38F2FD7F075330FEB0B7224D12B4AF1EE52BA3E373A270B8881D65DE52E1B357" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/4/18 Scan Time: 9:05 AM Log File: 697288f0-f79b-11e8-ade4-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8155 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237319 Threats Detected: 41 Threats Quarantined: 41 Time Elapsed: 3 min, 25 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.NJoyApps.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mhihaoaeilmmpnppbafedfhlbnhphpao, Quarantined, [14414], [443091],1.0.8155 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 9 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\official, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\_metadata, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\vertical, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\images, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MHIHAOAEILMMPNPPBAFEDFHLBNHPHPAO, Quarantined, [14414], [443091],1.0.8155 File: 31 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\MHIHAOAEILMMPNPPBAFEDFHLBNHPHPAO\1.0.2_0\MANIFEST.JSON, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\material-icons.css, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\MaterialIcons-Regular.eot, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\MaterialIcons-Regular.ijmap, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\MaterialIcons-Regular.svg, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\MaterialIcons-Regular.ttf, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\MaterialIcons-Regular.woff, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\MaterialIcons-Regular.woff2, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\RobotoCondensed-Light.ttf, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\fonts\RobotoCondensed-Regular.ttf, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\css\style.css, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\images\icon128.png, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\images\icon16.png, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\images\icon38.png, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\images\icon45.png, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\official\bootstrap.min.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\official\jquery.min.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\official\material.min.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\base.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\init.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\js\main.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\vertical\440x280.jpg, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\vertical\init.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\vertical\pop.js, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\_metadata\computed_hashes.json, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\_metadata\verified_contents.json, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.NJoyApps.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhihaoaeilmmpnppbafedfhlbnhphpao\1.0.2_0\popup.html, Quarantined, [14414], [443091],1.0.8155 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [340], [454816],1.0.8155 PUP.Optional.SearchAlgo, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [340], [454816],1.0.8155 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- December 4
- - pup.optional.njoyapps.generic
  - pup.optional.searchalgo
  - (and 3 more)
    Tagged with:
    
    pup.optional.njoyapps.generic
    
    pup.optional.searchalgo
    
    mhihaoaeilmmpnppbafedfhlbnhphpao
    
    njoyapps.com
    
    movix.searchalgo.com
Removal instructions for AnyTemplate Design Default Search

Metallica posted a topic in Malware Removal Self-Help Guides

What is AnyTemplate Design Default Search?The Malwarebytes research team has determined that AnyTemplate Design Default Search is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by AnyTemplate Design Default Search?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did AnyTemplate Design Default Search get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove AnyTemplate Design Default Search?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of AnyTemplate Design Default Search? No, Malwarebytes removes AnyTemplate Design Default Search completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the AnyTemplate Design Default Search hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.any-templates.com/?q={searchTerms}&publisher=any-templates&barcodeid=539030000000000 CHR DefaultSearchKeyword: Default -> AnyTemplates CHR DefaultSuggestURL: Default -> hxxps://suggest.any-templates.com/suggest/get?q={searchTerms} CHR Extension: (AnyTemplates) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf [2018-12-03] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0 Adds the file closer.js"="11/8/2018 2:27 PM, 15 bytes, A Adds the file manifest.json"="12/3/2018 9:10 AM, 2298 bytes, A Adds the file popup.html"="11/8/2018 2:27 PM, 1198 bytes, A Adds the file tab.html"="11/8/2018 2:27 PM, 165 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\_metadata Adds the file computed_hashes.json"="12/3/2018 9:10 AM, 2561 bytes, A Adds the file verified_contents.json"="11/8/2018 2:27 PM, 2947 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images Adds the file how-1.png"="11/8/2018 2:27 PM, 2862 bytes, A Adds the file how-2.png"="11/8/2018 2:27 PM, 3247 bytes, A Adds the file logo-small.png"="11/8/2018 2:27 PM, 1353 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\icons Adds the file 128x128.png"="12/3/2018 9:10 AM, 2349 bytes, A Adds the file 16x16.png"="12/3/2018 9:10 AM, 720 bytes, A Adds the file 64x64.png"="12/3/2018 9:10 AM, 1955 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\scripts Adds the file background.js"="11/8/2018 2:27 PM, 31310 bytes, A Adds the file jquery-3.3.1.min.js"="11/8/2018 2:27 PM, 86927 bytes, A Adds the file popup.js"="11/8/2018 2:27 PM, 630 bytes, A Adds the file sitecontent.js"="11/8/2018 2:27 PM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\styles Adds the file popup.css"="11/8/2018 2:27 PM, 1270 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nambhdnlppjkkffhbkgehbgpbagacknf Adds the file AnyTemplate Design Default Search.ico"="12/3/2018 9:10 AM, 166609 bytes, A Adds the file AnyTemplate Design Default Search.ico.md5"="12/3/2018 9:10 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "nambhdnlppjkkffhbkgehbgpbagacknf"="REG_SZ", "530E0ACCECCAC6F31C1833100189210E8C27FFCC9ED2AD7CE6BC098B74FD2919" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/3/18 Scan Time: 9:18 AM Log File: 12d706d2-f6d4-11e8-85c6-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8135 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237348 Threats Detected: 29 Threats Quarantined: 29 Time Elapsed: 3 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.AnyTemplates, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nambhdnlppjkkffhbkgehbgpbagacknf, Quarantined, [261], [601413],1.0.8135 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 7 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\icons, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\_metadata, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\scripts, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\styles, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\nambhdnlppjkkffhbkgehbgpbagacknf, Quarantined, [261], [601413],1.0.8135 File: 21 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\icons\128x128.png, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\icons\16x16.png, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\icons\64x64.png, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\how-1.png, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\how-2.png, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\images\logo-small.png, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\scripts\background.js, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\scripts\jquery-3.3.1.min.js, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\scripts\popup.js, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\scripts\sitecontent.js, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\styles\popup.css, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\_metadata\computed_hashes.json, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\_metadata\verified_contents.json, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\closer.js, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\manifest.json, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\popup.html, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\nambhdnlppjkkffhbkgehbgpbagacknf\1.0.1_0\tab.html, Quarantined, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [261], [601413],1.0.8135 PUP.Optional.AnyTemplates, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [261], [601149],1.0.8135 PUP.Optional.AnyTemplates, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [261], [601149],1.0.8135 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- December 3
- - pup.optional.anytemplates
  - nambhdnlppjkkffhbkgehbgpbagacknf
  - (and 1 more)
    Tagged with:
    
    pup.optional.anytemplates
    
    nambhdnlppjkkffhbkgehbgpbagacknf
    
    any-templates.com
Removal instructions for GUPlayer

Metallica posted a topic in Malware Removal Self-Help Guides

What is GUPlayer?The Malwarebytes research team has determined that GUPlayer is a potentially unwanted program (PUP) that behaves like adware. These adware applications display advertisements not originating from the sites you are browsing.How do I know if my computer is affected by GUPlayer?You may see this warning during install:and this entry in your list of installed Programs and Features:This is the main window of the program:How did GUPlayer get on my computer?Adware applications use different methods for distributing themselves. This particular one was installed by a bundler.How do I remove GUPlayer?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of GUPlayer? No, Malwarebytes removes GUPlayer completely. The GUPlayer installer changes many file associations. You may need to change some of them back. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this adware.As you can see below the full version of Malwarebytes would have protected you against the GUPlayer adware. It would have blocked the installer before it became too late. Technical details for expertsPossible signs in FRST logs: C:\Users\{username}\Desktop\GUPlayer.lnk C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer C:\Program Files (x86)\GUPlayer (Display) C:\Users\{username}\Desktop\gusetup_pubg.exe GUPlayer (remove only) (HKCU\...\GUPlayer) (Version: - ) <==== ATTENTION Changes made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\GUPlayer Adds the file avcodec-54.dll"="8/3/2015 4:49 PM, 112640 bytes, A Adds the file avdevice-54.dll"="6/25/2015 1:49 PM, 1189376 bytes, A Adds the file avformat-54.dll"="6/25/2015 1:49 PM, 2951168 bytes, A Adds the file avutil-51.dll"="6/25/2015 1:49 PM, 205312 bytes, A Adds the file GuPlayer.exe"="8/3/2015 4:49 PM, 849408 bytes, A Adds the file GUPlayerUninstaller.exe"="8/10/2015 5:04 PM, 629872 bytes, A Adds the file libfreetype-6.dll"="6/25/2015 1:49 PM, 461824 bytes, A Adds the file libpng15-15.dll"="6/25/2015 1:49 PM, 151552 bytes, A Adds the file postproc-52.dll"="6/25/2015 1:49 PM, 177664 bytes, A Adds the file SDL.dll"="6/25/2015 1:49 PM, 303616 bytes, A Adds the file SDL_image.dll"="6/25/2015 1:49 PM, 51200 bytes, A Adds the file SDL_ttf.dll"="6/25/2015 1:49 PM, 27136 bytes, A Adds the file swresample-0.dll"="6/25/2015 1:49 PM, 109568 bytes, A Adds the file swscale-2.dll"="6/25/2015 1:49 PM, 341504 bytes, A Adds the file Uninstaller.exe"="8/3/2015 4:49 PM, 48486 bytes, A Adds the file zlib1.dll"="6/25/2015 1:49 PM, 100352 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer Adds the file GUPlayer.lnk"="11/30/2018 8:45 AM, 1921 bytes, A Adds the file Uninstall GUPlayer.lnk"="11/30/2018 8:45 AM, 1998 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file GUPlayer.lnk"="11/30/2018 8:45 AM, 1007 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{C8FEE454-D942-476B-B81A-7ED19DBB9323}] [HKEY_CURRENT_USER\Software\Classes\.3g2] "(Default)"="REG_SZ"", "3G2_File" [HKEY_CURRENT_USER\Software\Classes\.3gp] "(Default)"="REG_SZ"", "3GP_File" [HKEY_CURRENT_USER\Software\Classes\.a52] "(Default)"="REG_SZ"", "A52_File" [HKEY_CURRENT_USER\Software\Classes\.aac] "(Default)"="REG_SZ"", "AAC_File" [HKEY_CURRENT_USER\Software\Classes\.ac3] "(Default)"="REG_SZ"", "AC3_File" [HKEY_CURRENT_USER\Software\Classes\.asf] "(Default)"="REG_SZ"", "ASF_File" [HKEY_CURRENT_USER\Software\Classes\.avi] "(Default)"="REG_SZ"", "AVI_File" [HKEY_CURRENT_USER\Software\Classes\.divx] "(Default)"="REG_SZ"", "DIVX_File" [HKEY_CURRENT_USER\Software\Classes\.dts] "(Default)"="REG_SZ"", "DTS_File" [HKEY_CURRENT_USER\Software\Classes\.dv] "(Default)"="REG_SZ"", "DV_File" [HKEY_CURRENT_USER\Software\Classes\.flac] "(Default)"="REG_SZ"", "FLAC_File" [HKEY_CURRENT_USER\Software\Classes\.flv] "(Default)"="REG_SZ"", "FLV_File" [HKEY_CURRENT_USER\Software\Classes\.gxf] "(Default)"="REG_SZ"", "GXF_File" [HKEY_CURRENT_USER\Software\Classes\.m1v] "(Default)"="REG_SZ"", "M1V_File" [HKEY_CURRENT_USER\Software\Classes\.m2ts] "(Default)"="REG_SZ"", "M2TS_File" [HKEY_CURRENT_USER\Software\Classes\.m2v] "(Default)"="REG_SZ"", "M2V_File" [HKEY_CURRENT_USER\Software\Classes\.m4a] "(Default)"="REG_SZ"", "M4A_File" [HKEY_CURRENT_USER\Software\Classes\.m4p] "(Default)"="REG_SZ"", "M4P_File" [HKEY_CURRENT_USER\Software\Classes\.m4v] "(Default)"="REG_SZ"", "M4VS_File" [HKEY_CURRENT_USER\Software\Classes\.mka] "(Default)"="REG_SZ"", "MKA_File" [HKEY_CURRENT_USER\Software\Classes\.mkv] "(Default)"="REG_SZ"", "MKV_File" [HKEY_CURRENT_USER\Software\Classes\.mod] "(Default)"="REG_SZ"", "MOD_File" [HKEY_CURRENT_USER\Software\Classes\.mov] "(Default)"="REG_SZ"", "MOV_File" [HKEY_CURRENT_USER\Software\Classes\.mp1] "(Default)"="REG_SZ"", "MP1_File" [HKEY_CURRENT_USER\Software\Classes\.mp2] "(Default)"="REG_SZ"", "MP2_File" [HKEY_CURRENT_USER\Software\Classes\.mp3] "(Default)"="REG_SZ"", "MP3_File" [HKEY_CURRENT_USER\Software\Classes\.mp4] "(Default)"="REG_SZ"", "MP4_File" [HKEY_CURRENT_USER\Software\Classes\.mpeg] "(Default)"="REG_SZ"", "MPEG_File" [HKEY_CURRENT_USER\Software\Classes\.mpeg1] "(Default)"="REG_SZ"", "MPEG1_File" [HKEY_CURRENT_USER\Software\Classes\.mpeg2] "(Default)"="REG_SZ"", "MPEG2_File" [HKEY_CURRENT_USER\Software\Classes\.mpeg4] "(Default)"="REG_SZ"", "MPEG4_File" [HKEY_CURRENT_USER\Software\Classes\.mpg] "(Default)"="REG_SZ"", "MPG_File" [HKEY_CURRENT_USER\Software\Classes\.mts] "(Default)"="REG_SZ"", "MTS_File" [HKEY_CURRENT_USER\Software\Classes\.mxf] "(Default)"="REG_SZ"", "MXF_File" [HKEY_CURRENT_USER\Software\Classes\.nuv] "(Default)"="REG_SZ"", "NUV_File" [HKEY_CURRENT_USER\Software\Classes\.oga] "(Default)" = REG_SZ, "OGA_File" [HKEY_CURRENT_USER\Software\Classes\.ogg] "(Default)" = REG_SZ, "OGG_File" [HKEY_CURRENT_USER\Software\Classes\.ogm] "(Default)"="REG_SZ"", "OGM_File" [HKEY_CURRENT_USER\Software\Classes\.ogv] "(Default)" = REG_SZ, "OGV_File" [HKEY_CURRENT_USER\Software\Classes\.ogx] "(Default)"="REG_SZ"", "OGX_File" [HKEY_CURRENT_USER\Software\Classes\.oma] "(Default)"="REG_SZ"", "OMA_File" [HKEY_CURRENT_USER\Software\Classes\.rm] "(Default)"="REG_SZ"", "RM_File" [HKEY_CURRENT_USER\Software\Classes\.rmvb] "(Default)"="REG_SZ"", "RMVB_File" [HKEY_CURRENT_USER\Software\Classes\.spx] "(Default)"="REG_SZ"", "SPX_File" [HKEY_CURRENT_USER\Software\Classes\.ts] "(Default)"="REG_SZ"", "TS_File" [HKEY_CURRENT_USER\Software\Classes\.vob] "(Default)"="REG_SZ"", "VOB_File" [HKEY_CURRENT_USER\Software\Classes\.wav] "(Default)"="REG_SZ"", "WAV_File" [HKEY_CURRENT_USER\Software\Classes\.wma] "(Default)"="REG_SZ"", "WMA_File" [HKEY_CURRENT_USER\Software\Classes\.wmv] "(Default)"="REG_SZ"", "WMV_File" [HKEY_CURRENT_USER\Software\Classes\.wv] "(Default)"="REG_SZ"", "WV_File" [HKEY_CURRENT_USER\Software\Classes\.xm] "(Default)"="REG_SZ"", "XM_File" [HKEY_CURRENT_USER\Software\Classes\3G2_File] "(Default)"="REG_SZ"", "3G2_File" [HKEY_CURRENT_USER\Software\Classes\3G2_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\3G2_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\3G2_File\shell\edit] "(Default)"="REG_SZ"", "Edit 3G2_File" [HKEY_CURRENT_USER\Software\Classes\3G2_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\3G2_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\3GP_File] "(Default)"="REG_SZ"", "3GP_File" [HKEY_CURRENT_USER\Software\Classes\3GP_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\3GP_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\3GP_File\shell\edit] "(Default)"="REG_SZ"", "Edit 3GP_File" [HKEY_CURRENT_USER\Software\Classes\3GP_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\3GP_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\A52_File] "(Default)"="REG_SZ"", "A52_File" [HKEY_CURRENT_USER\Software\Classes\A52_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\A52_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\A52_File\shell\edit] "(Default)"="REG_SZ"", "Edit A52_File" [HKEY_CURRENT_USER\Software\Classes\A52_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\A52_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\AAC_File] "(Default)"="REG_SZ"", "AAC_File" [HKEY_CURRENT_USER\Software\Classes\AAC_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\AAC_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\AAC_File\shell\edit] "(Default)"="REG_SZ"", "Edit AAC_File" [HKEY_CURRENT_USER\Software\Classes\AAC_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\AAC_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\AC3_File] "(Default)"="REG_SZ"", "AC3_File" [HKEY_CURRENT_USER\Software\Classes\AC3_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\AC3_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\AC3_File\shell\edit] "(Default)"="REG_SZ"", "Edit AC3_File" [HKEY_CURRENT_USER\Software\Classes\AC3_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\AC3_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\ASF_File] "(Default)"="REG_SZ"", "ASF_File" [HKEY_CURRENT_USER\Software\Classes\ASF_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\ASF_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\ASF_File\shell\edit] "(Default)"="REG_SZ"", "Edit ASF_File" [HKEY_CURRENT_USER\Software\Classes\ASF_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\ASF_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\AVI_File] "(Default)"="REG_SZ"", "AVI_File" [HKEY_CURRENT_USER\Software\Classes\AVI_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\AVI_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\AVI_File\shell\edit] "(Default)"="REG_SZ"", "Edit AVI_File" [HKEY_CURRENT_USER\Software\Classes\AVI_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\AVI_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\DIVX_File] "(Default)"="REG_SZ"", "DIVX_File" [HKEY_CURRENT_USER\Software\Classes\DIVX_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\DIVX_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\DIVX_File\shell\edit] "(Default)"="REG_SZ"", "Edit DIVX_File" [HKEY_CURRENT_USER\Software\Classes\DIVX_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\DIVX_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\DTS_File] "(Default)"="REG_SZ"", "DTS_File" [HKEY_CURRENT_USER\Software\Classes\DTS_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\DTS_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\DTS_File\shell\edit] "(Default)"="REG_SZ"", "Edit DTS_File" [HKEY_CURRENT_USER\Software\Classes\DTS_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\DTS_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\DV_File] "(Default)"="REG_SZ"", "DV_File" [HKEY_CURRENT_USER\Software\Classes\DV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\DV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\DV_File\shell\edit] "(Default)"="REG_SZ"", "Edit DV_File" [HKEY_CURRENT_USER\Software\Classes\DV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\DV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\FLAC_File] "(Default)"="REG_SZ"", "FLAC_File" [HKEY_CURRENT_USER\Software\Classes\FLAC_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\FLAC_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\FLAC_File\shell\edit] "(Default)"="REG_SZ"", "Edit FLAC_File" [HKEY_CURRENT_USER\Software\Classes\FLAC_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\FLAC_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\FLV_File] "(Default)"="REG_SZ"", "FLV_File" [HKEY_CURRENT_USER\Software\Classes\FLV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\FLV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\FLV_File\shell\edit] "(Default)"="REG_SZ"", "Edit FLV_File" [HKEY_CURRENT_USER\Software\Classes\FLV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\FLV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\GXF_File] "(Default)"="REG_SZ"", "GXF_File" [HKEY_CURRENT_USER\Software\Classes\GXF_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\GXF_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\GXF_File\shell\edit] "(Default)"="REG_SZ"", "Edit GXF_File" [HKEY_CURRENT_USER\Software\Classes\GXF_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\GXF_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M1V_File] "(Default)"="REG_SZ"", "M1V_File" [HKEY_CURRENT_USER\Software\Classes\M1V_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\M1V_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\M1V_File\shell\edit] "(Default)"="REG_SZ"", "Edit M1V_File" [HKEY_CURRENT_USER\Software\Classes\M1V_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M1V_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M2TS_File] "(Default)"="REG_SZ"", "M2TS_File" [HKEY_CURRENT_USER\Software\Classes\M2TS_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\M2TS_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\M2TS_File\shell\edit] "(Default)"="REG_SZ"", "Edit M2TS_File" [HKEY_CURRENT_USER\Software\Classes\M2TS_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M2TS_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M2V_File] "(Default)"="REG_SZ"", "M2V_File" [HKEY_CURRENT_USER\Software\Classes\M2V_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\M2V_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\M2V_File\shell\edit] "(Default)"="REG_SZ"", "Edit M2V_File" [HKEY_CURRENT_USER\Software\Classes\M2V_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M2V_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M4A_File] "(Default)"="REG_SZ"", "M4A_File" [HKEY_CURRENT_USER\Software\Classes\M4A_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\M4A_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\M4A_File\shell\edit] "(Default)"="REG_SZ"", "Edit M4A_File" [HKEY_CURRENT_USER\Software\Classes\M4A_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M4A_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M4P_File] "(Default)"="REG_SZ"", "M4P_File" [HKEY_CURRENT_USER\Software\Classes\M4P_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\M4P_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\M4P_File\shell\edit] "(Default)"="REG_SZ"", "Edit M4P_File" [HKEY_CURRENT_USER\Software\Classes\M4P_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M4P_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M4VS_File] "(Default)"="REG_SZ"", "M4VS_File" [HKEY_CURRENT_USER\Software\Classes\M4VS_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\M4VS_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\M4VS_File\shell\edit] "(Default)"="REG_SZ"", "Edit M4VS_File" [HKEY_CURRENT_USER\Software\Classes\M4VS_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\M4VS_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MKA_File] "(Default)"="REG_SZ"", "MKA_File" [HKEY_CURRENT_USER\Software\Classes\MKA_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MKA_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MKA_File\shell\edit] "(Default)"="REG_SZ"", "Edit MKA_File" [HKEY_CURRENT_USER\Software\Classes\MKA_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MKA_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MKV_File] "(Default)"="REG_SZ"", "MKV_File" [HKEY_CURRENT_USER\Software\Classes\MKV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MKV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MKV_File\shell\edit] "(Default)"="REG_SZ"", "Edit MKV_File" [HKEY_CURRENT_USER\Software\Classes\MKV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MKV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MOD_File] "(Default)"="REG_SZ"", "MOD_File" [HKEY_CURRENT_USER\Software\Classes\MOD_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MOD_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MOD_File\shell\edit] "(Default)"="REG_SZ"", "Edit MOD_File" [HKEY_CURRENT_USER\Software\Classes\MOD_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MOD_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MOV_File] "(Default)"="REG_SZ"", "MOV_File" [HKEY_CURRENT_USER\Software\Classes\MOV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MOV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MOV_File\shell\edit] "(Default)"="REG_SZ"", "Edit MOV_File" [HKEY_CURRENT_USER\Software\Classes\MOV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MOV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP1_File] "(Default)"="REG_SZ"", "MP1_File" [HKEY_CURRENT_USER\Software\Classes\MP1_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MP1_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MP1_File\shell\edit] "(Default)"="REG_SZ"", "Edit MP1_File" [HKEY_CURRENT_USER\Software\Classes\MP1_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP1_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP2_File] "(Default)"="REG_SZ"", "MP2_File" [HKEY_CURRENT_USER\Software\Classes\MP2_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MP2_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MP2_File\shell\edit] "(Default)"="REG_SZ"", "Edit MP2_File" [HKEY_CURRENT_USER\Software\Classes\MP2_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP2_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP3_File] "(Default)"="REG_SZ"", "MP3_File" [HKEY_CURRENT_USER\Software\Classes\MP3_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MP3_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MP3_File\shell\edit] "(Default)"="REG_SZ"", "Edit MP3_File" [HKEY_CURRENT_USER\Software\Classes\MP3_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP3_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP4_File] "(Default)"="REG_SZ"", "MP4_File" [HKEY_CURRENT_USER\Software\Classes\MP4_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MP4_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MP4_File\shell\edit] "(Default)"="REG_SZ"", "Edit MP4_File" [HKEY_CURRENT_USER\Software\Classes\MP4_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MP4_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG_File] "(Default)"="REG_SZ"", "MPEG_File" [HKEY_CURRENT_USER\Software\Classes\MPEG_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MPEG_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MPEG_File\shell\edit] "(Default)"="REG_SZ"", "Edit MPEG_File" [HKEY_CURRENT_USER\Software\Classes\MPEG_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG1_File] "(Default)"="REG_SZ"", "MPEG1_File" [HKEY_CURRENT_USER\Software\Classes\MPEG1_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MPEG1_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MPEG1_File\shell\edit] "(Default)"="REG_SZ"", "Edit MPEG1_File" [HKEY_CURRENT_USER\Software\Classes\MPEG1_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG1_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG2_File] "(Default)"="REG_SZ"", "MPEG2_File" [HKEY_CURRENT_USER\Software\Classes\MPEG2_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MPEG2_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MPEG2_File\shell\edit] "(Default)"="REG_SZ"", "Edit MPEG2_File" [HKEY_CURRENT_USER\Software\Classes\MPEG2_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG2_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG4_File] "(Default)"="REG_SZ"", "MPEG4_File" [HKEY_CURRENT_USER\Software\Classes\MPEG4_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MPEG4_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MPEG4_File\shell\edit] "(Default)"="REG_SZ"", "Edit MPEG4_File" [HKEY_CURRENT_USER\Software\Classes\MPEG4_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPEG4_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPG_File] "(Default)"="REG_SZ"", "MPG_File" [HKEY_CURRENT_USER\Software\Classes\MPG_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MPG_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MPG_File\shell\edit] "(Default)"="REG_SZ"", "Edit MPG_File" [HKEY_CURRENT_USER\Software\Classes\MPG_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MPG_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MTS_File] "(Default)"="REG_SZ"", "MTS_File" [HKEY_CURRENT_USER\Software\Classes\MTS_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MTS_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MTS_File\shell\edit] "(Default)"="REG_SZ"", "Edit MTS_File" [HKEY_CURRENT_USER\Software\Classes\MTS_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MTS_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MXF_File] "(Default)"="REG_SZ"", "MXF_File" [HKEY_CURRENT_USER\Software\Classes\MXF_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\MXF_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\MXF_File\shell\edit] "(Default)"="REG_SZ"", "Edit MXF_File" [HKEY_CURRENT_USER\Software\Classes\MXF_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\MXF_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\NUV_File] "(Default)"="REG_SZ"", "NUV_File" [HKEY_CURRENT_USER\Software\Classes\NUV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\NUV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\NUV_File\shell\edit] "(Default)"="REG_SZ"", "Edit NUV_File" [HKEY_CURRENT_USER\Software\Classes\NUV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\NUV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGA_File] "(Default)"="REG_SZ"", "OGA_File" [HKEY_CURRENT_USER\Software\Classes\OGA_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\OGA_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\OGA_File\shell\edit] "(Default)"="REG_SZ"", "Edit OGA_File" [HKEY_CURRENT_USER\Software\Classes\OGA_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGA_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGG_File] "(Default)"="REG_SZ"", "OGG_File" [HKEY_CURRENT_USER\Software\Classes\OGG_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\OGG_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\OGG_File\shell\edit] "(Default)"="REG_SZ"", "Edit OGG_File" [HKEY_CURRENT_USER\Software\Classes\OGG_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGG_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGM_File] "(Default)"="REG_SZ"", "OGM_File" [HKEY_CURRENT_USER\Software\Classes\OGM_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\OGM_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\OGM_File\shell\edit] "(Default)"="REG_SZ"", "Edit OGM_File" [HKEY_CURRENT_USER\Software\Classes\OGM_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGM_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGV_File] "(Default)"="REG_SZ"", "OGV_File" [HKEY_CURRENT_USER\Software\Classes\OGV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\OGV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\OGV_File\shell\edit] "(Default)"="REG_SZ"", "Edit OGV_File" [HKEY_CURRENT_USER\Software\Classes\OGV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGX_File] "(Default)"="REG_SZ"", "OGX_File" [HKEY_CURRENT_USER\Software\Classes\OGX_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\OGX_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\OGX_File\shell\edit] "(Default)"="REG_SZ"", "Edit OGX_File" [HKEY_CURRENT_USER\Software\Classes\OGX_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OGX_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OMA_File] "(Default)"="REG_SZ"", "OMA_File" [HKEY_CURRENT_USER\Software\Classes\OMA_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\OMA_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\OMA_File\shell\edit] "(Default)"="REG_SZ"", "Edit OMA_File" [HKEY_CURRENT_USER\Software\Classes\OMA_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\OMA_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\RM_File] "(Default)"="REG_SZ"", "RM_File" [HKEY_CURRENT_USER\Software\Classes\RM_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\RM_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\RM_File\shell\edit] "(Default)"="REG_SZ"", "Edit RM_File" [HKEY_CURRENT_USER\Software\Classes\RM_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\RM_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\RMVB_File] "(Default)"="REG_SZ"", "RMVB_File" [HKEY_CURRENT_USER\Software\Classes\RMVB_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\RMVB_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\RMVB_File\shell\edit] "(Default)"="REG_SZ"", "Edit RMVB_File" [HKEY_CURRENT_USER\Software\Classes\RMVB_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\RMVB_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\SPX_File] "(Default)"="REG_SZ"", "SPX_File" [HKEY_CURRENT_USER\Software\Classes\SPX_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\SPX_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\SPX_File\shell\edit] "(Default)"="REG_SZ"", "Edit SPX_File" [HKEY_CURRENT_USER\Software\Classes\SPX_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\SPX_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\TS_File] "(Default)"="REG_SZ"", "TS_File" [HKEY_CURRENT_USER\Software\Classes\TS_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\TS_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\TS_File\shell\edit] "(Default)"="REG_SZ"", "Edit TS_File" [HKEY_CURRENT_USER\Software\Classes\TS_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\TS_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\VOB_File] "(Default)"="REG_SZ"", "VOB_File" [HKEY_CURRENT_USER\Software\Classes\VOB_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\VOB_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\VOB_File\shell\edit] "(Default)"="REG_SZ"", "Edit VOB_File" [HKEY_CURRENT_USER\Software\Classes\VOB_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\VOB_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WAV_File] "(Default)"="REG_SZ"", "WAV_File" [HKEY_CURRENT_USER\Software\Classes\WAV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\WAV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\WAV_File\shell\edit] "(Default)"="REG_SZ"", "Edit WAV_File" [HKEY_CURRENT_USER\Software\Classes\WAV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WAV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WMA_File] "(Default)"="REG_SZ"", "WMA_File" [HKEY_CURRENT_USER\Software\Classes\WMA_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\WMA_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\WMA_File\shell\edit] "(Default)"="REG_SZ"", "Edit WMA_File" [HKEY_CURRENT_USER\Software\Classes\WMA_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WMA_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WMV_File] "(Default)"="REG_SZ"", "WMV_File" [HKEY_CURRENT_USER\Software\Classes\WMV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\WMV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\WMV_File\shell\edit] "(Default)"="REG_SZ"", "Edit WMV_File" [HKEY_CURRENT_USER\Software\Classes\WMV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WMV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WV_File] "(Default)"="REG_SZ"", "WV_File" [HKEY_CURRENT_USER\Software\Classes\WV_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\WV_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\WV_File\shell\edit] "(Default)"="REG_SZ"", "Edit WV_File" [HKEY_CURRENT_USER\Software\Classes\WV_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\WV_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\XM_File] "(Default)"="REG_SZ"", "XM_File" [HKEY_CURRENT_USER\Software\Classes\XM_File\DefaultIcon] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe,0" [HKEY_CURRENT_USER\Software\Classes\XM_File\shell] "(Default)"="REG_SZ"", "open" [HKEY_CURRENT_USER\Software\Classes\XM_File\shell\edit] "(Default)"="REG_SZ"", "Edit XM_File" [HKEY_CURRENT_USER\Software\Classes\XM_File\shell\edit\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Classes\XM_File\shell\open\command] "(Default)"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayer.exe "%1"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer] "DisplayName"="REG_SZ"", "GUPlayer (remove only)" "ParamID"="REG_SZ"", "param={"id":"NONE","date":"2018-11-30 08:44:24"}" "UninstallString"="REG_SZ"", "C:\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/30/18 Scan Time: 8:56 AM Log File: 608cd19c-f475-11e8-9d9f-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8097 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237767 Threats Detected: 23 Threats Quarantined: 23 Time Elapsed: 3 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.GUPlayer, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GUPlayer, Quarantined, [2986], [177527],1.0.8097 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.GUPlayer, C:\PROGRAM FILES (X86)\GUPLAYER, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\USERS\{username}\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GUPLAYER, Quarantined, [2986], [177529],1.0.8097 File: 20 PUP.Optional.GUPlayer, C:\USERS\{username}\DESKTOP\GUPLAYER.LNK, Quarantined, [2986], [238928],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avcodec-54.dll_2, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avdevice-54.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avformat-54.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\avutil-51.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\GuPlayer.exe, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\libfreetype-6.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\libpng15-15.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\postproc-52.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\SDL.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\SDL_image.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\SDL_ttf.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\swresample-0.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\swscale-2.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\Uninstaller.exe, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Program Files (x86)\GUPlayer\zlib1.dll, Quarantined, [2986], [177527],1.0.8097 PUP.Optional.GUPlayer, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\GUPlayer.lnk, Quarantined, [2986], [177529],1.0.8097 PUP.Optional.GUPlayer, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\Uninstall GUPlayer.lnk, Quarantined, [2986], [177529],1.0.8097 PUP.Optional.Unizeto, C:\USERS\{username}\DESKTOP\GUSETUP_PUBG.EXE, Quarantined, [443], [144703],1.0.8097 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- November 30
- - pup.optional.guplayer
  - pup.optional.unizeto
Removal instructions for Screen Addict

Metallica posted a topic in Malware Removal Self-Help Guides

What is Screen Addict?The Malwarebytes research team has determined that Screen Addict is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.Screen Addict is a member of the TheWhizProducts family also known as APN, LLC. applications.How do I know if my computer is affected by Screen Addict?You may see these browser extensions/add-ons:these warnings during install:and this newtab-page in the affected browsers:How did Screen Addict get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension from the webstore:How do I remove Screen Addict?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Screen Addict? No, Malwarebytes' Anti-Malware removes Screen Addict completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Screen Addict hijacker. It would have blocked their domain: Technical details for expertsPossible signs in a FRST log: FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_oiMembers_@screenaddict.thewhizproducts.com.xpi [2018-11-29] CHR Extension: (Screen Addict) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia [2018-11-29] Changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0 Adds the file manifest.json"="11/29/2018 9:04 AM, 2394 bytes, A Adds the file newtabproduct.html"="10/17/2018 7:26 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en Adds the file messages.json"="11/29/2018 9:04 AM, 222 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata Adds the file computed_hashes.json"="11/29/2018 9:04 AM, 4560 bytes, A Adds the file verified_contents.json"="10/17/2018 7:26 PM, 5403 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config Adds the file config.json"="10/17/2018 7:26 PM, 1993 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons Adds the file icon128.png"="11/29/2018 9:04 AM, 2296 bytes, A Adds the file icon16.png"="10/17/2018 7:26 PM, 252 bytes, A Adds the file icon19disabled.png"="10/17/2018 7:26 PM, 318 bytes, A Adds the file icon19on.png"="11/29/2018 9:04 AM, 387 bytes, A Adds the file icon48.png"="11/29/2018 9:04 AM, 1033 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js Adds the file ajax.js"="10/17/2018 7:26 PM, 2218 bytes, A Adds the file b2b-partner-tracking.js"="10/17/2018 7:26 PM, 11186 bytes, A Adds the file background.js"="10/17/2018 7:26 PM, 21476 bytes, A Adds the file browserUtils.js"="10/17/2018 7:26 PM, 912 bytes, A Adds the file chrome.js"="10/17/2018 7:26 PM, 146 bytes, A Adds the file content_script.js"="10/17/2018 7:26 PM, 2151 bytes, A Adds the file dlp.js"="10/17/2018 7:26 PM, 5659 bytes, A Adds the file dlpHelper.js"="10/17/2018 7:26 PM, 1799 bytes, A Adds the file extension_detect.js"="10/17/2018 7:26 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="10/17/2018 7:26 PM, 2855 bytes, A Adds the file index.js"="10/17/2018 7:26 PM, 49 bytes, A Adds the file initOfferCEF.js"="10/17/2018 7:26 PM, 8802 bytes, A Adds the file logger.js"="10/17/2018 7:26 PM, 541 bytes, A Adds the file offerService.js"="10/17/2018 7:26 PM, 10325 bytes, A Adds the file pageUtils.js"="10/17/2018 7:26 PM, 2805 bytes, A Adds the file PartnerId.js"="10/17/2018 7:26 PM, 16402 bytes, A Adds the file product.js"="10/17/2018 7:26 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="10/17/2018 7:26 PM, 2868 bytes, A Adds the file storage.js"="10/17/2018 7:26 PM, 1640 bytes, A Adds the file TabManager.js"="10/17/2018 7:26 PM, 151 bytes, A Adds the file TemplateParser.js"="10/17/2018 7:26 PM, 3038 bytes, A Adds the file ul.js"="10/17/2018 7:26 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="10/17/2018 7:26 PM, 1825 bytes, A Adds the file urlUtils.js"="10/17/2018 7:26 PM, 5349 bytes, A Adds the file util.js"="10/17/2018 7:26 PM, 3004 bytes, A Adds the file webtooltabAPI.js"="10/17/2018 7:26 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="10/17/2018 7:26 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia Adds the file 000003.log"="11/29/2018 9:06 AM, 2010 bytes, A Adds the file CURRENT"="11/29/2018 9:04 AM, 16 bytes, A Adds the file LOCK"="11/29/2018 9:04 AM, 0 bytes, A Adds the file LOG"="11/29/2018 9:06 AM, 412 bytes, A Adds the file LOG.old"="11/29/2018 9:04 AM, 185 bytes, A Adds the file MANIFEST-000001"="11/29/2018 9:04 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com Adds the file storage.js"="11/29/2018 9:00 AM, 2691 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _oiMembers_@screenaddict.thewhizproducts.com.xpi"="11/29/2018 9:00 AM, 45246 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "lbclmokcohjnkfgopmmcjeijpfheafia"="REG_SZ", "D2D2EFB0AF5A0714C55F472F4E0F839EB9B619DFCA73C667C0DF09E1952CA5B7" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/29/18 Scan Time: 9:10 AM Log File: 428f58bd-f3ae-11e8-ad63-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8075 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237600 Threats Detected: 59 Threats Quarantined: 59 Time Elapsed: 3 min, 1 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.MySearch.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 10 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_oiMembers_@screenaddict.thewhizproducts.com, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA, Quarantined, [1860], [443097],1.0.8075 File: 48 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_oiMembers_@screenaddict.thewhizproducts.com.xpi, Quarantined, [1714], [457930],1.0.8075 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_oiMembers_@screenaddict.thewhizproducts.com\storage.js, Quarantined, [1714], [468075],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\000003.log, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\CURRENT, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOCK, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\LOG.old, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lbclmokcohjnkfgopmmcjeijpfheafia\MANIFEST-000001, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\LBCLMOKCOHJNKFGOPMMCJEIJPFHEAFIA\13.817.14.14900_0\MANIFEST.JSON, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\config\config.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon128.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon16.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19disabled.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon19on.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\icons\icon48.png, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\initOfferCEF.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ajax.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\b2b-partner-tracking.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\background.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\browserUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\chrome.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\content_script.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlp.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\dlpHelper.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\extension_detect.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\genericLoadRemoteSettings.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\index.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\logger.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\offerService.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\pageUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\PartnerId.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\product.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\splashPageRedirectHandler.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\storage.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TabManager.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\TemplateParser.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\ul.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlFragmentActions.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\urlUtils.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\util.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webtooltabAPI.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\js\webTooltabAPIProxy.js, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_locales\en\messages.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\computed_hashes.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\_metadata\verified_contents.json, Quarantined, [1860], [443097],1.0.8075 PUP.Optional.MySearch.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbclmokcohjnkfgopmmcjeijpfheafia\13.817.14.14900_0\newtabproduct.html, Quarantined, [1860], [443097],1.0.8075 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- November 29
- - pup.optional.mysearch.generic
  - pup.optional.mindspark.generic
  - (and 2 more)
    Tagged with:
    
    pup.optional.mysearch.generic
    
    pup.optional.mindspark.generic
    
    lbclmokcohjnkfgopmmcjeijpfheafia
    
    _oimembers_@screenaddict.thewhizproducts.com
Removal instructions for Sports Score

Metallica posted a topic in Malware Removal Self-Help Guides

What is Sports Score?The Malwarebytes research team has determined that Sports Score is a search hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.How do I know if my computer is affected by Sports Score?You may see this entry in your list of installed Chrome extensions:and these warnings during install:You will see this icon in your Chrome menu-bar:and this changed setting:How did Sports Score get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from the webstore:after a redirect from their website:How do I remove Sports Score?Our program Malwarebytes can detect and remove this potentially unwanted program. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of Sports Score? No, Malwarebytes removes Sports Score completely. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the Sports Score hijacker. It would have blocked their website, giving you a chance to stop it before it became too late. Technical details for expertsPossible signs in FRST logs: CHR DefaultSearchURL: Default -> hxxps://feed.getsportscore.com?st=ds&q={searchTerms}&publisher=getsportscore&barcodeid=511400000000000 CHR DefaultSearchKeyword: Default -> Sports Score CHR DefaultSuggestURL: Default -> hxxps://suggest.getsportscore.com/suggest/get?q={searchTerms} CHR Extension: (Sports Score) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm [2018-11-28] Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0 Adds the file closer.js"="8/7/2018 11:31 AM, 15 bytes, A Adds the file manifest.json"="11/28/2018 9:04 AM, 2251 bytes, A Adds the file tab.html"="8/7/2018 11:31 AM, 165 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\_metadata Adds the file computed_hashes.json"="11/28/2018 9:04 AM, 1053 bytes, A Adds the file verified_contents.json"="8/16/2018 2:37 PM, 2133 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\images\icons Adds the file 128x128.png"="11/28/2018 9:04 AM, 7918 bytes, A Adds the file 16x16.png"="11/28/2018 9:04 AM, 664 bytes, A Adds the file favicon.ico"="8/7/2018 11:31 AM, 15086 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\scripts Adds the file background.js"="8/16/2018 4:04 PM, 30389 bytes, A Adds the file sitecontent.js"="8/7/2018 11:31 AM, 77 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_hmgegipiefeecncelckboojhmmheggkm Adds the file Sports Score.ico"="11/28/2018 9:04 AM, 202411 bytes, A Adds the file Sports Score.ico.md5"="11/28/2018 9:04 AM, 16 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "hmgegipiefeecncelckboojhmmheggkm"="REG_SZ", "E3E7D6B735371C11026FAFF7B1563FD6AC508DC985E8D4167696A0C9AA862D22" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/28/18 Scan Time: 9:15 AM Log File: d677b70a-f2e5-11e8-bffe-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8053 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237552 Threats Detected: 19 Threats Quarantined: 19 Time Elapsed: 2 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 PUP.Optional.SportsScore, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hmgegipiefeecncelckboojhmmheggkm, Quarantined, [2392], [536542],1.0.8053 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\images\icons, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\_metadata, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\scripts, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\images, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HMGEGIPIEFEECNCELCKBOOJHMMHEGGKM, Quarantined, [2392], [536542],1.0.8053 File: 12 PUP.Optional.SportsScore, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HMGEGIPIEFEECNCELCKBOOJHMMHEGGKM\3.3.3_0\MANIFEST.JSON, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\images\icons\128x128.png, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\images\icons\16x16.png, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\images\icons\favicon.ico, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\scripts\background.js, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\scripts\sitecontent.js, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\_metadata\computed_hashes.json, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\_metadata\verified_contents.json, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\closer.js, Quarantined, [2392], [536542],1.0.8053 PUP.Optional.SportsScore, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgegipiefeecncelckboojhmmheggkm\3.3.3_0\tab.html, Quarantined, [2392], [536542],1.0.8053 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- November 28
- - pup.optional.sportsscore
  - hmgegipiefeecncelckboojhmmheggkm
  - (and 1 more)
    Tagged with:
    
    pup.optional.sportsscore
    
    hmgegipiefeecncelckboojhmmheggkm
    
    getsportscore.com
Removal instructions for UltraHeal PC Security

Metallica posted a topic in Malware Removal Self-Help Guides

What is UltraHeal PC Security?The Malwarebytes research team has determined that UltraHeal PC Security is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.More information can be found on our Malwarebytes Labs blog.How do I know if I am infected with UltraHeal PC Security?This is how the main screen of the system optimizer looks:You will find these icons in your taskbar, your startmenu, and on your desktop:and see these warnings during install:and these screens during "operations":You may see this entry in your list of installed programs:and this task in your list of Scheduled Tasks:How did UltraHeal PC Security get on my computer?These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:How do I remove UltraHeal PC Security?Our program Malwarebytes can detect and remove this potentially unwanted application. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of UltraHeal PC Security? No, Malwarebytes removes UltraHeal PC Security completely. This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this system optimizer.As you can see below the full version of Malwarebytes would have protected you against the UltraHeal PC Security installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late. and we block access to their domain.Technical details for expertsYou may see these entries in FRST logs: () C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.exe C:\Windows\System32\Tasks\uhpcslaunch_onstartup C:\Users\Public\Desktop\Ultraheal PC Security.lnk C:\ProgramData\Ultraheal PC Security C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultraheal PC Security C:\Program Files (x86)\Ultraheal PC Security Ultraheal PC Security version 6.0 (HKLM-x32\...\{9406DF9F-E9C8-4C2E-AB48-80352BDF1239}_is1) (Version: 6.0 - uhpcslaunch) Task: {2526218A-76AA-4CB7-B763-32C8E4260615} - System32\Tasks\uhpcslaunch_onstartup => C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.exe [2018-03-21] () Alterations made by the installer: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Ultraheal PC Security Adds the file favicon.ico"="3/16/2016 6:26 PM, 99678 bytes, A Adds the file Ionic.Zip.dll"="1/8/2014 7:31 AM, 315392 bytes, A Adds the file Logfile.txt"="3/16/2018 7:04 PM, 220 bytes, A Adds the file Microsoft.Win32.TaskScheduler.dll"="6/3/2014 2:08 AM, 171008 bytes, A Adds the file Newtonsoft.Json.dll"="9/15/2015 8:14 PM, 510976 bytes, A Adds the file NUnrar.dll"="9/23/2014 9:35 PM, 142336 bytes, A Adds the file pchelpers.dll"="2/16/2018 6:13 PM, 20456 bytes, A Adds the file System.Data.SQLite.dll"="6/17/2015 2:17 PM, 280576 bytes, A Adds the file System.Data.SQLite.Linq.dll"="6/17/2015 2:17 PM, 185344 bytes, A Adds the file uhpcslaunch.exe"="3/21/2018 2:15 PM, 4077544 bytes, A Adds the file uhpcslaunch.exe.config"="2/8/2018 7:17 PM, 7449 bytes, A Adds the file uhpcslaunch.pdb"="3/21/2018 2:15 PM, 1211904 bytes, A Adds the file uhpcslaunch.vshost.exe"="3/21/2018 12:17 PM, 22472 bytes, A Adds the file uhpcslaunch.vshost.exe.config"="2/8/2018 7:17 PM, 7449 bytes, A Adds the file uhpcslaunch.vshost.exe.manifest"="3/21/2018 12:09 PM, 2670 bytes, A Adds the file uhpcspopup.exe"="2/16/2018 2:48 PM, 394728 bytes, A Adds the file uhpcsuninstaller.exe"="2/16/2018 2:47 PM, 353256 bytes, A Adds the file unins000.dat"="11/27/2018 9:10 AM, 30025 bytes, A Adds the file unins000.exe"="11/27/2018 9:09 AM, 809616 bytes, A Adds the file unins000.msg"="11/27/2018 9:10 AM, 11397 bytes, A Adds the file web_reference.dll"="11/28/2016 6:29 PM, 111104 bytes, A Adds the file web_reference.pdb"="11/28/2016 6:29 PM, 232960 bytes, A Adds the file WpfAnimatedGif.dll"="8/7/2013 12:30 PM, 28160 bytes, A Adds the file WpfPageTransitions.dll"="8/29/2014 6:24 PM, 19456 bytes, A Adds the file WPFToolkit.dll"="3/2/2010 12:09 PM, 467288 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\db Adds the folder C:\Program Files (x86)\Ultraheal PC Security\de Adds the file uhpcslaunch.resources.dll"="3/21/2018 2:15 PM, 41984 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\en Adds the file uhpcslaunch.resources.dll"="3/21/2018 2:15 PM, 39424 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\fr Adds the file uhpcslaunch.resources.dll"="3/21/2018 2:15 PM, 43520 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\ja Adds the file uhpcslaunch.resources.dll"="3/21/2018 2:15 PM, 46592 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\Sounds Adds the file popupp.wav"="9/20/2014 9:58 PM, 355456 bytes, A Adds the file scan_completed.wav"="9/20/2014 10:30 PM, 103760 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\x64 Adds the file SQLite.Interop.dll"="6/17/2015 2:17 PM, 1205248 bytes, A Adds the folder C:\Program Files (x86)\Ultraheal PC Security\x86 Adds the file SQLite.Interop.dll"="6/17/2015 2:17 PM, 1032192 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultraheal PC Security Adds the file Ultraheal PC Security.lnk"="11/27/2018 9:10 AM, 1265 bytes, A Adds the file Uninstall Ultraheal PC Security.lnk"="11/27/2018 9:10 AM, 1250 bytes, A Adds the folder C:\ProgramData\Ultraheal PC Security\db Adds the file BT.jmps"="11/27/2018 9:13 AM, 4853760 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Ultraheal PC Security.lnk"="11/27/2018 9:10 AM, 1247 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file uhpcslaunch_onstartup"="11/27/2018 9:12 AM, 3248 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Ultraheal PC Security] "(Default)"="REG_SZ", "Scan with Ultraheal PC Security" "Icon"="REG_SZ", "C:\Program Files (x86)\Ultraheal PC Security\favicon.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Ultraheal PC Security\command] "(Default)"="REG_SZ", "C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.exe %1" [HKEY_LOCAL_MACHINE\SOFTWARE\Ultraheal\uhpcslaunch] "code"="REG_SZ", "U3oiUg0kJ0ryVZUTX06EZg==" "Contact_no"="REG_SZ", "" "culanguage"="REG_SZ", "en" "days"="REG_SZ", "YjQIdoBJb4fNEWPtUHn2AA==" "demoscan"="REG_SZ", "0" "email"="REG_SZ", "" "Expired"="REG_SZ", "a4ojC7Q1G7b0JdZj2fkI52KrHzkn6k3HGjpmt9c0NLw=" "Name"="REG_SZ", "" "signupdate"="REG_SZ", "1" "startscan"="REG_SZ", "11/26/2018 9:12:07 AM" "Type"="REG_SZ", "98yz/bz9VMagRxH74zjhQg==" "updated"="REG_SZ", "a4ojC7Q1G7b0JdZj2fkI52KrHzkn6k3HGjpmt9c0NLw=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9406DF9F-E9C8-4C2E-AB48-80352BDF1239}_is1] "Comments"="REG_SZ", "Ultraheal PC Security" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Ultraheal PC Security\favicon.ico" "DisplayName"="REG_SZ", "Ultraheal PC Security version 6.0" "DisplayVersion"="REG_SZ", "6.0" "EstimatedSize"="REG_DWORD", 16773 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Ultraheal PC Security" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Ultraheal PC Security" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20181127" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Ultraheal PC Security\" "MajorVersion"="REG_DWORD", 6 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "uhpcslaunch" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Ultraheal PC Security\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Ultraheal PC Security\unins000.exe"" Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/27/18 Scan Time: 9:22 AM Log File: 88e92f64-f21d-11e8-afa5-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8037 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237691 Threats Detected: 67 Threats Quarantined: 67 Time Elapsed: 3 min, 32 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.UltrahealPCSecurity.TskLnk, C:\PROGRAM FILES (X86)\Ultraheal PC Security\uhpcslaunch.exe, Quarantined, [5567], [495962],1.0.8037 Module: 2 PUP.Optional.UltrahealPCSecurity.TskLnk, C:\PROGRAM FILES (X86)\Ultraheal PC Security\uhpcslaunch.exe, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\x64\SQLite.Interop.dll, Quarantined, [1571], [495957],1.0.8037 Registry Key: 11 PUP.Optional.UltrahealPCSecurity, HKLM\SOFTWARE\MICROSOFT\TRACING\uhpcslaunch_RASAPI32, Quarantined, [1571], [495964],1.0.8037 PUP.Optional.UltrahealPCSecurity, HKLM\SOFTWARE\MICROSOFT\TRACING\uhpcslaunch_RASMANCS, Quarantined, [1571], [495964],1.0.8037 PUP.Optional.UltrahealPCSecurity, HKLM\SOFTWARE\ULTRAHEAL\uhpcslaunch, Quarantined, [1571], [495965],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\uhpcslaunch_onstartup, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2526218A-76AA-4CB7-B763-32C8E4260615}, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{2526218A-76AA-4CB7-B763-32C8E4260615}, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uhpcslaunch_onstartup, Quarantined, [5567], [-1],0.0.0 PUP.Optional.UltrahealPCSecurity.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2526218A-76AA-4CB7-B763-32C8E4260615}, Quarantined, [5567], [-1],0.0.0 PUP.Optional.UltrahealPCSecurity.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2526218A-76AA-4CB7-B763-32C8E4260615}, Quarantined, [5567], [-1],0.0.0 PUP.Optional.UltrahealPCSecurity, HKLM\SOFTWARE\CLASSES\FOLDER\SHELL\Ultraheal PC Security, Quarantined, [1571], [495963],1.0.8037 PUP.Optional.UltrahealPCSecurity, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9406DF9F-E9C8-4C2E-AB48-80352BDF1239}_is1, Quarantined, [1571], [495966],1.0.8037 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 12 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Sounds, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\x64, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\x86, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\db, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\de, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\en, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\fr, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\ja, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\PROGRAM FILES (X86)\Ultraheal PC Security, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Ultraheal PC Security, Quarantined, [1571], [495958],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\ProgramData\Ultraheal PC Security\db, Quarantined, [1571], [495959],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\PROGRAMDATA\Ultraheal PC Security, Quarantined, [1571], [495959],1.0.8037 File: 41 PUP.Optional.UltrahealPCSecurity, C:\USERS\PUBLIC\DESKTOP\Ultraheal PC Security.lnk, Quarantined, [1571], [495960],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\uhpcslaunch_onstartup, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Ultraheal PC Security.lnk, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, C:\PROGRAM FILES (X86)\Ultraheal PC Security\uhpcslaunch.exe, Quarantined, [5567], [495962],1.0.8037 PUP.Optional.UltrahealPCSecurity.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\uhpcslaunch_onstartup, Quarantined, [5567], [-1],0.0.0 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\de\uhpcslaunch.resources.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\en\uhpcslaunch.resources.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\fr\uhpcslaunch.resources.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\ja\uhpcslaunch.resources.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Sounds\popupp.wav, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Sounds\scan_completed.wav, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\x64\SQLite.Interop.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\x86\SQLite.Interop.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.vshost.exe, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\favicon.ico, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Ionic.Zip.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Logfile.txt, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Microsoft.Win32.TaskScheduler.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\Newtonsoft.Json.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\NUnrar.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\pchelpers.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\System.Data.SQLite.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\System.Data.SQLite.Linq.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.exe.config, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.pdb, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.vshost.exe.config, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcslaunch.vshost.exe.manifest, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcspopup.exe, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\uhpcsuninstaller.exe, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\unins000.dat, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\unins000.exe, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\unins000.msg, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\web_reference.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\web_reference.pdb, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\WpfAnimatedGif.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\WpfPageTransitions.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\Program Files (x86)\Ultraheal PC Security\WPFToolkit.dll, Quarantined, [1571], [495957],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultraheal PC Security\Ultraheal PC Security.lnk, Quarantined, [1571], [495958],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultraheal PC Security\Uninstall Ultraheal PC Security.lnk, Quarantined, [1571], [495958],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\ProgramData\Ultraheal PC Security\db\BT.jmps, Quarantined, [1571], [495959],1.0.8037 PUP.Optional.UltrahealPCSecurity, C:\USERS\{username}\DESKTOP\ULTRAPCSETUP.EXE, Quarantined, [1571], [495956],1.0.8037 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- November 27
- - pup.optional.ultrahealpcsecurity
  - longrun
  - (and 1 more)
    Tagged with:
    
    pup.optional.ultrahealpcsecurity
    
    longrun
    
    ultraheal.com
Removal instructions for CalendarSpark

Metallica posted a topic in Malware Removal Self-Help Guides

What is CalendarSpark?The Malwarebytes research team has determined that CalendarSpark is a browser NewTab. These so-called "NewTabs" can manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.CalendarSpark is a member of the Mindspark/Ask family now known as IAC Applications.How do I know if my computer is affected by CalendarSpark?You may see these browser extensions/add-ons:these warnings during install:You may see this entry in your list of installed software:and this new homepage/newtabpage in the affected browsers:How did CalendarSpark get on my computer?Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website.and the Chrome extension was available in the webstore:How do I remove CalendarSpark?Our program Malwarebytes can detect and remove this potentially unwanted program.You can use their own uninstall instructions first, but I would advise to follow the steps below anyway. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of CalendarSpark? No, Malwarebytes' Anti-Malware removes CalendarSpark completely. If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this hijacker.As you can see below the full version of Malwarebytes would have protected you against the CalendarSpark hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late. and it blocks traffic to some of their domains.Technical details for expertsPossible signs in a FRST log: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/calendarspark/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid} FF Extension: No Name - C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\Extensions\_h2Members_@free.calendarspark.com.xpi [2018-11-26] CHR Extension: (CalendarSpark) - C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj [2018-11-26] C:\Users\{username}\AppData\Local\CalendarSparkTooltab Significant changes made by the installers: File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Users\{username}\AppData\Local\CalendarSparkTooltab Adds the file TooltabExtension.dll"="5/17/2018 11:17 PM, 273008 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0 Adds the file manifest.json"="11/26/2018 9:10 AM, 2467 bytes, A Adds the file newtabproduct.html"="8/30/2018 5:38 PM, 1210 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata Adds the file computed_hashes.json"="11/26/2018 9:10 AM, 4346 bytes, A Adds the file verified_contents.json"="8/30/2018 5:38 PM, 6299 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\config Adds the file config.json"="8/30/2018 5:38 PM, 1680 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons Adds the file icon128.png"="11/26/2018 9:10 AM, 8445 bytes, A Adds the file icon16.png"="8/30/2018 5:38 PM, 659 bytes, A Adds the file icon19disabled.png"="8/30/2018 5:38 PM, 714 bytes, A Adds the file icon19on.png"="11/26/2018 9:10 AM, 760 bytes, A Adds the file icon48.png"="11/26/2018 9:10 AM, 2783 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js Adds the file ajax.js"="8/30/2018 5:38 PM, 2218 bytes, A Adds the file background.js"="8/30/2018 5:38 PM, 21378 bytes, A Adds the file browserUtils.js"="8/30/2018 5:38 PM, 912 bytes, A Adds the file chrome.js"="8/30/2018 5:38 PM, 146 bytes, A Adds the file content_script.js"="8/30/2018 5:38 PM, 2151 bytes, A Adds the file dlp.js"="8/30/2018 5:38 PM, 5659 bytes, A Adds the file dlpHelper.js"="8/30/2018 5:38 PM, 1799 bytes, A Adds the file extension_detect.js"="8/30/2018 5:38 PM, 4299 bytes, A Adds the file genericLoadRemoteSettings.js"="8/30/2018 5:38 PM, 2855 bytes, A Adds the file index.js"="8/30/2018 5:38 PM, 49 bytes, A Adds the file initOfferCEF.js"="8/30/2018 5:38 PM, 8802 bytes, A Adds the file logger.js"="8/30/2018 5:38 PM, 541 bytes, A Adds the file offerService.js"="8/30/2018 5:38 PM, 10337 bytes, A Adds the file pageUtils.js"="8/30/2018 5:38 PM, 2805 bytes, A Adds the file PartnerId.js"="8/30/2018 5:38 PM, 16402 bytes, A Adds the file product.js"="8/30/2018 5:38 PM, 8403 bytes, A Adds the file splashPageRedirectHandler.js"="8/30/2018 5:38 PM, 2868 bytes, A Adds the file storage.js"="8/30/2018 5:38 PM, 1640 bytes, A Adds the file TabManager.js"="8/30/2018 5:38 PM, 151 bytes, A Adds the file TemplateParser.js"="8/30/2018 5:38 PM, 3038 bytes, A Adds the file ul.js"="8/30/2018 5:38 PM, 3832 bytes, A Adds the file urlFragmentActions.js"="8/30/2018 5:38 PM, 1825 bytes, A Adds the file urlUtils.js"="8/30/2018 5:38 PM, 5349 bytes, A Adds the file util.js"="8/30/2018 5:38 PM, 2184 bytes, A Adds the file webtooltabAPI.js"="8/30/2018 5:38 PM, 8721 bytes, A Adds the file webTooltabAPIProxy.js"="8/30/2018 5:38 PM, 5445 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj Adds the file 000003.log"="11/26/2018 9:14 AM, 5810 bytes, A Adds the file CURRENT"="11/26/2018 9:10 AM, 16 bytes, A Adds the file LOCK"="11/26/2018 9:10 AM, 0 bytes, A Adds the file LOG"="11/26/2018 9:14 AM, 412 bytes, A Adds the file LOG.old"="11/26/2018 9:13 AM, 412 bytes, A Adds the file MANIFEST-000001"="11/26/2018 9:10 AM, 41 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_h2Members_@free.calendarspark.com Adds the file storage.js"="11/26/2018 9:13 AM, 2851 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\extensions Adds the file _h2Members_@free.calendarspark.com.xpi"="11/26/2018 9:08 AM, 58408 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_CURRENT_USER\Software\CalendarSpark] "Start Page"="REG_SZ", "http://hp.myway.com/calendarspark/ttab02/index.html?n={n}&p2=^CEQ^xdm675^TTAB02^us&ptb={ptb}&si={si}&coid={coid}" "UnInstallSurveyUrl"="REG_SZ", "http://@{downloadDomain}.dl.myway.com/uninstall.jhtml?surveyUrl=http%3A%2F%2Fwww.research.net%2Fr%2F%3Fc%3D{ptb}%26ptb%3D" [HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings] "jipigdjcibdknnacmomcjkdeildkdkaj"="REG_SZ", "C9427DA16D73DD37F350EB7FE1167EC8D522F1952B6570E04AD2C3B6C85247D7" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page" = REG_SZ, "http://hp.myway.com/calendarspark/ttab02/index.html?n={n}&p2={p2}&ptb={ptb}&si={si}&coid={coid}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CalendarSparkTooltab Uninstall Internet Explorer] "DisplayName"="REG_SZ", "CalendarSpark Internet Explorer Homepage and New Tab" "HelpLink"="REG_SZ", "http://support.mindspark.com/" "Publisher"="REG_SZ", "Mindspark Interactive Network, Inc." "UninstallString"="REG_SZ", "Rundll32.exe "C:\Users\{username}\AppData\Local\CalendarSparkTooltab\TooltabExtension.dll" U uninstall:CalendarSpark" "URLInfoAbout"="REG_SZ", "http://support.mindspark.com/" The Malwarebytes scan log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/26/18 Scan Time: 9:18 AM Log File: eb8ba77a-f153-11e8-aa59-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.8021 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 237781 Threats Detected: 83 Threats Quarantined: 83 Time Elapsed: 3 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 1 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\CalendarSparkTooltab\TooltabExtension.dll, Quarantined, [576], [182279],1.0.8021 Registry Key: 2 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CalendarSparkTooltab Uninstall Internet Explorer, Quarantined, [576], [182279],1.0.8021 PUP.Optional.MindSpark, HKCU\SOFTWARE\CalendarSpark, Quarantined, [576], [260158],1.0.8021 Registry Value: 3 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\CalendarSpark|START PAGE, Quarantined, [1714], [444113],1.0.8021 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CalendarSparkTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [576], [352442],1.0.8021 PUP.Optional.MindSpark.Generic, HKCU\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jipigdjcibdknnacmomcjkdeildkdkaj, Quarantined, [1714], [456843],1.0.8021 Registry Data: 1 PUP.Optional.MindSpark, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [576], [293497],1.0.8021 Data Stream: 0 (No malicious items detected) Folder: 19 PUP.Optional.MindSpark, C:\USERS\{username}\APPDATA\LOCAL\CALENDARSPARKTOOLTAB, Quarantined, [576], [182279],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\BROWSER-EXTENSION-DATA\_h2Members_@free.calendarspark.com, Quarantined, [1714], [468075],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es_419, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_BR, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_PT, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\de, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\en, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\fr, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\it, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\ja, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\config, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIPIGDJCIBDKNNACMOMCJKDEILDKDKAJ, Quarantined, [1714], [456843],1.0.8021 File: 57 PUP.Optional.MindSpark, C:\Users\{username}\AppData\Local\CalendarSparkTooltab\TooltabExtension.dll, Quarantined, [576], [182279],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\{profile}.default\browser-extension-data\_h2Members_@free.calendarspark.com\storage.js, Quarantined, [1714], [468075],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\{profile}.default\EXTENSIONS\_h2Members_@free.calendarspark.com.xpi, Quarantined, [1714], [457930],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\000003.log, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\CURRENT, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\LOCK, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\LOG, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\LOG.old, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jipigdjcibdknnacmomcjkdeildkdkaj\MANIFEST-000001, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\USERS\{username}\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIPIGDJCIBDKNNACMOMCJKDEILDKDKAJ\13.803.14.896_0\MANIFEST.JSON, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\config\config.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon128.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon16.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon19disabled.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon19on.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\icons\icon48.png, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\pageUtils.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\ajax.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\background.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\browserUtils.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\chrome.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\content_script.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\dlp.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\dlpHelper.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\extension_detect.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\genericLoadRemoteSettings.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\index.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\initOfferCEF.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\logger.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\offerService.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\PartnerId.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\product.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\splashPageRedirectHandler.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\storage.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\TabManager.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\TemplateParser.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\ul.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\urlFragmentActions.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\urlUtils.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\util.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\webtooltabAPI.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\js\webTooltabAPIProxy.js, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\de\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\en\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\es_419\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\fr\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\it\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\ja\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_BR\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_locales\pt_PT\messages.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata\computed_hashes.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\_metadata\verified_contents.json, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark.Generic, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipigdjcibdknnacmomcjkdeildkdkaj\13.803.14.896_0\newtabproduct.html, Quarantined, [1714], [456843],1.0.8021 PUP.Optional.MindSpark, C:\USERS\{username}\DESKTOP\CALENDARSPARK.{coid}.EXE, Quarantined, [576], [365288],1.0.8021 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
- November 26
- - pup.optional.mindspark
  - jipigdjcibdknnacmomcjkdeildkdkaj
  - (and 2 more)
    Tagged with:
    
    pup.optional.mindspark
    
    jipigdjcibdknnacmomcjkdeildkdkaj
    
    _h2members_@free.calendarspark.com
    
    myway

4 Followers

About Metallica

Profile Information

Recent Profile Visitors

Important Information